Rpgnow creditcard information stolen

[Mark CMG]

I'm glad I only ever paid via PayPal.

Olaf the Stout

That's always the best bet online, whether you buy from an online mall or directly from a manufacturer's or publisher's store. Between ebay and everything else they handle (millions and millions of transactions each month), I hear almost no nightmare stories and there is usually more to it than what is heard (someone who didn't update information with their bank after a move, thus causing some possible suspicion in regard to a card or account, someone who stored their info on their computer, as well, and didn't maintina proper protection on their home or work system, someone who believes it is the only place they used a card but actually having gone to a shady site that asked for "verification" information, someone who made the mistake of giving information to a spoof emailer pretending to be paypal, etc.) Only using Paypal, through the secure Paypal interface, is about as foolproof as anything online, and much moreso than handing off your card in a restaurant or other business where it might be out of your sight for a number of minutes.

 

[Christian]

Most stores allow you to save your credit card info on the site (and ask if you wish to do so), and from the thread linked in the OP it sounds like that is the info that was compromised. It's an ease of use thing. I never personally allow them to do so - I'll type in the numbers again, thanks.

Yeah, no kidding. I always wondered why people would do that. "Upside: it'll take me twenty seconds instead of thirty seconds to check out next time I buy something here. Downside: it's possible that some hacker will get hold of my credit card number and case me hundreds of hours of work trying to sort everything out, during which period my credit will be massively screwed up and I may have very limited funds. Hmmm ... Yeah, what the heck!"

If you type in your numbers each time & don't select the option to store your number, you're safe from stuff like this happening. It's not limited to RPG Now--it could happen to anybody. The day will come when someone finds a hole in Amazon.com's security, just wait. :\

 

[Whizbang Dustyboots]

Only using Paypal, through the secure Paypal interface, is about as foolproof as anything online, and much moreso than handing off your card in a restaurant or other business where it might be out of your sight for a number of minutes.

To be fair, even RPGNow/RPGShop were safer than handing your credit card to some random dude in a restaurant.

 

[sckeener]

it is stories like these that make me appreciate MBNA's temporary credit card.

If you have an MBNA card, you can just go to their site, pick the limit you want on the new temporary card, and it'll give you a credit card number to use on other sites that has that limit.

very nice for when sites get hacked.

 

[Michael Morris]

This is very bad news for RPGNow. If Visa/Mastercard gets wind of this they'll be revoking RPGNow's merchant id number until he coughs up a fine that will be in the thousands of dollars. They take this crap seriously these days, anyone who stores credit card numbers on their site in any form is liable for ALL FRAUDULENT CHARGES on the card if their database can be proved to have been comprimised.

 

[broghammerj]

If you have an MBNA card, you can just go to their site, pick the limit you want on the new temporary card, and it'll give you a credit card number to use on other sites that has that limit.

Do they still do this now that MBNA was taken over by Bank of America?

 

[molonel]

I must confess that I'm a little disappointed that I'm learning about all this, here.

But I'd like to thank everyone who contributed to this thread, and offered their insights and help.

Do they know HOW all this information was gained? And if there is any likelihood of it occuring again? Was it an employee? Or what?

 

[Michael Morris]

Most stores allow you to save your credit card info on the site (and ask if you wish to do so), and from the thread linked in the OP it sounds like that is the info that was compromised. It's an ease of use thing. I never personally allow them to do so - I'll type in the numbers again, thanks.

Googling my name and RPGNow seems to come up clear. I'm very leery of googling my credit card numbers, so I don't think I'll try that unless someone here can give me a very compelling reason why it's not an exceptionally bad idea.

This is becoming very rare. Since last summer Visa/Mastercard has been actively suing vendors whose databases become comprimised. They've also been throwing vendors who store the card number without notifying the customer off the network entirely if caught. My company's policy has become simply if you want a web portal that can store a credit card on the site permanently you'll have to find someone else to do it unless you wish to sign a letter of indemnification accepting all responsibly for all fines if the database is compromised. We aren't going to be held liable for this sort of thing and honestly we don't do this sort of thing unless the client just will not shut up about it. We stress that it is a very, very, very, VERY BAD idea. Even then we refuse to do it without putting a message up on the screen informing the customer that it will be done. To do otherwise is criminal in certain juristictions.

 

[Vrecknidj]

I'm terribly sorry for anyone who will be having trouble with this. This kind of thing sucks (my mom had some pretty hefty problems once with identity theft).

I'm glad that the community has a place to share information though. I've learned a lot about what to expect and what to look for in my future transactions.

Dave

 

[trancejeremy]

Ack! I don't mean to be rude, but shouldn't all RPGNow/RPGShop customers have gotten an email about this? Learning something like this from message boards is not acceptable, IMHO (though about on par with my past experiences with RPGNow's customer service - which generally consists of siccing GMS on people who complain). Even if only a small number of people were affected, I think all your customers should have been alerted to keep their eyes on their statements, or better yet, remove the info from your site.

I had problems with my credit card number being stolen this summer, and frankly, it's very very scary, and it's a major pain in the #%#@ to clear up. I'm still working on straightening it out. (Not the one I used for RPGShop/Now, AFAICR, so my problems were not caused by this).

And just this week, I got a letter from Bank of America about fradulent activity on a credit card I didn't even have.