Identity Theft


PDA






spec26
November 10, 2008, 03:01 PM
Just wanted to give everyone here a heads up on what happened to me ordering from powder valley last week. I used my standard CC that I had not used since middle of September. Ordered up some powder and primers to a total of about $170 bucks...Order was placed online at work (I work for Nasa out at KSC, very very secure).

Today I was checking my bank statement online and noticed the powder valley charge and three other charges I did not make. Two were to nordstroms and one to a magazine company. I immediately phoned Wachovia and handled it with them.
I then proceeded to call nordstroms and get the order information. One order was for some ecco golf shoes. The second was for some timberlands and winter gloves. Nordstroms would not give me the shipping addresses but the orders were billed to me at my home address..They did however give me the order numbers and after using the order numbers and billing info I was able to pull up the orders online and get the tracking numbers...Called UPS and splained the situation to them and they told me the address and of course they shipped them to my name.

Now I live in Cocoa, Fl and the items were shipped to tallahasse florida. So I called Tally PD who told me to call Cocoa PD first....Cops just left about 5 mins ago after filing the police report.

I can't believe someone would be stupid enough to place an order with enough information that if I was inclined....seriously considering it....I could get in the car drive across the state and bring the pain...But regardless I am not liable for the charges and my card is now inactive...But still the gall of someone to steal from me is hard to take...If they catch these *******s I fully intend to press charges and they will be doing some jail time. I should give them a 1 hour beat down for every minute I spent having to work this out. Its obivous the first order was to test it out as the second one was 24hrs later followed by the third.

Just wanted to give everyone a heads up that PV.com may not be too secure. This was the first time I used my card in two months and the last time I used it was in store. Now before anyone says I could have happened another way...My wife and I keep all bank statements and FINE shred everything else. We have never ever visited tallahasse and this address is about 3 miles from FSU. Now I can't order anyting AR related until I get my new card and even then ima start being skeptical about ordering online for a little while....

Be careful with PV.com they will be getting an email too...

If you enjoyed reading about "Identity Theft" here in TheHighRoad.org archive, you'll LOVE our community. Come join TheHighRoad.org today for the full version!
Remo-99
November 10, 2008, 04:01 PM
Electronic fraud is too easy these days with all the online options (it's the downside to having the convience).
There are some small precautions that can be to taken to minimize risks.
Like;

Being mindful of spyware, datatrackers etc with keystroke loggers. Daily scanning of PC's helps to keep some of this unwanted software away.

When ordering online, check that the site is 'secure' when entering payment info. ie the web address starts with https: rather than just http:

Check CC statements, when they come, for 'suspect' transactions and inform the company ASAP, of any.

Destroy (not just throw away in the trash) unwanted documents with account/card numbers etc. Like receipts, statements and such.

They're just some of the basics, if followed, can give a little peace of mind. Others will have more to add, as well.

I also have a dedicated CC for online use, which I setup with a low credit limit.

cobra2411
November 10, 2008, 04:08 PM
It could be a virus or spyware on your computer too. These programs are insidious and some are now showing up as Anti-virus programs or even official looking Microsoft pop ups telling you your computer is at risk.

Run a good anti-virus / anti-spyware program and keep your program up to date either by using the auto-updater or by going to Microsoft's update page directly.

When making secure orders online make sure your browser is in secure mode, most times indicated by the little "lock" icon. You can also check the web page and security certificate properties to make sure it matches.

Also, PV's website server could have been infected with a virus / spyware program that allows the CC info to be stolen.

Good luck and keep an eye out for scams and theft. It's been ramping up a lot. My friends boss got hit for $7500 in a bank loan app scam...

dwhite
November 10, 2008, 06:28 PM
A local woman found a charge on her credit card statement to a local tire shop. She contacted the store manager who showed her the order for 4 custom rims which had to be ordered by him from the manufacturer and delivered to the tire dealer. Anyway, she contacted the local police department and, with the managers consent, had two LEO awaiting the thieves when they came to pick-up their rims. SWEET I thought.

Last I heard they were doing time.

You just can't be too careful about these things.

All the Best,
D. White

Steve C
November 10, 2008, 06:45 PM
I've been using the one time use numbers generated for one internet purchases by Discover card on their site. It stops theft at the vendor end of the transaction as the number is different than your account number and works for one purchase only. You can generate all these individual numbers you need using the software supplied by Discover.

Seems much safer to me than using the card number.

Shoney
November 10, 2008, 07:00 PM
There is also the situation where someone steals an ID, and orders items with an easily traceable paper trail and obvious address, but sends the stuff to their "ememy".

The case I know of, the X-wife (aledgedly) stole the ID, and ordered a ton of stuff over the phone and the internet for her X-hubby. He was arrested. Took him over a year and several thousand in atty and legal fees to prove he didn't do it.

ArchAngelCD
November 11, 2008, 03:28 AM
Like "Steve C" I also use the safe numbers generator provided by Discover Card. Unfortunately it was after someone used my account and email address to charge on a Porn site. I only found out because the Porn site realized it was a bad charge and emailed me telling me they credited my account. The card number was stolen by someone at one of the online companies I deal with because the email address used in the theft is the email address I use only for online transactions.

I do business with Powder Valley so I'm wondering if someone there is stealing numbers? Discover won't go after whoever did it because my account was credited. That's too bad because I want they SOB to go to jail.

jmorris
November 11, 2008, 10:09 AM
It might be a little inconvenient, at least until you have to go through what the op has been dealing with, but how about getting a “gift” prepaid credit card for your online purchases. If I can’t call in my order that’s what I do.

krs
November 11, 2008, 08:59 PM
My wife's card account was depleted of over $7500.00 within a span of less than three hours. (She was given the entire amount back).

Whoever did it was organized enough to have purchased a plane ticket from Portland, OR to Amsterdam for some $1400. in order to return it for refund, presumably in cash.

We still have no idea how the card was accessed other than the fact that she'd been to the local Sprint outlet to pick a new phone and the clerk there had taken the card into a back room for whatever routine reason they use there. We went back and watched the clerks always taking people's cards inside a door behind the customer counter, and it looks like it's innocent enough.

I don't remember the details of what the card was used for but it was pretty large amounts after one small purchase in Portland. We guess they tried it out, or somehow got the balance with the first usage and then went to town.

Luckily my wife had gone into her online banking to look at something and found that there was no money in her account on the day after the Sprint visit.

It's plumb amazing.

PVI
November 12, 2008, 11:41 AM
Typically I don’t respond to threads. However it is difficult to sit by when someone is committing slander against our company.
Powder Valley’s website is secure. We have had over 20,000 orders processed through our website and have never had a problem. As many of you already know we are one of the largest sellers of reloading components in the US. Our reputation has grown as being one of the most reliable and best priced supplier to the sports shooter. We have always treated any and every customer with the highest regards. I am baffled as to why one customer would go on a personal crusade to commit libel against our company.
Our website host is web.com. Web.com is the largest host of websites in the US. Our security certificate is maintained through Thawte. Again, we chose Thawte because they are one of the largest and most respected secure socket layers available. At any point in time anyone can go to our site and check the security. You can do this in several ways:
1) Pull up our home page. http://www.powdervalleyinc.com Once you have our website pulled up change the http to https. The added “s” allows you to check if a site is secure. If the site comes up then it is secure. You can do this on any website.
2) When you are placing an order and click “Place Order” the website will automatically revert from the http to https. Again, this is another check you can do on any website.
3) On the page you type in your information there is a security seal for Thawte. The website is checked daily. You can click on the seal to verify the status if you would like.
4) Based on the posters false accusations we also approached web.com and our web designer to make sure no security breaches have occurred. They both have concurred that security is intact on our site and has never been compromised. Unfortunately the damage to our reputation has already been done due to these slanderous remarks.

As you already know identity theft is a huge problem. Every day millions of people have their identity stolen. Most never know how their information was stolen. For someone to start internet threads on several forums stating that any company is responsible for the theft of their information is irresponsible and slanderous, especially when the facts are contrary to statements being made.
Should anyone have additional concerns please feel free to contact me at 620-229-8685 or bryanr@powdervalleyinc.com.
Sincerely,

Bryan Richardson
President

NVMM
November 12, 2008, 12:16 PM
I've supported Powder Valley for years. Never hear of any problems.
Its to bad the moderators shut down dumb meaningless threads but let the Slanderous Rants continue. These should be deleted.
If spec26 has no basis for his loss... Sue Him.
Send him a ceice and desist order. Then bill him for attorney fees.

raz-0
November 12, 2008, 01:10 PM
Our website host is web.com. Web.com is the largest host of websites in the US. Our security certificate is maintained through Thawte. Again, we chose Thawte because they are one of the largest and most respected secure socket layers available. At any point in time anyone can go to our site and check the security. You can do this in several ways:

PVI. I've bought from powder valley, and I think your business is a great business. The porblem here is that not a damn thing you said really ensures security in the least.

Yes, your order page is over https, so it is encrypted. Yes, you have a cert from a big name in the cert business. ANY web site can be encrypted, and all the cert means is that odds are really good that the site you are accessing is the same machine the cert was issued to, and the people requesting it probably had some letterhead and a phone number that was listed as the corporate entity on the cert.

Security is all about how your shopping cart is constructed, how orders are submitted/billed, and who is handling your credit card processing (usually your shopping cart provider).

You can set up a site with certs and encryption, and then go send the filled out order form via email to some person's poorly secured unpatched windows box they do their general computing on, and that person then enters it by hand to your credit card machine you get from your local bank. Email is not secure transmission, and someone's personaly web-browsing system could be so owned by root kits it's not even laughable. Not to mention physical access to the box by, for example, someone's teenage kid with a small drug habit looking for some cash.

Or your web site could be on a shared host (you don't appear to be, which is a good thing). In which case your actual shopping cart implimentation is only secure as you shared hosts security policies. (mroe shared hosts are moving towards virtualized hosts, which makes this less problematic, but it still exists).

You could be storing CC info long term, and have a perfectly good website fro security, but have a database that is not safe. Or even your database could be secure form the outside and youa re doing everything right, but wind up with a disgruntled employee looking to make a buck selling credit card info.

Then of course youcould be doing everything right, but your credit card processor has some bad practices, or some really smart and determined folks have been targeting them and got away with it.



Don't take the OPs statement as saying powder valley is committing fraud. They themselvs said they legitimately did business with you. it is more of a heads up to keep an eye on your billing statements for fraud, especially if you used powder valley. Take this as an opportunity to perfom a relaity check on your online order processing. If you see lots of people popping up with fraud problems, you might want to quesiton how good your sysadmin is, your web designer/programmer, or (most likely) if you need to switch to a more secure/less targeted cart or card processor.

Don't assume you have the best practices, or that because they were the best practices last year, they are still the best this year. When multi-billion dollar globe spanning companies can screw up and have people skimming off huundreds of thousands of people's credit card info, your business isn'
t magically exempt.

If nobody else is popping up, it could just be bad timing and the guy got snagged by a card gen, or sold on a list, or some neighbor's kid stole some mail or trash and is trying to make a buck.

I've managed to dodge the bullet, but WAY too many shooting related online stores are being run by those who are not up to speed on the technology, and you can get screwed. At my local club a whole mess of people got hit with fruad in very close proximity. They all were competitive shooters that frequrent many of the same online vendors. They compared bills, and found who they had all done business with in common. They then contacted the common vendors and warned them. Turned out one had been compromised and had all their customer's data stolen. If people hadn't discussed it with each other, the vendor would not have known, and it would have gone on longer.

That's not good for anyone.

The OP's message was not slanderous, libelous, accusing, or threatening. They didn't say you were responsible, they said they got nailed on a card they hadn't used recently except at powder valley. The fraud was coincident in use, and they were giving their community a heads up. Read some forums. You will be able to tell when someone has an axe to grind. This doesn't read in that manner.

Your repsonse on the other hand, has a distinctly accusatory tone that I wouldn't appreciate one bit as a customer.

K3
November 12, 2008, 01:14 PM
I've supported Powder Valley for years. Never hear of any problems.
Its to bad the moderators shut down dumb meaningless threads but let the Slanderous Rants continue. These should be deleted.
If spec26 has no basis for his loss... Sue Him.
Send him a ceice and desist order. Then bill him for attorney fees.

You assume the rants are slanderous.

For something to qualify for that label, it must be untrue. Can you prove it's untrue? Until you can provide proof, perhaps YOU should "'ceice' and desist".


That said, I buy from PV all the time and will continue ot do so as I have never had an issue. Perhaps too much, if you ask my wife.

tlen
November 12, 2008, 01:41 PM
pv.com isn't the web site for Powder Valley, Inc. and as previous stated the real Powder Valley, Inc. web site order page is secure. I smell a red herring .....

PVI
November 12, 2008, 02:03 PM
Raz,

I appreciate your response.
What I am referring to is the post title (Powder Valley Identity Theft).

K3
November 12, 2008, 02:53 PM
pv.com isn't the web site for Powder Valley, Inc. and as previous stated the real Powder Valley, Inc. web site order page is secure. I smell a red herring .....

Oh fer cryin out loud. A red herring? I smell an abbreviation.

Read Raz' post.

The website may be secure, but there are other factors. Like humans. Couldn't it be possible for a person @ PV to have gotten the CC info and misused it? I'm not saying that happened, but is it or is it not a possibility?

rondog
November 12, 2008, 03:30 PM
Man, it's possible for ANY person that handles your card or card number ANYWHERE to put the screwin' to ya. No matter how secure any system is, at some point a human will see that card info. I've seen TV programs about the various ways thieves get that info, it's pretty scary.

I try to use money orders as much as possible, and my credit card is actually a debit card, which I can control the balance on by my deposits. So they can only take me for what's available in the account.

spec26
November 13, 2008, 07:21 AM
first off im on my cracberry so i apologizefor any typos...

powder valley - i never intended to bring down your company with the thread title. i never stated you guys were to blame for my situation. The bottom line in i used my card at your secure site and not 24 hous later 400 bucks in charges i did not make were on my account. I am simply letting people know what happened.

if you want to take it as bringing down th PV name then so be it. over at the other forum several others had similar things haapen just like me...i sent you guy two emails and never got a reply back. im sorry i have offended you but in this day and age others need to have a headsup every once in a while and thats all this is...btw thanks for the good deal on aa2520....my order will be here today..

alsaqr
November 13, 2008, 07:37 AM
We still have no idea how the card was accessed other than the fact that she'd been to the local Sprint outlet to pick a new phone and the clerk there had taken the card into a back room for whatever routine reason they use there.


There are a couple of Mexican restraunts in Lawton, OK that were doing the same thing. Then charges would show up on the customers card in Mexico. They take into a back room in order to read the card so it can be cloned. Then they use a cloning machine to make a new card.

Here is one such case:

Yadav, an illegal immigrant, has been in federal custody since he was arrested near a Wal-Mart in New Albany, Miss., where local police found him with credit card cloning equipment and 14 re-coded credit cards, the search warrant states.

Authorities identified Yadav as a clerk at Perry's Liquor on Lexington Road, according to the warrant, but store owner Ravi Patel said in an interview Monday that Yadav did computer maintenance for the business over the past couple of years.

Patel said he didn't know that Yadav had installed a keystroke logger, a small device that crooks can use to steal financial data from computers.

"We didn't know anything about it," Patel said. "I'm just very glad they caught him, and very sad that this happened to my customers."

Highland Ranger
November 13, 2008, 11:05 AM
Identity theft can happen anywhere along the chain - your card number when used passes through many gateways. Blaming the vendor is reckless and wrong. Perhaps legally actionable if they can prove harm.

Think before you post!

Vagabond
November 15, 2008, 12:36 AM
And I don't think that's the case here. "Be careful with PV" isn't slander anywhere I've been. Besides, it is not too difficult to find examples of employees of web fronts that purloin info the same as brick and mortar shops. How can you be so sure that's not the case here? No "seal" for that. I'm in the IT business, and it is a problem for sure. Story in e-Week recently about it. And every embezzler was trusted by someone or they'd have had no access to the dough.:eek:

The real problem here is that the original fraud was taken personally. Heck, even the banks don't seem to get that worked up. It's a cost of business, collateral damage of the financial kind.

I had a bank employee at a big nameless bank (initals are WAMU) give out my account info from a dormant account list (imagine that, 60 days of untouched funds in a Business Money Market account). The outside accomplice
-cashed 10 checks, in two days, at five local branches
-for just under $700 each (same amount on all of them, they knew that checks less than $1K were not checked for signatures),
-numbered 1111, 1113,1115,1117 etc,
-labelled "Payroll" (they knew that the bank would cash non-account holders payroll checks),
-with misspelled name and address of our company,
-using her own Drivers License,
-was photo'ed at the teller,
-had a signature not even similar to valid
- and WAMU declined to prosecute.
"Policy". Less than the threshold amount.

I got my money back in 10 days, without interest, and had to close the account. I had no checks on the account, and had never had any - the perps used Versa-Check to print the forgeries on a laser printer. I was steamed at the time, but heck it didn't bother WAMU and it cost them $7000! (Some employees were eventually arrested, but not for my case, other occurances).

And for the record, this thread would not make me take my business elsewhere ("damage to our reputation has already been done due to these slanderous remarks"), so PVI is not harmed by the statements as far I am concerned. In fact, I need to order some stuff and I had never heard of you until now! I'll go visit your site! Maybe this thread added to your business! Anyone going to stop buying from PVI because SPEC26 spouted off? What would you sue for if you could not prove any loss? But if you sued SPEC26, that would change my mind, so relax and make nice. You're not hurt. It's not personal, even if it's emotional.
:)

Vagabond
November 15, 2008, 12:50 AM
Bryan,
Just saw your site- I will be ordering from you - lucky I saw this thread - seriously! Go figure.....

Remo-99
November 15, 2008, 04:09 AM
In Spec26's original post, I didn't see any slanderous statements either, he was just making reference to where he used his credit card and added some suspicion their way.

And regarding powder valley inc. I would have no problems making online purchases with them either.

Somewhere along the ways there was a breach of security, which allowed someone access to secure information, which then was mis-used.

keystroke loggers un-intentionaly installed onto a users PC, are a scammer's best chance at getting account details of potential victims, as well as phantom web sites, that look like the real deal, except for a small detail in the web address (like powdervalleyinc.com/powdervalley.com) for example only. where ya give payment details and nothing is received.

BTW Spec26 didn't state whether or not, he received his order.

As for NASA's security at their end, I don't believe a truly secure server would have internet access, for online shopping either. Teminals that have online access are just as vaunerable as home PC's that use a good quality virus scanner. And there are keystroke loggers that evaide detection from those as well.

qajaq59
November 15, 2008, 05:21 AM
Any time we use a credit card on line, on the phone, or in person there is always the chance that someone will figure out a way to steal from us.
I never thought about the limited credit cards that you can buy. That's not a bad idea for ordering on line.

spec26
November 15, 2008, 05:49 AM
Heck yes I received my wonderfully packed order. My supplies are complete for right now but I would order from PV again...They had the best deal on powder (2520), primers, and the total price was at least 30 bucks cheaper than anywhere else.

I will probably call in my order but thats not a big deal I will be doing that for a while regardless...

Highland Ranger
November 15, 2008, 11:04 AM
Let's hope the vendor does get some positive exposure because of this . . . . and I agree, if you use a credit card, get used to the fact that it will be stolen at some point.

I have lost track of how many times it has happened to me. Never cost me a nickel directly, although I'm sure the cost makes its way to interest and service charges .

karnaaj
November 15, 2008, 11:38 AM
The OP started this exact same thread on another forum and it got locked almost immediately. This poster is doing irreparable harm to a fine business and he needs to be stopped. He has not one shred of evidence just speculation and conjecture.

NC-Mike
November 15, 2008, 11:41 AM
The OP started this exact same thread on another forum and it got locked almost immediately. This poster is doing irreparable harm to a fine business and he needs to be stopped. He has not one shred of evidence just speculation and conjecture.

I agree. The thread title is most unfortunate and so is the conjecture.

I don't blame PVI for defending himself either.

spec26
November 15, 2008, 02:16 PM
You guys that think you know what my intensions were for making these threads are rediculous. I am a member of two forums so of course i posted it in both. No different then bringing it up to the guys at the two ranges i frequent.

So I should get sued for a stating a situation that I encountered on a public forum? Want to go after my huge NASA salary, house, vehicles, retirement huh. Go ahead then, but lets not just stop at me. Lets also go after all the haters who called vendors after last week thiefs and price gougers. Or the blatant racists that called our new president deragatory names no matter what his intensions are. Im sure all that also qualifies under degradation of character and they can get some money out of all you too!

The bottom line is that I simply made an informative posts and YES the title is not politically correct. I should be sued for that huh..I have malicious intentions huh? I NEVER said PVI was to blame. I simply stated what happened to me. In the end they got paid, i got my stuff and the fraud back and life goes on. Im happy with my stuff and their website is still up so I take it they are still in business. in the end I can't prove who did anything and they canT prove they didn't. All each of us can do is state facts to each side. I am not about to post up a bank statment when I never accused anyone of anything! take a look at the other site and others had similar experiences. This was FYI only people.

If I could change the title I would

spec26
November 15, 2008, 02:45 PM
man my crackberry skillz are horrible

Art Eatman
November 15, 2008, 03:44 PM
Bottom line: Powder Valley as a firm is a good place to do business.

Somehow, credit card information was stolen and misused soon after placing an order to PV.

There may be some connection. There may not. Nobody knows.

Enuf.

Art

Mal H
November 15, 2008, 05:18 PM
... and title changed with OP's concurrence.

If you enjoyed reading about "Identity Theft" here in TheHighRoad.org archive, you'll LOVE our community. Come join TheHighRoad.org today for the full version!