[alexwhittemore]

Quote:

Originally Posted by Augster

Where the breach occurred is irrelevant nor how many commercial companies may be served by this "third party": GetBMWParts aka Tischer Internet Sales knowingly and deliberately contracted with this company to provide it's online transaction processing and customer information handling, therefore, is just as culpable in the insecurity of our personal information. Simply deflecting blame as being a "third party" problem is typical and pure equine excrement "damage control."

If the information posted from other members regarding the use of older and/or lesser security technology by this "third party" is true, then GetBMWParts aka Tischer Internet Sales is even more culpable because they did not do proper due diligence nor vetting of TradeMotion to ensure it truly can provide the necessary safeguards to protect private and privileged customer information.

Nah, man, that's not how the world works these days. There's no due diligence you can do on a payment processor to prevent this sort of thing.

[snaimpally]

I was in a restaurant and my CC was declined for a $10 lunch so I called and found out that they had detected fraudulent activity. Canceled my card and got a new one. I later got the letter and figured out that my order at getbmwparts was the cause.

I was in Canada in May visiting my folks and noticed that everyone there has the chipped "smartcards" with which you use a password. Much more difficult to hack. So WTF, don't understand why we don't have it in the USA.

The other issue is the glaring lack of security by many e-commerce operators. I hope getbmwparts changes the vendor who manages their site after this incident.

[alexwhittemore]

Quote:

Originally Posted by snaimpally

I was in a restaurant and my CC was declined for a $10 lunch so I called and found out that they had detected fraudulent activity. Canceled my card and got a new one. I later got the letter and figured out that my order at getbmwparts was the cause.

I was in Canada in May visiting my folks and noticed that everyone there has the chipped "smartcards" with which you use a password. Much more difficult to hack. So WTF, don't understand why we don't have it in the USA.

The other issue is the glaring lack of security by many e-commerce operators. I hope getbmwparts changes the vendor who manages their site after this incident.

The USA is supposed to be transitioned to chip-and-pin by September 2015 or something like that. But yes, why haven't we already? It also won't substantially increase security for online purchases, so there's that.

Anyway, unfortunately payment processing is just silly insecure.

Edit: here's a good article on chip and pin in the us vs abroad - http://www.bankrate.com/finance/cred...-coming-1.aspx

Short version, processors don't care about rolling it out in the US since they can't transfer fraud liability to the consumer by doing so (which is legally guaranteed not to happen).

[musc]

I got fraudulent charges from this as well earlier this year. I had to change my credit card number twice within the span of a month.