Before I state my claim, I would like to ask the question of has anybody ever had their credit card or debit card information stolen after making a purchase off of the Paizo website?
Not that I'm aware of. Haven't seen any strange purchases since I purchased the first time (which was about a year ago.)
If someone did have their info stolen after making a purchase, I think it might be coincidental. I wouldn't be surprised if some people purchasing items at Paizo.com had some viruses from other websites...
TL;DR Paizo's legit. No credit card info being stolen here.
It's not funny, I'm not smiling and it happened to me 2 times after buying off this website. I would like to know that this website is secure to purchase off. I don't feel this site is safe to purchase off of now, and I have to talk to an authority figure regarding the matter and I will trace you down if I have to.
Nope, I've buying stuff from Paizo and OneBookShelf/RPGNow and never had a problem with card info being stolen. But I tend to be paranoid about constant system monitoring and weekly scans for malware, keyloggers, etc. I use a firewall that notifies me of all programs attempting to make or receive outbound Internet connections. I use Opera as my main browser and avoid anything Internet Explorer to prevent picking up weird clickware/ads/pop-ups. I also stay pretty vigilant about my checking & credit card statements to catch weird stuff ASAP and dispute/report it.
If you haven't already, install a couple different antivirus and/or anti-malware programs and scan your system(s) and data backups immediately.
It's not funny, I'm not smiling and it happened to me 2 times after buying off this website. I would like to know that this website is secure to purchase off. I don't feel this site is safe to purchase off of now, and I have to talk to an authority figure regarding the matter and I will trace you down if I have to.
Easy now. Nobody is trying to belittle your problem or mock you. I understand being upset by the situation -- as you should be -- but there is no need to take an adversarial tone with Marthian or the Paizo peeps.
Seriously though, if your credit/debit card was comprimised via any electronic purchases, immediately take steps to insure your system is clean of malware and trojans. Don't forget that anyone who had access to your card info is a potential breach -- card skimmers on gas station pumps and ATMs and self-checkout lines, servers in restaurants, even big retail stores who don't properly secure their systems. And a breach can occur several weeks, even months, before the first fraudulent charge appears on your account.
It could also be the case that your credit card information was stolen some time before you made a purchase at Paizo and only now has been used by the thief.
I never heard of this happening on Paizo either, and I've been buying stuff here for years. I'm not saying it couldn't happen but it would be a first if I heard it happened here. I'd say coincidence too.
|
It's not funny, I'm not smiling and it happened to me 2 times after buying off this website. I would like to know that this website is secure to purchase off. I don't feel this site is safe to purchase off of now, and I have to talk to an authority figure regarding the matter and I will trace you down if I have to.
First off making threats to another user will only make your problem seem less then legitimate. It might even get you banned from the website here itself. Second Paizo is very secure as the certificate proclaims every time you log in to the checkout.
Now for the bad news on your end. You most likely have some kind of trojan or someone has hacked your password and has access to your credit card information on Paizo. You might want to look in to that. The first thing I would do is to log in and immediately change your password!! Run an anti-virus check on your computer and anti-malware check.
People are NOT laughing at you and take it very serious but all know that Paizo's web site is very secure. It has not been hacked at any time now or in the past. Your computer on the other hand sounds like it was or at least your password was. So take steps to secure things as fast as possible and then contact your bank and go from there. Also run a credit check and make sure nothing else has been purchased under your name recently that you might not know about.
ALWAYS take things to private correspondence in the future when dealing with something like this. No matter the company. They are further able to help you and a lot faster then they would through a public venue such as this.
Give the guy a break. I'm thinking it sounds to me that he did get his credit card info stolen somehow, and having been through the identity theft ringer myself a few times, it's a real pain in the ass.
I got a call from my wife one day at work: "Um,....is there something I should know? Because you've joined Match.com and 3 other dating services for about $300."
I have no f#$+ing clue how I got nabbed. It just happens. And that was the little one.......
Good luck to you, SuperSlayer, and all identity thieves are scum.
And, I can sympathize with the situation enough to realize that saying stuff like "I will find you" is just a manifestation of an overwhelming desire to find the a!!@@~~ who anonymously ripped you off, and possibly just made your life a living hell for the next week or month or so, and give them a piece of your mind.
Before I state my claim, I would like to ask the question of has anybody ever had their credit card or debit card information stolen after making a purchase off of the Paizo website?
No and I have made quite a few purchases. I am also on their subscription system as well. So I very much doubt that the leak is on Paizo's side.
What purchases were made and for how much?
I had my credit card information stolen not too long ago, and I am curious- I would like to compare stories just in case.
I have had the credit card that was on file with Paizo (and not being used elsewhere) used to make fraudulent charges.
However, as Heine Stick indicated, it's possible that the card number was stolen a while before it was the card I was solely using for Paizo, so I could not state definitively that it was Paizo's fault.
However, as Heine Stick indicated, it's possible that the card number was stolen a while before it was the card I was solely using for Paizo, so I could not state definitively that it was Paizo's fault.
My wife had a card number stolen before we even received it (the old one was about to expire, and we were to receive a new card; the preponderance of evidence indicates it was someone working at the company responsible for creating and/or mailing out the cards).
174 orders, no problems.
SS, I totally get where you're coming from. I once had my identity stolen the old fashioned way (circa 1993), and that was one of the more frustrating periods in my life. That said, you should be certain your data was compromised on Paizo's end lest you risk misdirecting your (understandable) anger.
284 orders and counting and, while I have had a situation similar to yours where my credit card information was stolen, it had nothing to do with Paizo. This is why I mentioned that the credit card information might have been stolen a while ago and only now been used by whoever committed this vile act. That is how it happened to me.
Customer Service Manager
|
Customer security is absolutely a top priority for us. If you feel that your information may have been compromised, please email customer.service@paizo.com with whatever information and details you are able to provide (do not include card information beyond the last four digits of the card).
thanks
sara marie
Chief Technical Officer
|
I have had the credit card that was on file with Paizo (and not being used elsewhere) used to make fraudulent charges.
However, as Heine Stick indicated, it's possible that the card number was stolen a while before it was the card I was solely using for Paizo, so I could not state definitively that it was Paizo's fault.
Credit card numbers follow a predictable algorithm; it's actually quite easy to come up with a list of potentially valid credit card numbers, and only slightly more difficult to process that list to determine which are actual valid accounts. However, somebody who generates numbers that way won't have your billing address, so those numbers won't get them far on ecommerce sites that require billing address verification, but not all sites do that; it's also sadly far too easy to encode the engineered number on the magnetic stripe of a physical credit card that most brick-and-mortar retailers would readily accept without a second thought.
In short, a credit card number that you've literally never used anywhere can be stolen.
Fortunately, MasterCard and Visa and the other credit card services have fraud policies that ensure that, as long as you promptly report fraudulent use of your card number to your bank, you won't be on the hook for those charges. (The loss ultimately comes out the pocket of the retailer that accepted the stolen card.)
Frankly, I feel better about credit card security at properly secured ecommerce sites such as paizo.com than I do with most retail environments. After all, when you buy online, nobody is looking at your card number during the transaction; the process is fully automated, and all sensitive data is thoroughly encrypted as it travels through the internet. The same can't be said when you give your credit card to a retail clerk or waiter, especially if they go out of your sight to process your card.
|
Chief Technical Officer
|
These things can also happen if you are connecting to the Internet on an unsecure connection, such as a coffee shop or campus wireless node or a smartphone, or if your wireless router is unsecured or compromised.
No matter how you connect to paizo.com, your credit card number and other sensitive cardholder data are *always* encrypted in transit to us, so even if you are on an unsecured network and somebody is actually looking at the data being exchanged, they won't be able to extract anything useful from it. There are many other reasons to worry about your network connection being compromised, but this is not one of them.
(As has been mentioned though, if your *own* computer has been compromised, someone could be monitoring your input prior to encryption.)
In short, a credit card number that you've literally never used anywhere can be stolen.
Another interesting note that I learned from experience: activating a credit card activates the physical swiping of the credit card. It is valid for ecommerce transactions even if it has not yet been activated. So it's entirely possible to have a credit card number that you not only have never used, but have never even activated to be stolen and used online.
| 2 people marked this as a favorite. |
If only we could find a way to capture effort and ingenuity devoted to stealing and channel it into more ethical pursuits... :-/
I've been a Paizo subscriber since August 2009, so Paizo process my cards quite regularly.
I'm also a software engineer by profession. I've written eCommerce code; getting the user into a safe HTTPS session without exposing their session token, securely storing their credit cards in the database, securely NOT storing the CVV in the database, and integrating with transaction processors.
I've also discussed credit cards with Paizo before.
I'm confident that Paizo knows what they are doing. Enough so that I've been willing to let them charge my card monthly for years now.
This isn't to say that Paizo is invulnerable. Some day they'll make a change to the website that depends on a code library that depends on a database that depends on an OS with just the wrong alignment of vulnerabilities and ... pwned. It's just the nature of the beast. Every retailer absolutely dreads it.
Paizo is doing their due diligence and fighting the good fight on security.
You can do a lot worse than to use your credit card here.
|
|
| 1 person marked this as a favorite. |
I'm also a software engineer by profession. I've written eCommerce code; getting the user into a safe HTTPS session without exposing their session token, securely storing their credit cards in the database, securely NOT storing the CVV in the database, and integrating with transaction processors.
Witchcraft, I say.
-Skeld :P
Thanks for the replies of advice and assurance. I have found the root of the problem, and let's just say I have successfully put my skills to proper use to pinpoint the problem and have taken action.
Now that sounds rather ominous...
Now that sounds rather ominous...Didn't Liam Neeson say something like that?
-Skeld
That's exactly what I was thinking!
"Skills that make me a nightmare for people like you"