Just a heads up - Renderosity security compromised again

[Faery_Light]

I got hacked on my debit card.
Fortunately the bank caught the unusual activity, it was in San Francisco...lol.
They sent me an alert by email then a follow up phone call.
Now my card is locked down and a new one will be sent this week.
The hacker used it to get a membership for Uber Flyt Ride then took an $85.00 dollar ride somewhere.
But the Uber driver is now out the $85.00 as my bank stopped the payment.

Not sure if it was through Rendo or not, might have been another purchase at Amazon.
I have been mainly using Paypal where accepted but my card info was still there at Rendo.

Good to have watchful banks to work with.

 

[Miss B]

I agree. I recently got a phone call from my bank because of a withdrawal with my debit card (larger than I usually take out), and then a nice sized purchase at a local store. I got the call within 15 minutes of getting home, so I would say that was a pretty darn quick pickup of the actions.

As it turns out, both were done by me, so all was good, but I was glad to know they are watching that closely.

 

[Faery_Light]

I use Bank of America but they are closing the branch that is only 35 miles from us.
There and back is 70 miles or so, the others are more like 70 and 100 miles away so a two way trip is more than I can do.

I'll have to switch to a bank closer to home and hope it is as good as the one I have now.

 

[Miss B]

Ouch!! I'm lucky mine's only a 3 1/2 block walk. I don't envy you such a long trek.

 

[Faery_Light]

We go by car but I have trouble (and my daughter does) being able to stand long rides in cars.
When I was younger I loved long car rides.

 

[Satira Capriccio]

My credit union is 3,000 miles away. But, I've never had a reason to find something closer. Even though I work in the same building as a Wells Fargo bank ... which used to be a Wachovia ... and before that First Fidelity. I wonder how much longer it will be a Wells Fargo

 

[Faery_Light]

I wouldn't change either but if I need to go to the bank directly it is just too stressful taking a long drive.
No way I need one 3000 miles away!

 

[Gadget Girl]

The hacker used it to get a membership for Uber Flyt Ride then took an $85.00 dollar ride somewhere.
But the Uber driver is now out the $85.00 as my bank stopped the payment.

It's interesting how big a thing Uber fraud is. There's a podcast I listen to and love called Reply All, which had a couple episodes about it (and about internet security). The Russian Passenger was the first episode and then they did a follow up called Beware All. I do hope the poor Uber drive isn't out the money, as they aren't the ones at fault, but I have no idea how that works.

Funny thing about internet security. I just got an offer for this new corporate job which requires a background check. All well and good. And then this e-mail shows up from a company I've never heard of asking me to do a background check. Now on the one hand I was expecting an e-mail about a background check, but no where did it mention any company I had ever heard of, and the domain of the e-mail didn't match the name as it was spelled out (not sure what you call that, you know where you set it to show your name when someone gets an e-mail from you, and not just your e-mail address). And then there was this attachment at the bottom with another acronym I hadn't heard of.

I actually ended up calling the guy who was handling my hiring and had to ask if it was legit. I figured it likely was, but giving away the information needed for a background check is the same as giving away the information needed to steal my identity. Turns out the company I had never heard of is the parent company of his company and he had never mentioned their name to me. What sad is that this was an official e-mail, but it looked like a thousand scams I'd seen out there, and there are lots of scams that target people who have their resumes up on job sites.

I'm not sure now if he thinks I'm paranoid, or if he's glad he's hiring an IT person who is on the lookout for phishing attempts.

 

[Hornet3d]

It's interesting how big a thing Uber fraud is. There's a podcast I listen to and love called Reply All, which had a couple episodes about it (and about internet security). The Russian Passenger was the first episode and then they did a follow up called Beware All. I do hope the poor Uber drive isn't out the money, as they aren't the ones at fault, but I have no idea how that works.

Funny thing about internet security. I just got an offer for this new corporate job which requires a background check. All well and good. And then this e-mail shows up from a company I've never heard of asking me to do a background check. Now on the one hand I was expecting an e-mail about a background check, but no where did it mention any company I had ever heard of, and the domain of the e-mail didn't match the name as it was spelled out (not sure what you call that, you know where you set it to show your name when someone gets an e-mail from you, and not just your e-mail address). And then there was this attachment at the bottom with another acronym I hadn't heard of.

I actually ended up calling the guy who was handling my hiring and had to ask if it was legit. I figured it likely was, but giving away the information needed for a background check is the same as giving away the information needed to steal my identity. Turns out the company I had never heard of is the parent company of his company and he had never mentioned their name to me. What sad is that this was an official e-mail, but it looked like a thousand scams I'd seen out there, and there are lots of scams that target people who have their resumes up on job sites.

I'm not sure now if he thinks I'm paranoid, or if he's glad he's hiring an IT person who is on the lookout for phishing attempts.

Well if I were him it would definitely the latter, an IT person who is on the lookout for phishing scams wins all the time. While there are a few scams which are easily spotted due to the poor language used there are a lot of fake web sites that really look professional.

I have account at one of the credit rating companies that I pay for each month mainly because they will let me know if my credit history is searched for any reason and will also show the entity that made the search. Hopefully it goes some way to guarding me against someone taking credit cards out in my name, at least if they do I have a change to get to the company and explain that there is a fraud taking place.

 

[DanaTA]

I think the main problem, that I've been saying to people for several years now, is that when you visit Renderosity...or many other sites...you are on a plain text page...meaning non-secure mode. The address bar will show http://. Then, when you hit the checkout link/button, the next page is in secure mode (https://). However, there is an inherent flaw with this process. It is open to a "man-in-the-middle" attack, and anything you see cannot be trusted as secure and authentic. And even if the pages are authentic, the network traffic is compromised. A hacker can be seeing everything you type. For a site to be truly secure, it must be in secure mode from the very first page request. You will notice that this site is in secure mode even just for the forum. My site is the same, secure from the very first page served. It's the only way to protect your customers and clients. Nothing is foolproof, but non secure pages are an invitation to disaster, especially in these times.

Hmmm...actually, I just checked with a new tab and entered their address and it came up as secure right away. They must have changed it recently. I admit I haven't done any business there (or much of anywhere) in quite a while, but I do visit wishlist items on sale when I get a notice. I never noticed that secure mode before, but maybe I just wasn't paying attention because I wasn't about to actually make a purchase.

All that said, when using PayPal, nobody sees your credit card information, it is never entered into the transaction. The store you do business with does not see it, only what PayPal shows them. That is the whole purpose of using PayPal. Your info is not displayed, not divulged. PayPal is the only method of payment I take on my site. Because of this, I know that they do not put any financial data into traffic to the seller. Only their own transaction number and fees.

Dana

 

[Dragonsegg]

I just wanted to purchase something at Renderosity today and was trying to use a VISA gift card since there have been a lot of questions about security at that site lately. I had enough money on the card to pay for the item but it was declined. After checking the balance and making sure everything on the address matched I called the CC provider to ask why they kept declining the card when the money was there. Well they told me that VISA, the main company would not accept orders from Renderosity anymore so I could not use that card or any of the credit cards I have since they are also VISA. I assume this is fallout from the recent security issues. I ended up having to use Paypal to make the purchase. I am glad that VISA is looking out for fraud aggressively but it seems like they are really going to hurt Renderosity and the artists there with this policy.

 

[Faery_Light]

I don't have a store there now and no card or bank information stored.
All purchases are through Paypal.
I just make sure to add enough to Paypal so if I want something I can get it.
Amazon won't accept Paypal so I may not do much buying from them now.

I'd like to get the Paypal card but can't right now and I think it would be easier, safer to use.

 

[Glitterati3D]

I just wanted to purchase something at Renderosity today and was trying to use a VISA gift card since there have been a lot of questions about security at that site lately. I had enough money on the card to pay for the item but it was declined. After checking the balance and making sure everything on the address matched I called the CC provider to ask why they kept declining the card when the money was there. Well they told me that VISA, the main company would not accept orders from Renderosity anymore so I could not use that card or any of the credit cards I have since they are also VISA. I assume this is fallout from the recent security issues. I ended up having to use Paypal to make the purchase. I am glad that VISA is looking out for fraud aggressively but it seems like they are really going to hurt Renderosity and the artists there with this policy.

WOW! Yeah, that means a massive hit to Renderosity! We can expect the other card companies to follow suit.

You can't blame them though.....they are taking a massive hit with all this fraud. It has to end somewhere.

 

[Hornet3d]

I just wanted to purchase something at Renderosity today and was trying to use a VISA gift card since there have been a lot of questions about security at that site lately. I had enough money on the card to pay for the item but it was declined. After checking the balance and making sure everything on the address matched I called the CC provider to ask why they kept declining the card when the money was there. Well they told me that VISA, the main company would not accept orders from Renderosity anymore so I could not use that card or any of the credit cards I have since they are also VISA. I assume this is fallout from the recent security issues. I ended up having to use Paypal to make the purchase. I am glad that VISA is looking out for fraud aggressively but it seems like they are really going to hurt Renderosity and the artists there with this policy.

There is at least one other person in the thread over at Renderosity that has had a similar experience using a Visa gift card so you are not alone. I does appear that this is a recent development and I would be surprised if it did not impact Renderosity and the vendors. On the other hand, just counting the my own experience on the two occasions when Renderosity have admitted they were at fault the amount of the fraud was over $9000 and if not the card holder then either Visa or their client is going to lose. From my point of view I cannot blame Visa for taking action and if Renderosity do suffer they should look a lot closer to home for someone to blame.

I do have a great amount of sympathy for the vendors but even without the Visa action they are losing out because some customers are not buying there, me included. Just over a year ago I used to spend circa $100 every month but that has dropped to around $10 on occasional months (for other reasons including security). This is the first month in over ten years I have spent nothing on content. If something came up here I liked I would buy it but for the past three weeks I have not even visited the marketplace a Renderosity because I see no point in looking for something I would not risk my card to buy. Of course the vendors could move to another broker so if the Visa ban really bites it is the front line staff at Renderosity I have bigger fears for.

 

[Faery_Light]

Yeah, my bank is not happy with the last fraud report I filed, now I have to fill out papers and mail in before they return my money.
But I did find out it wasn't Renderosity or Amazon where it came from.
It appears to be someone locally finding a way to scan the cards and, more than likely, selling the information.
So to shop at Walmart I am going to get one of their re-loadable cards for shopping only and use Paypal for online orders.
This has been nasty all the way around, I need that $85.00 back.

I know it has to hurt Renderosity and their vendors that there is so much of it happening there.
Once someone steals your card information they rip off others before it gets stopped.
So the company that has stuff bought there loses, or vendors in this case because Renderosity does not absorb the loss.
Vendors have to pay Renderosity back on the items that were sold to these hackers.
If the card holder was not a vendor, then their bank or credit card company may charge them and not give back the money.

BOA will return my money but it will be another few weeks to sort it.

 

[Glitterati3D]

There is at least one other person in the thread over at Renderosity that has had a similar experience using a Visa gift card so you are not alone. I does appear that this is a recent development and I would be surprised if it did not impact Renderosity and the vendors. On the other hand, just counting the my own experience on the two occasions when Renderosity have admitted they were at fault the amount of the fraud was over $9000 and if not the card holder then either Visa or their client is going to lose. From my point of view I cannot blame Visa for taking action and if Renderosity do suffer they should look a lot closer to home for someone to blame.

I do have a great amount of sympathy for the vendors but even without the Visa action they are losing out because some customers are not buying there, me included. Just over a year ago I used to spend circa $100 every month but that has dropped to around $10 on occasional months (for other reasons including security). This is the first month in over ten years I have spent nothing on content. If something came up here I liked I would buy it but for the past three weeks I have not even visited the marketplace a Renderosity because I see no point in looking for something I would not risk my card to buy. Of course the vendors could move to another broker so if the Visa ban really bites it is the front line staff at Renderosity I have bigger fears for.

I will tell you what's sad, though, Hornet. It's the vendors who are eating the fraud. They charge it all back to the vendor accounts.

And, honestly, I have ALWAYS disgreed with this regardless of what brokerage we are discussing. That's part of what a brokerage house takes a percentage of sales for - security. It's not like the vendor has ANY control over the security measures, or lack thereof, at a brokerage. Why are THEY eating that?

 

[Hornet3d]

I don't have a store there now and no card or bank information stored.
All purchases are through Paypal.
I just make sure to add enough to Paypal so if I want something I can get it.
Amazon won't accept Paypal so I may not do much buying from them now.

I'd like to get the Paypal card but can't right now and I think it would be easier, safer to use.

I won't use Paypal for historic personal reasons but from the evidence of many others in different forum personal friends it does seem to be a lot more secure that the standard Visa card.

I know it is more hassle but if you wanted something from Amazon you could set up a prepaid debit card. I use one from 'Pockit' that allows me to transfer money from my bank account without charge and can be used where ever Mastercard is accepted. All I have paid so far is a very small charge to cover the cost of imprinting the card.

 

[Hornet3d]

I will tell you what's sad, though, Hornet. It's the vendors who are eating the fraud. They charge it all back to the vendor accounts.

And, honestly, I have ALWAYS disgreed with this regardless of what brokerage we are discussing. That's part of what a brokerage house takes a percentage of sales for - security. It's not like the vendor has ANY control over the security measures, or lack thereof, at a brokerage. Why are THEY eating that?

I did not know that but it does not surprise me one bit. It is as fair as Renderosity selling a 'Prime' membership, the benefits of which is a free product each month and then finding out a vendor gifts this to Renderosity. Renderosity gets the revenue for the membership and the vendor gets........well nothing accept maybe a wider acceptance of their skills. That was certainly the case when the made the changes to the club a year or so ago and I doubt anything has changed.

It does leave one wondering what Renderosity are providing for their share other than a poorly designed web site.

 

[Glitterati3D]

I did not know that but it does not surprise me one bit. It is as fair as Renderosity selling a 'Prime' membership, the benefits of which is a free product each month and then finding out a vendor gifts this to Renderosity. Renderosity gets the revenue for the membership and the vendor gets........well nothing accept maybe a wider acceptance of their skills. That was certainly the case when the made the changes to the club a year or so ago and I doubt anything has changed.

It does leave one wondering what Renderosity are providing for their share other than a poorly designed web site.

Worse than poorly designed - poorly designed and INsecure.

 

[Hornet3d]

Worse than poorly designed - poorly designed and INsecure.

Very true.