NOT HOT: Thousands of Popular internet merchants giving out your credit card # for clicking a link after purchase

[Lurker1]

umm - here's an idea. Use Mozilla. Set block unrequested popups. Never even see these popups. Problem solved.

Not to mention that you also automatically are protected from Active X type viruses, and all IE security holes. (I'm sure Mozilla has a couple, but apparently they're not a major issue at this time)

 

[wallsfd949]

Originally posted by: Krutoy
Actually a useful warning, first in a while. Unlike the stupid paypal scams that get posted 5 times a week.

Agreed, still not hot, but it's actually a useful post.

Originally posted by: Lurker1
Use Mozilla. Set block unrequested popups. Never even see these popups. Problem solved.

Not to mention that you also automatically are protected from Active X type viruses, and all IE security holes. (I'm sure Mozilla has a couple, but apparently they're not a major issue at this time)

That would solve 95% of the spyware, browser hi-jacks, BHO's and other crap, but you can't convince everyone.. they just love M$'s garbage. (before I get flamed - not all M$'s products are trash but IE most certainly belongs in the crapper).

 

[GPz1100]

Originally posted by: brucekatz

AmericanExpress's PrivatePayments is supposed to do the same, but it did not. According to the CSR I talked to (1-800-297-1234 direct line to PrivatePayments), when the credit card authorizing cetener has your original card number, the charge will go through, no matter temporary card number, expire date. AmericanExpress is good at dispute, but it should not happen.

Are you saying that amex will still let a charge go thru even after that virtual number has already been used by a different merchant?

The credit card authorizing center should never have your original card number.. Only your virtual account number, which is linked at your bank to your actual card #.

With citibank, I've had authorizations declined because the merchant name didn't match the name previously used with that virtual #. Which is how it should be. Also, what I have found out is say you create a card # good for $100. Citibank will still approve a charge up to $110 (10% over). I have a problem with this, and keep this in mind when generating numbers now.

From what I recall when I had amex, with their temp numbers, you can't set a fixed dollar amount, or an expiration date.. Has this changed since a year ago?

 

[BG4533]

I have never used virtual numbers, I guess I am going to start now with my Citibank card. Do all CCs offer this now?

ok...I just generated a number, how do I set a limit on it? All it gave me the option to do was generate it. I got a number and expiration data.

 

[Growltiger]

Originally posted by: BG4533
I have never used virtual numbers, I guess I am going to start now with my Citibank card. Do all CCs offer this now?

No, not all. You should really use the feature if you can. You can generate VAN by logging into your online account or downloading their software. The software allows you to set a limit, which I think is an even better feature than the # itself.

EDIT: Just don't use VAN for online purchases that you have the opportunity to return in store (e.g. Best Buy) and don't use them for airline tickets.

 

[Neyd3400]

I got that reservation company last year on one my cards. I had do dispute and then I choose to cancel that card. I never quite new how they got my number. I bet this was how.

Worlds full of people unwilling to get off thier @sses and get real jobs.

 

[GPz1100]

Just a small update.

I just called citibank to inquire about the merchant name matching. I was incorrect in that statement.

What they said was that if you have a VAN generatef for say $100, and merchant A charges $50 to that #. You can give (though not recommended) that same # to merchant B, who can then charge another $50 to that VAN #.

So the protection (at least with citibank) lies in the the maximum dollar amount specification. If you order from merchant joeblow.com, and they say your total is for $50, generate a # thats good for only $50, not $100.

Another stipulation (that I stated above) is that if a charge comes thru thats within 10% of the authorized number value, they will still approve this (10-11% is what they told me).

So I guess the bottom line, if your total on a purchase is $50, generate a # for $45 (90% of $50) to be completely safe.

 

[Fingolfin269]

Originally posted by: LuNoTiCK
Wow, how can this be legal.

It's probably not. However, like most things in the world, the legality is not really taken into account until someone 'complains'. I have some connections to the Senate, so if any of you want to PM me as much REAL information as you can maybe I can do something with it. No promises though as the internet in general is kind of a weird entity to those guys.

Personally, I find this no different than the ink scam where someone might call you up at work, say they're your repair person or ink supplier, ask for the model # of the printer, then send and bill you for ink cartridges.

 

[brucekatz]

Originally posted by: GPz1100
Originally posted by: brucekatz

AmericanExpress's PrivatePayments is supposed to do the same, but it did not. According to the CSR I talked to (1-800-297-1234 direct line to PrivatePayments), when the credit card authorizing cetener has your original card number, the charge will go through, no matter temporary card number, expire date. AmericanExpress is good at dispute, but it should not happen.

Are you saying that amex will still let a charge go thru even after that virtual number has already been used by a different merchant?

The credit card authorizing center should never have your original card number.. Only your virtual account number, which is linked at your bank to your actual card #.

I was surprised, too.

Let's say, I paid A merchant with my real Amex number; I paid B merchant with PrivatePaymetns number. A and B merchant both use same authorizing center. When B merchant requests a new charge, the new charge will go through, even with expried PrivatePayments number. Because authorizing center will use the real Amex number and date to make new charge.

Amex explains to me, they will definitely charge back, but I need to notify them. Amex did not explain how authorizing center links two numbers together. Once I gave out real number, PrivatePayments seems pointless.

You are right, Amex PrivatePayments only have expire date, no amount. I'll use citi card from now on.

 

[Lurker1]

Originally posted by: wallsfd949

Originally posted by: Lurker1
Use Mozilla. Set block unrequested popups. Never even see these popups. Problem solved.

That would solve 95% of the spyware, browser hi-jacks, BHO's and other crap, but you can't convince everyone.. they just love M$'s garbage. (before I get flamed - not all M$'s products are trash but IE most certainly belongs in the crapper).

I'd have to disagree. MS's products are pretty much crap. Try using the latest versions of Outlook. Virtually unusable with the new "security" options. Excel, well, I'd prefer it without VB. Word - ditto, not to mention stop already with all the auto-correcting features that require a PHD to disable. Powerpoint, I'd point you to the story that makes the claim that powerpoint actually makes people dumber, but I lost it.... and so on and so forth.

It's gotten so bad, I'm looking at converting completely to a Linux system, and possibly a Powerbook for a notebook.

 

[BG4533]

Originally posted by: GPz1100

Another stipulation (that I stated above) is that if a charge comes thru thats within 10% of the authorized number value, they will still approve this (10-11% is what they told me).

So I guess the bottom line, if your total on a purchase is $50, generate a # for $45 (90% of $50) to be completely safe.

Math is a bit off there. If you have a $45 limit, 11% over would be $4.95 for a total of $49.95. The idea is good still though. Thanks.

 

[GPz1100]

Originally posted by: BG4533<br

Math is a bit off there. If you have a $45 limit, 11% over would be $4.95 for a total of $49.95. The idea is good still though. Thanks.

BG...


Sorry, you are correct, but you get the idea.

If you use the advanced option in citibank's VAN generator, you'll have the option to enter the duration you want the # valid for as well as the amount. Otherwise as you have discovered, its good for a month, with a limit up to your available credit line.

 

[Jmman]

Maybe this thread title should be changed to NOT HOT: Thousands of oblivious shoppers clicking on offers before they read the fine print. If you actually pay attention it is easy to see that these offers clearly state you will pay a monthly fee etc......

 

[dotcommie]

What about accupc.com or bizrate? I ordered a m-itx board from them last night and filled out the bizrate survey. It mentioned something about $25 drawing. Should i be worried.

 

[rbV5]

Man, if you need a pop up blocker to keep you from clicking on these obvious "deals", you need to use your head more. This is the internet folks.

 

[Marm]

This is still pretty sad that you get a pop up and if you click on it you are charged some amount. If this ever happens to me I will dispute the charge and then write a note to whomever I got the pop up from and explain how dissapointed I am with them and tell them I will no longer do buisness with them again. I think that this is one of the best ways to stop the pratice.

 

[MrCodeDude]

Linkified

 

[jmgonzalez]

Originally posted by: Jmman
Maybe this thread title should be changed to NOT HOT: Thousands of oblivious shoppers clicking on offers before they read the fine print. If you actually pay attention it is easy to see that these offers clearly state you will pay a monthly fee etc......

I totally agree with this comment.

I work for an online ecommerce site that uses Web Loyalty as an option during the "Thank you for ordering" page.

There is fine print all over stating that you will be charged a fee if you decide to stay with the program. If not, there clearly is a phone number to call to cancel.

I've looked at the numbers of clicks to the link, plus the number of folks who stay with the program, and these people are not calling in saying that we're scamming them.

This is nothing different from Toys R Us asking for a phone number, or Best Buy telling you that you won an 8 week subscription to SI or Entertainment Weekly.

If all folks who easily complained about stuff like this knew what it's like to run an ecommerce site, you would then have a different appreciation for having to find ways to make money. Plain and simple, companies use this type of program to make additional money for overhead costs.

 

[PLaYaHaTeD]

M$ products arent crap. They are far from perfect, but not crap. SP2 this summer will integrate a popup blocker into explorer.

And I just purchased something off of best buy, and there was a link to $5 coupon. Baaastards.

 

[TrentSteel]

I just signed up with Reservation Rewards to get a $10 gift voucher at EBGames. The fine print was very clear, and a telephone number and URL were given to facilitate the cancellation process. They mention several times that if you don't cancel, you will be billed monthly. Also, for me at least, it did not appear as a pop-up and had a disclaimer near the link saying you authorize the transfer of sensitive personal information, etc., by clicking here.

For $10 (in the form of a gift certificate) I figured it was worth it. Cancelling is very easy and I'm not too concerned.

However, it sounds as though it is different elsewhere. As I said, at EBGames it seems less suspicious, mostly because the terms are spelled out very clearly before you click anything. But what others are describing here is definitely underhanded.

 

[bman46]

If this happens to you, charge it back. End of story.

 

[Viper0329]

Whew, thanks guys! I was unknowingly signed up also, but I just cancelled before they charged me.

 

[wallsfd949]

Originally posted by: jmgonzalez
...There is fine print all over stating that you will be charged a fee if you decide to stay with the program. If not, there clearly is a phone number to call to cancel.

If all folks who easily complained about stuff like this knew what it's like to run an ecommerce site, you would then have a different appreciation for having to find ways to make money. Plain and simple, companies use this type of program to make additional money for overhead costs.

Sounds good, screw the customer for the almighty dollar.

I got an idea... treat them right, nicely, with respect, and don't use what some would call 'trickery' to get their $$ and they just might come back.

There is something called 'word of mouth' and 'repeat customers'. Most legitimate money making businesses know that is where you make a profit. Repeat customers.
You can only screw a customer and piss them off 1 time, then they will never come back. If you treat them right, they will come back time and time again.

How often do you see a Hot Deal for Tiger Direct posted and the flames that follow. I don't know much about these companies listed but hearing this, I would never buy from them.

$5 for screwing them or their repeat purchases from your site for who knows how long.. you do the math.

 

[KyFan]

Originally posted by: Lurker1
umm - here's an idea. Use Mozilla. Set block unrequested popups. Never even see these popups. Problem solved.

Not to mention that you also automatically are protected from Active X type viruses, and all IE security holes. (I'm sure Mozilla has a couple, but apparently they're not a major issue at this time)

I second that, MOZILLA 1.7a has taken stress out of my life .....no hi-jacking hacking yet. Also check out Firefox as another Browser for blocking pop-ups and no Hi-jacking..

 

[GroundedSailor]

Originally posted by: brucekatz

Originally posted by: GPz1100
Originally posted by: brucekatz

AmericanExpress's PrivatePayments is supposed to do the same, but it did not. According to the CSR I talked to (1-800-297-1234 direct line to PrivatePayments), when the credit card authorizing cetener has your original card number, the charge will go through, no matter temporary card number, expire date. AmericanExpress is good at dispute, but it should not happen.

Are you saying that amex will still let a charge go thru even after that virtual number has already been used by a different merchant?

The credit card authorizing center should never have your original card number.. Only your virtual account number, which is linked at your bank to your actual card #.

I was surprised, too.

Let's say, I paid A merchant with my real Amex number; I paid B merchant with PrivatePaymetns number. A and B merchant both use same authorizing center. When B merchant requests a new charge, the new charge will go through, even with expried PrivatePayments number. Because authorizing center will use the real Amex number and date to make new charge.

Amex explains to me, they will definitely charge back, but I need to notify them. Amex did not explain how authorizing center links two numbers together. Once I gave out real number, PrivatePayments seems pointless.

You are right, Amex PrivatePayments only have expire date, no amount. I'll use citi card from now on.

Yes Amex does not set an amount but if you only use the Private Payments number (and never use the real number online) then they temp # can only be charged once. I've had a merchant call me because he could not charge some additional charges which I had agreed to - don't remember the details now it was a while ago.

But sadly as of April 15, 2004, Amex will no longer be offering Private Payments so you will have to use the real number, but will not be liable for anything in case of fraud - not even the first $50.