I'm not sure exactly where to post this, but I figured I'd try here.

Yesterday morning, I discovered that one of my credit card numbers had been stolen. Thankfully, fraud prevention picked up on it immediately (probably helped by some various online purchases that I had made from all over the place just before that making the activity look very strange), so the inconvenience to me is minimal.

But. I'm sure that I've never sent my CC number over the web without SSL. And 95%+ of the e-commerce I do is through DVD sites.

So ... I'm worried that there's a leak (like an accidentally exposed customer database) at some place I've bought from. I don't want to list names yet, because the list is long and because I don't want to malign anybody unnecessarily. But I wanted to check here to see if this was just a fluke or if other DVDTalkers had had a similar experience recently ...

Lately, I've been exclusively using one-time-use cc #s for all of my online purchases.

I've been using Private Payments from Amex, but recently I had a situation where they let a company charge the same # twice. When I called them, they couldn't explain why the (supposedly) one-time-use # was able to be charged twice, so that doesn't inspire a lot of confidence in me. I guess it's still my best option, but I wish I had access to another cc company that offers one-time-use #s.

CC fraud can occur in so many places; from a person stealing your number when you make a physical purchase, to someone getting your number through the airwaves if you use a cordless with no security, to a hacked e-commerce store.

Does the Another Universe, My So-Called Life preorder count?

here's a scary thought.

i work in the computer industry. hackers recently came up with a program that generates a valid CC number and expiry date based on a couple of simple equations. major companies are scrambling to keep the backlash small but it's out there and it's being used. the chances of it hitting a number that's currently in use are minute just based solely on the laws of probability. However, hitting a valid number isn't hard if they know how the different card companies come up with the numbers.

food for thought.

Actually, I had fraud security contact me this past week saying that my number had been "Compromised" but that no charges against it had been made...how they figure out the number has been stolen but not used yet, is anyone's guess, but I was thankful they notified me...they basically just send you a new card.

Like many others, about 95 percent of my CC usage is on the internet, so this is like the third time it's happened to me with various cards over the past 3 or 4 years...but most CC companies are good about not making you pay for charges you didn't make, plus the new federal law that you aren't repsonsible for charges that you didn't authorize over $50 is also a big help.

I've never had any problem getting charges taken off my card that I didn't make...but yes, CC fraud seems to be a big problem on the net, but not one that I'm losing any sleep over. I still think it's safter than giving a number out over the phone or in a retail store.

Recently? I suppose if your consider 10+ years ago recent...
The generation of card #'s based on the Visa/MasterCard algorithm is nothing new, and them obtaining the expiry date is also no difficult task. The problem is now corrected by name/address verification, CV2 codes, etc. Someone could generate a list of thousands of valid CC#'s from any issuing bank they desire but you have no way of knowing the persons name, address, zip code, etc. so as long as the place does name and/or address verification (which almost all online retailers are required to do by their merchant agreement) it really isn't a problem.
Many years ago number/expiration was all you needed, so it was a major problem.

I won't really go in to any more detail seeing as I don't want this to turn in to a How-To guide for credit card fraud.

Information contained herein in based purely on educational research preformed pre-DMCA. Any memory I may have had about any information that could be considered proprietary or secret I have erased from my collective knowledge.

I'm starting to think I entered a time machine.
Title 15, chapter 41, subchapter 1, Part B, Sec. 1643 is the federal law that makes it so you are not responsible for charges over $50.
That law was enacted on Oct. 26, 1970.
I wouldn't call it too awfully new.

I had my CC # compromised back in late October early November. My CC company called and it turned out they tried to charge some things, but they never actually posted to my account they had only been authorized when it was caught. They immediately cancelled my accounts, and just for good measure I went and called all of my other credit card accounts and had them cancelled and reissued.

As some have said previously I never sent my CC # over the internet with a non-SSL connection. I have very good suspicions of where my CC # was compromised, but I won't post those publicly here on the board.