Home U.S. Coin Forum

I didn't go to Philly, but my CC has been hacked

I saw the thread about the fraudulent use of credit card numbers from people who attended the ANA show at philly but I didn't go to philly and I just got a call from my cc company saying my card was used today for fraudulent charges.

I didn't go to philly but I did use my cc for my ANA dues. Could the ANA data base been hacked into?
Collecting coins, medals and currency featuring "The Sower"
«1

Comments

  • RYKRYK Posts: 35,800 ✭✭✭✭✭
    Interesting. That would be (another) black eye for the ANA.
  • SmittysSmittys Posts: 9,876 ✭✭✭✭✭
    Used my card in Philly and it got compromised
    Someone bought a ticket to salt lake city Utah
  • mbogomanmbogoman Posts: 5,239 ✭✭✭✭✭
    I also didn't go to Philly and also used my CC a couple weeks ago to pay my ANA dues. I got the early warning fraud call on Wednesday and had to cancel the card.
  • CoinHuskerCoinHusker Posts: 5,033 ✭✭✭


    << <i>Did all the people that have credit card hackings perhaps also purchase things from the US mint?

    Because someone tried to use one of my cards, but BofA blocked them (I've since cancelled it).
    But I've NEVER done any ANA business, I have purchased from the US mint however, so there is
    a possible vector, if all others have done the same. >>




    I have past, but not in a couple of years.
    Collecting coins, medals and currency featuring "The Sower"
  • WTCGWTCG Posts: 8,940 ✭✭✭
    Is it getting established that every person here with a hacked account used a credit card with the ANA or perhaps the US Mint? I'm thinking those two are the most likely culprits.
    Follow me on Twitter @wtcgroup
    Authorized dealer for PCGS, PCGS Currency, NGC, NCS, PMG, CAC. Member of the PNG, ANA. Member dealer of CoinPlex and CCE/FACTS as "CH5"
  • LanLordLanLord Posts: 11,723 ✭✭✭✭✭
    Did all the people that have credit card hackings perhaps also purchase things from the US mint?

    Because someone tried to use one of my cards, but BofA blocked them (I've since cancelled it).
    But I've NEVER done any ANA business, I have purchased from the US mint however, so there is
    a possible vector, if all others have done the same.
  • LanceNewmanOCCLanceNewmanOCC Posts: 19,999 ✭✭✭✭✭
    .
    after reading several of these threads, i would estimate that someone is intercepting the wireless signals being sent

    it is easily the most unprotected way of sending data and probably not that hard to capture, granted i don't know how hard that would be, just from what i've heard and read
    .

    <--- look what's behind the mask! - cool link 1/NO ~ 2/NNP ~ 3/NNC ~ 4/CF ~ 5/PG ~ 6/Cert ~ 7/NGC 7a/NGC pop~ 8/NGCF ~ 9/HA archives ~ 10/PM ~ 11/NM ~ 12/ANACS cert ~ 13/ANACS pop - report fakes 1/ACEF ~ report fakes/thefts 1/NCIS - Numi-Classes SS ~ Bass ~ Transcribed Docs NNP - clashed coins - error training - V V mm styles -

  • MsMorrisineMsMorrisine Posts: 35,939 ✭✭✭✭✭
    we could name a lot of names and worry a lot of people about a lot of sites.

    Is there another way to do this without it being public?

    We could set up a Yahoo! Group, make it members only, and discuss it there?


    edit: A group has been made, if people want to get together to help narrow down where the leak or leaks came from.


    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • lkeigwinlkeigwin Posts: 16,893 ✭✭✭✭✭
    My card that was hacked was not used in Philly, or by the ANA, or the US Mint. I just use it for PCGS grading. image
    Lance.
  • LanLordLanLord Posts: 11,723 ✭✭✭✭✭


    << <i>.
    after reading several of these threads, i would estimate that someone is intercepting the wireless signals being sent

    it is easily the most unprotected way of sending data and probably not that hard to capture, granted i don't know how hard that would be, just from what i've heard and read
    . >>



    Anyone not using WPA-2 for their wireless security is asking for problems. WEP is highly insecure and can be cracked very quickly, and if you have no security enabled, you may as well just have a sign that reads "Rob Me" on your doorstep.
  • LakesammmanLakesammman Posts: 17,461 ✭✭✭✭✭
    Well, I was in Philly for the ANA, used my CC's for submissions to PCGS, NGC and ANACS and haven't had a problem - I'm feeling left out..... image
    "My friends who see my collection sometimes ask what something costs. I tell them and they are in awe at my stupidity." (Baccaruda, 12/03).I find it hard to believe that he (Trump) rushed to some hotel to meet girls of loose morals, although ours are undoubtedly the best in the world. (Putin 1/17) Gone but not forgotten. IGWT, Speedy, Bear, BigE, HokieFore, John Burns, Russ, TahoeDale, Dahlonega, Astrorat, Stewart Blay, Oldhoopster, Broadstruck, Ricko, Big Moose, Cardinal.
  • TwoSides2aCoinTwoSides2aCoin Posts: 44,619 ✭✭✭✭✭
    Credit card companies and banks just say "Okay, sorry... we won't charge you".... but they're still paying for the goods and services. ?????? Go figure.
  • MsMorrisineMsMorrisine Posts: 35,939 ✭✭✭✭✭
    |
    |
    |
    |
    |


    Ok, a non-public Yahoo! Group has been made to discuss this. The purpose of which is to narrow down where the leak came from. Those interested in narrowing in down can PM me for details.

    Yes, this will require joining Yahoo! but one can always use fake info for the join.

    also, one will have to post here or in the other CC / Philly thread to let me know you want to join before sending me the PM

    I won't be accepting new people into the group. I hope we have enough people on here with a history that it can be narrowed down using familiar names.


    |
    |
    |
    |
    |
    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • MsMorrisineMsMorrisine Posts: 35,939 ✭✭✭✭✭


    << <i>Credit card companies and banks just say "Okay, sorry... we won't charge you".... but they're still paying for the goods and services. ?????? Go figure. >>



    As more fraud occurs, their song will change. right now the business they make is a lot more than the loss to fraud.

    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • mbogomanmbogoman Posts: 5,239 ✭✭✭✭✭


    << <i>also, one will have to post here or in the other CC / Philly thread to let me know you want to join before sending me the PM >>



    I posted earlier, but if you want a new one, here it is. I am interested, but I'm skeptical that we'll be able to narrow it down (but I'm willing to contribute!)
  • MsMorrisineMsMorrisine Posts: 35,939 ✭✭✭✭✭


    << <i>

    << <i>also, one will have to post here or in the other CC / Philly thread to let me know you want to join before sending me the PM >>



    I posted earlier, but if you want a new one, here it is. I am interested, but I'm skeptical that we'll be able to narrow it down (but I'm willing to contribute!) >>



    we're in PM's now.

    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • pruebaspruebas Posts: 4,659 ✭✭✭✭✭


    << <i>

    << <i>.
    after reading several of these threads, i would estimate that someone is intercepting the wireless signals being sent

    it is easily the most unprotected way of sending data and probably not that hard to capture, granted i don't know how hard that would be, just from what i've heard and read
    . >>



    Anyone not using WPA-2 for their wireless security is asking for problems. WEP is highly insecure and can be cracked very quickly, and if you have no security enabled, you may as well just have a sign that reads "Rob Me" on your doorstep. >>

    This is nonsense.

    The security of the WiFi connection has nothing to do with the security of the transaction. If you use cable for your ISP, your neighbors and others on your link can snoop on your traffic.

    The security of your credit card transactions comes from using SSL (a https connection) in your browser which is encrypted end to end.
  • CoinHuskerCoinHusker Posts: 5,033 ✭✭✭
    I sent out an email to those I know who are ANA members or who may have ordered something from the Mint but didn't go to the ANA Show in Philly. I'll be interested to see if any of them were hacked or not?
    Collecting coins, medals and currency featuring "The Sower"
  • LogPotatoLogPotato Posts: 2,177 ✭✭✭✭
    Well, I'm up to two cards now being hacked. No link to any of the three organizations mentioned. However, they are both BOA cards.
  • pitbosspitboss Posts: 8,643 ✭✭✭
    I had one hacked last week but not BOA and not ANA or mint either.
  • TwoSides2aCoinTwoSides2aCoin Posts: 44,619 ✭✭✭✭✭


    << <i>I sent out an email to those I know who are ANA members or who may have ordered something from the Mint but didn't go to the ANA Show in Philly. I'll be interested to see if any of them were hacked or not? >>



    My card was compromised twice totalling about 2 grand. C'est la vie.
  • CoinHuskerCoinHusker Posts: 5,033 ✭✭✭


    << <i>

    << <i>I sent out an email to those I know who are ANA members or who may have ordered something from the Mint but didn't go to the ANA Show in Philly. I'll be interested to see if any of them were hacked or not? >>



    My card was compromised twice totalling about 2 grand. C'est la vie. >>




    Well, neither of us were in philly so our cards couldn't have been "scanned". There's something going on here.
    Collecting coins, medals and currency featuring "The Sower"
  • MsMorrisineMsMorrisine Posts: 35,939 ✭✭✭✭✭
    and no web site has come out and said they were compromised.


    this could continue as they cycle through the card list.




    this public forum is not the place to determine where cards were used in common since a lot of innocent sites will be named while trying to find the right one.

    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • EagleguyEagleguy Posts: 2,264 ✭✭✭✭✭


    << <i>this public forum is not the place to determine where cards were used in common since a lot of innocent sites will be named while trying to find the right one. >>



    PM sent

    JH
  • DCWDCW Posts: 7,626 ✭✭✭✭✭
    Damn, I'm hit too. Bank of America card for $500 in online purchases!

    Dead Cat Waltz Exonumia
    "Coin collecting for outcasts..."

  • CoinspongeCoinsponge Posts: 3,927 ✭✭✭


    << <i>and no web site has come out and said they were compromised.


    this could continue as they cycle through the card list.




    this public forum is not the place to determine where cards were used in common since a lot of innocent sites will be named while trying to find the right one. >>





    Understand but please report back if you find a common source.
    Gold and silver are valuable but wisdom is priceless.
  • VTCoinsVTCoins Posts: 1,361 ✭✭✭
    My card information was stolen too.

    Luckily my credit card company caught it.
    Tim Puro
    Puro's Coins and Jewelry
    Rutland, VT

    (802)773-3883

    Link to my website www.vtcoins.com

    Link to my eBay auctions

    Buy, sell and trade all coins, US paper money, jewelry, diamonds and anything made of gold, silver or platinum.
  • ElcontadorElcontador Posts: 7,689 ✭✭✭✭✭
    This could have nothing to do with Philly or ANA. Rather, it could be a B of A Security security breach. My Citibank card was one of something like 400,000 hacked last year. The card company goes public about this when it can't keep it quiet any longer.
    "Vou invadir o Nordeste,
    "Seu cabra da peste,
    "Sou Mangueira......."
  • BanemorthBanemorth Posts: 986 ✭✭✭


    << <i>This could have nothing to do with Philly or ANA. Rather, it could be a B of A Security security breach. My Citibank card was one of something like 400,000 hacked last year. The card company goes public about this when it can't keep it quiet any longer. >>



    My card was also hit and I hadn't gone to Philly or had any association with the ANA. Also Bank of America. This is the second time and I have up-to-date virus protection and don't use any shady websites to buy goods.
    Justin From Jersey

    Successful Transactions With: JoeLewis, Mkman123, Harry779, Grote15, gdavis70, Kryptonitecomics
  • mbogomanmbogoman Posts: 5,239 ✭✭✭✭✭
    It's not just B of A. My card is from Citi and I got the fraud warning last Wednesday. I'll give 10 to 1 that it was a merchant/business that we all use whose database was hacked...
  • MsMorrisineMsMorrisine Posts: 35,939 ✭✭✭✭✭


    << <i>It's not just B of A. My card is from Citi and I got the fraud warning last Wednesday. I'll give 10 to 1 that it was a merchant/business that we all use whose database was hacked... >>




    exactly.

    it could be a coincidence that the timing was with the ANA.


    if we want to figure out who got hacked, we're going to have to start sharing info.


    I have the Yahoo! Group set up and ready to go....


    all we need are more than the 2 people who have already joined to take part and start comparing notes.
    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • hammer1hammer1 Posts: 3,874 ✭✭✭✭✭
    Last time I got hacked was over 20 years ago. Amex just phoned this AM with 4 fraudulent charges. Could it be Paypal?
  • BanemorthBanemorth Posts: 986 ✭✭✭
    Unfortunately I use my credit card for everything. Major ones that I use online (use it in person everywhere too)

    Verizon Wireless
    Paypal
    Amazon



    I'll add more if I think of them.
    Justin From Jersey

    Successful Transactions With: JoeLewis, Mkman123, Harry779, Grote15, gdavis70, Kryptonitecomics
  • illini420illini420 Posts: 11,467 ✭✭✭✭✭
    Just got a call this afternoon that I need to get a new credit card now too... somehow all of the cashback rewards that I had accumulated on my card were transferred into some bank account that isn't mine!!!

    Not even sure how that's possible, but I now need to go through my bill to make sure there are no questionable charges either.

    I didn't go to the ANA show either, but there's definitely something fishy going on!!!!!!!!!!!!!!!!!!

    Edited to add this was not a BofA card...

  • ThePennyLadyThePennyLady Posts: 4,495 ✭✭✭✭✭
    FYI, I posted on the Philly credit card thread that Coin World just contacted me, it seems they are doing a story on all the compromised credit cards.
    Charmy Harker
    The Penny Lady®
  • MsMorrisineMsMorrisine Posts: 35,939 ✭✭✭✭✭


    << <i>FYI, I posted on the Philly credit card thread that Coin World just contacted me, it seems they are doing a story on all the compromised credit cards. >>




    Great! Not!

    last thing we need is for people to know a bunch of coin collector's credit cards are floating out there. (or confirm it for them if they haven't figured it out.)



    I'd rather have them do the story after the source of the leak has been identified.


    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • TassaTassa Posts: 2,373 ✭✭
    This kind of crime is definitely on the rise. I've had two different debit cards linked to two different accounts compromised within a year. Last week I noticed suspicious activity. Apparently someone purchased a rail ticket in Europe with my card.
  • RichRRichR Posts: 3,930 ✭✭✭✭✭
    Could it possibly have been the Mint's system...or system processor?
  • WDHWDH Posts: 165 ✭✭✭
    The local news reported some Redbox machines have been hacked. How many with hacked CC have used redbox lately?
  • BanemorthBanemorth Posts: 986 ✭✭✭


    << <i>The local news reported some Redbox machines have been hacked. How many with hacked CC have used redbox lately? >>



    Not I although I do also use it for Netflix. I also haven't purchased anything from the Mint since I got my new card so I don't think that's it either.

    Paypal seems like a likely source.
    Justin From Jersey

    Successful Transactions With: JoeLewis, Mkman123, Harry779, Grote15, gdavis70, Kryptonitecomics
  • EagleEyeEagleEye Posts: 7,677 ✭✭✭✭✭
    I think it is very important for merchants to take great care with their databases, especially with credit card information. Although it is a a pain, we don't put automatic credit card entry on the on-line shopping cart on our web site. We ask the purchaser to call with the information. On subsequent orders they can request that the credit card on file be used. We like to talk to our customers anyway. We store out credit card information on an computer that is not linked to the internet. As there is more of a push towards automation, you have to be careful that you don't trade security for convenience.
    Rick Snow, Eagle Eye Rare Coins, Inc.Check out my new web site:
  • phnataccphnatacc Posts: 367 ✭✭
    I'm going to throw a little information into this thread to try to curb some speculation...

    Proposed methods of attack:

    Wireless Attack
    Virtually impossible. As has been pointed out, it is SSL (Secure Socket Layer) that virtually always secures your credit card transactions. That protocol rides inside any connection you use to connect to a network (wifi, ethernet, dsl, cable, whatever). While SSL isn't impregnable, successful attacks are few and far between. Additionally, as cards have been reported as breached outside the Philly show area, the proposed vector of attack is rendered impossible.

    RFID or Stealth Mag Stripe Attack
    Virtually impossible. With the number of reports of cards being hacked outside of the Philly show it seems highly unlikely this method was used. Additionally it has been confirmed that not all hacked cards contain an RFID chip.

    Compromised website
    Highly possible. In a community forum like this one, where everyone shares a common interest, many online transactions are made by the community at the same sites. Logically, if I were a competent attacker intent on getting the most bang for my buck, I would target low transaction cost website which cater to high-net-worth individuals. Sites which don't do massive amounts of revenue tend to have less stringent security practices. That said, all attackers are opportunists, so if a high transaction cost website was determined to be vulnerable... great!

    Malicious code
    Possible. This one hasn't been mentioned as far as I have read. Again, with communities such as this, users tend to visit similar sites over time. A website which doesn't participate in any form of e-commerce, but is regularly frequented by high-net-worth individuals makes for an appealing target to drop malicious code. This code then exploits the visitors browser/operating system in order to drop more malicious code onto the visitors machine. Over time, as the compromised visitor continues to use their PC the malicious code will transmit the desirable information (credit card form information, bank account numbers, etc...) back to the attacker.

    Considerations:

    False positives
    Any analysis of these types of situations will reveal that form of mass hysteria can arise inside the effected community. People who have been victimized in the past, mentally imbalanced people, and people unintentionally spreading misinformation will all contribute to this hysteria. This will muddy the water and make it more difficult to accurately determine the scope and nature of the incident.

    Participation & Honesty
    It is common for effected parties to conceal or obfuscate their involvement. This is usually due to concerns regarding privacy and security and no one should feel compelled to participate in any sort of public investigation. It does however make community driven incident investigations all the more difficult.

    Wild supposition and finger pointing are going to happen when people are violated. Moreover, those reactions will scale in direct relation to the size of the group which has been violated. But, I encourage everyone involved to attempt to refrain from pointing fingers anywhere until some hard evidence has been revealed. Should it eventually be determined that an organization knowingly withheld knowledge of a security breach then, sure, let your rage flow.
  • HalfStrikeHalfStrike Posts: 2,202 ✭✭✭
    I was hit about 5 years ago after buying from some small coin website that was compromised and after that I started using virtual credit card numbers to make online purchases through websites to avoid this. Virtual credit card numbers are a set of different numbers from your regular card and are only good for two months with my account so once they expire they cannot be charged again.

    I think BofA calls their system ShopSafe. You have to log in to your bank account or credit card account to generate the new numbers and then put that in the online shopping payment, and it is a pain but it avoids being hacked later on. All they will get are some dead numbers that won't work anymore.

    I also have my credit card account set up to send me daily emails on the credit card balance so I can see if anything large hits.

  • MsMorrisineMsMorrisine Posts: 35,939 ✭✭✭✭✭


    << <i>I'm going to throw a little information into this thread to try to curb some speculation...

    Proposed methods of attack:

    Wireless Attack
    Virtually impossible. As has been pointed out, it is SSL (Secure Socket Layer) that virtually always secures your credit card transactions. That protocol rides inside any connection you use to connect to a network (wifi, ethernet, dsl, cable, whatever). While SSL isn't impregnable, successful attacks are few and far between. Additionally, as cards have been reported as breached outside the Philly show area, the proposed vector of attack is rendered impossible.

    RFID or Stealth Mag Stripe Attack
    Virtually impossible. With the number of reports of cards being hacked outside of the Philly show it seems highly unlikely this method was used. Additionally it has been confirmed that not all hacked cards contain an RFID chip.

    Compromised website
    Highly possible. In a community forum like this one, where everyone shares a common interest, many online transactions are made by the community at the same sites. Logically, if I were a competent attacker intent on getting the most bang for my buck, I would target low transaction cost website which cater to high-net-worth individuals. Sites which don't do massive amounts of revenue tend to have less stringent security practices. That said, all attackers are opportunists, so if a high transaction cost website was determined to be vulnerable... great!

    Malicious code
    Possible. This one hasn't been mentioned as far as I have read. Again, with communities such as this, users tend to visit similar sites over time. A website which doesn't participate in any form of e-commerce, but is regularly frequented by high-net-worth individuals makes for an appealing target to drop malicious code. This code then exploits the visitors browser/operating system in order to drop more malicious code onto the visitors machine. Over time, as the compromised visitor continues to use their PC the malicious code will transmit the desirable information (credit card form information, bank account numbers, etc...) back to the attacker.

    Considerations:

    False positives
    Any analysis of these types of situations will reveal that form of mass hysteria can arise inside the effected community. People who have been victimized in the past, mentally imbalanced people, and people unintentionally spreading misinformation will all contribute to this hysteria. This will muddy the water and make it more difficult to accurately determine the scope and nature of the incident.

    Participation & Honesty
    It is common for effected parties to conceal or obfuscate their involvement. This is usually due to concerns regarding privacy and security and no one should feel compelled to participate in any sort of public investigation. It does however make community driven incident investigations all the more difficult.

    Wild supposition and finger pointing are going to happen when people are violated. Moreover, those reactions will scale in direct relation to the size of the group which has been violated. But, I encourage everyone involved to attempt to refrain from pointing fingers anywhere until some hard evidence has been revealed. Should it eventually be determined that an organization knowingly withheld knowledge of a security breach then, sure, let your rage flow. >>






    this is why I set up the Yahoo! Group.

    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • ModCrewmanModCrewman Posts: 4,041 ✭✭✭✭✭
    Count me in...received a call from Wells Fargo today that my Debit card has been hacked. Charges were attempted to two companies: Bueling Airlines and McQueen Cen.

    Fortunately, they declined the Airline charge, but the McQueen hit was just a verification with no amount which was approved, but no amounts have yet been charged. Guess I live without a debit card for the next week or so until I get a new card.

    MsMorrisine PM sent.
  • MsMorrisineMsMorrisine Posts: 35,939 ✭✭✭✭✭
    PM sent, modcrewman
    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • LindeDadLindeDad Posts: 18,766 ✭✭✭✭✭
    For those that want to see how the RFiD is compromised here is a Youtube video showing how easy it can be done.
    Text

    Disclosure it was done by the company Stronghold and I am not affiliated with them other than I did find them and ordered one of their wallets when this tread started.
    I received the link in a email from a friend.
    image
  • Woke up today and realized my debit had been compromised
    About 16.5k in charges nationwide+international
    Not only has my card been frozen, my account has also. It may take up 2 weeks to unfreeze my acct.
    Btw with only 1 acct I hahe to live on my pocket change for the next two weeks.
  • OPAOPA Posts: 17,142 ✭✭✭✭✭


    << <i>For those that want to see how the RFiD is compromised here is a Youtube video showing how easy it can be done.
    Text

    Disclosure it was done by the company Stronghold and I am not affiliated with them other than I did find them and ordered one of their wallets when this tread started.
    I received the link in a email from a friend.
    image >>



    I did the same and should have my wallet on Wednesday.
    Interesting video...I had no idea how easy it is to get your cc info of some cards.
    "Bongo drive 1984 Lincoln that looks like old coin dug from ground."
  • Dollar2007Dollar2007 Posts: 774 ✭✭✭
    This thread is a very good example of why you should only use a credit card for purchases. Use your ATM/debit card to get cash from an ATM or if needed as cash back. If your debit card is compromised you are out real cash until its fixed, if your credit card is stolen it's just the inconvenience of changing card numbers.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file