Fraudulent bank card charge, looking for tips to stay safe online

[RikuoAmero]

Hey guys. Just this evening, as I was walking home from work, I got a text from my bank, saying there was suspicious activity on my debit card. I called them up, they say it was several hundred euros worth, an online shopping transaction that had been done about an hour beforehand while I was busy working, from a foreign website. I of course disputed the charge, and they cancelled my debit card. I then went to my local police and they verified the number I called, they rang into my bank and the bank confirmed I had indeed been sent a legit fraud alert message.
Now, I'm looking for tips as to how to stay safe online. The problem is...I thought I had been! I'm hugely paranoid about online shopping.
Here are my security practices to date
1) Each and every single online service, game or online application (so things like Skype, Facebook, Steam, MMOs) has a separate email address using one of various webmail services (so I have a ****facebook@gmail, a *****skype@outlook and so on). The email addresses have randomized passwords, and so do the actual accounts (so my facebook@gmail has one password, and my actual facebook account has another password).
2) I keep a list of all my passwords in a password protected text document on a machine permanently disconnected from the net. That machine runs a non-Windows OS and requires two passwords, one to boot, one to log in to the OS. Whenever I need a password, I open that document, look at the password, and manually type it in, on the machine I am actually using.
3) I run Avast at all times. I also have Malwarebytes, but not as a persistent scanner.
4) I keep software as up to date as possible.
5) As to actual usage of my bank card, shopping online, I use as few services as possible. I have a Paypal account, which I linked to my debit card (the one that got cancelled this evening). I use Paypal to pay for Steam and Ebay purchases.
Amazon has my debit card, I use that to pay for Amazon purchases.
I sometimes order food from Dominos but they do not have my debit card saved, I manually type that in each time.
6) Whenever I shop, I check the web address, I check that I'm using HTTPS.
In terms of online security, I think I'm covered, but of course, there has to be more I can do, given that this fraud happened. Any tips? I'm thinking of taking one of my laptops (I have three), formatting it, installing Linux and then installing a virtual machine on top of that (a non-persistent one, so no data is saved between usages), and using that machine for literally ALL of my online shopping/banking.
Any other tips? I'm also careful about ATMs - the main ones I use are either the ones in my workplace, or ones that are set into the walls at bank buildings.
Thanks.

 

[Saulkar]

Honestly, you are more secure than I am and I have never been compromised. I would then have to assume that you were compromised in person, ie: Someone discretely took a picture of your debit card in person and tried to work from there. That is all I can think of.

 

[RikuoAmero]

Honestly, you are more secure than I am and I have never been compromised. I would then have to assume that you were compromised in person, ie: Someone discretely took a picture of your debit card in person and tried to work from there. That is all I can think of.

Yeah, I'm mystified too. I suppose a POS machine (no, not THAT POS! A point of sale machine, i.e. what I use my card at at a checkout) could have been compromised, I remember Target's checkouts were compromised a year or two ago.
This is the second time I have been compromised - the first was several years ago, where someone bought some Xbox Live points (back when they used points)...and weirdly enough credited them to my own Xbox account? That was back when I used a single email and password for everything.
I doubt someone could have taken a photo of my card, I keep it close to me at all times, and besides, they would have needed the 3 digit code on the back too. That, and the charge came from a website based out of South Africa. If someone had taken a photo, surely they would have tried using a website based in my country? It was the fact it was a foreign purchase that tripped my bank's alarms.

 

[Saulkar]

If someone had taken a photo, surely they would have tried using a website based in my country? It was the fact it was a foreign purchase that tripped my bank's alarms.

There are actually chat rooms where people sell credit card and debit card information where they will wire a little bit to a potential buy so that they make sure that the card is legit before buying the code (for much less than what the card is worth but they assume the risk of getting caught so they tend to buy cards from different countries. Whether that makes any difference or not I am not sure) and there are people working behind tills with good slight of hand (that is even difficult to make on security footage from chest level nearby) that can quickly swipe a card to record its information to a hand-held scanner which is another possibility.

I remember they did a report about this on W5... or was it Market Place, The Passionate Eye? Anyways, they had a mock operation where someone was to go to a select number of stores in order to have their credit card information stolen and it was their job to keep their eyes open for the exact moment it happens. This is a guy who tries to catch these people for a living and even he did not catch when they both took pictures of both side of his credit card and another swiped his card through a scanning device (the business that this happened in knew what was happening and allowed it). They then took that information and went on one of the aforementioned chatrooms and in moments someone from Germany bought it and started making small purchases at random grocery stores before they canceled it.

So many ways for the information to be compromised and so many ways for it to end up in other people's hands.

 

[gorfias]

I maintain a fun account card: totally divorced from my main accounts. I cannot transfer monies from my main accounts to the fun one. I have an allowance to keep me in check. Whatever isn't spent at the end of several weeks goes into the fun account. Never been above $800. When I want to buy something from a risky site, this is the card I use.

 

[RikuoAmero]

I maintain a fun account card: totally divorced from my main accounts. I cannot transfer monies from my main accounts to the fun one. I have an allowance to keep me in check. Whatever isn't spent at the end of several weeks goes into the fun account. Never been above $800. When I want to buy something from a risky site, this is the card I use.

I should do that again. I do have a Swirl Mastercard, one that can only be topped up by going into a store and paying to use it. I did use it at first for all my online purchases, but eventually the cost of topping up got to me. That, and I thought I was safe with my merchants - I only ever use Dominos, Amazon and Paypal.

Thanks for the info too Saulkar, didn't know that was a thing that happened. I guess I'll keep my hands on my card at all times, and not actually hand it over. Just wondering - with the introduction of contactless payment, how easy is it to steal card information that way? At the moment, the limit is ?30 per transaction up to three times, then I need to use my PIN. Can someone potentially steal my card number through contactless, or is the worst that can happen is that someone charges me ?90?

 

[gorfias]

I should do that again. I do have a Swirl Mastercard, one that can only be topped up by going into a store and paying to use it. I did use it at first for all my online purchases, but eventually the cost of topping up got to me. That, and I thought I was safe with my merchants - I only ever use Dominos, Amazon and Paypal.

Thanks for the info too Saulkar, didn't know that was a thing that happened. I guess I'll keep my hands on my card at all times, and not actually hand it over. Just wondering - with the introduction of contactless payment, how easy is it to steal card information that way? At the moment, the limit is ?30 per transaction up to three times, then I need to use my PIN. Can someone potentially steal my card number through contactless, or is the worst that can happen is that someone charges me ?90?

Often the issuing card company will reimburse you for disputed charges. Depends how they roll.

The thing is, every time I buy concert tickets from a re-seller, or a go to one of those IGN deals linking me to a site I've never heard of before, there is the possibility you are going to undergo this kind of thing. Heck, I use my fun account on Steam.

And thanks to ever advancing application technology, you don't even have to be a skilled hacker to attack someone's credit or identity. Heck, are you reading all the Wikileaks stuff going? Emails stolen from people working in/for the US Federal Government?

Do you live in a crowded area? Check out available wifi. It is getting easier and easier to hack someone else's wireless network, sniff traffic and get all sorts of information that can lead to theft.

It is dangerous out there. Be careful.

 

[diana silvestor]

I think in future we can avoid those security risks and makes the shopping more fun, recently I heard that some of the most prominent online shopping sites will introduce augmented reality and 360 videos
to make shopping more interactive and fun along with security. [http://http://www.merchact.com/the-future-of-online-shopping/]

 

[diana silvestor]

[https://www.aspirefcu.org/blog/security/10-tips-secure-holiday-season/]


My cousin referred me this blog when we discussed the online shopping frauds from Nigeria.This one is an easy tutorial which will help us to stay safe. And as always human stupidity has no limit. I am always cautious as per the guidelines in this site https://www.aspirefcu.org/blog/important-announcements/database-of-credit-card-contracts/