credit card compromised after purchase of 1PW

harringg

I recommended 1PW to a co-worker. I own a family pack for Mac, 1PW for Windows, and 1PW for iPhone and have been a long time advocate.



He purchased on 4/28/11 and came in this morning and told me his card has been used 3 times this weekend for unauthorized purchases and hasn't used it this past week other than one phone order on 4/26/11 to a company he does routine business with.



I've sent an email to Agile support, but that says they will get back in a few days. Just hoping someone sees this in the event that the server being used for credit card orders is compromised. Also hoping to bump my email request up in the que.





Should he contact Beanstream (the company Agile uses for CC orders) or Agile directly?

[Deleted User]

Hi harringg,



I'm sorry to hear about your co-worker's experience, it's very unlikely that his card details were compromised during his purchase of 1Password since these details are transmitted securely using SSL encryption to our payment processing company, which as you correctly noted is Beanstream.



Since we don't handle the payment processing ourselves, I would advise him to contact Beanstream, but we'll certainly look into the matter for you on our end as well, we should actually be able to reply to you much sooner than a few days (did you get an auto-responder from us at all?).



The reality is though, card compromising can happen very easily these days, even with companies that you do business with regularly it only takes one 'corrupt' employee handling the payments to take the card details for their own uses, which is why I'm never a fan of giving my card details over the phone and prefer to use online payments or PayPal where possible.



You didn't mention if your co-worker was on a Mac or a PC, but if he's using Windows then there is a much higher chance that his system could be compromised with spyware (there's some risk of this on the Mac too, but nowhere near as high) which could have taken his card details after they where typed in (assuming he didn't use 1Password to fill them at this point).



I'm not trying to lay the blame anywhere here, but it's very hard to track where the card details 'leaked' from, but please do advise your co-worker to quickly contact his card provider to stop the card to ensure no further transactions are made, though I'm sure he's done this already.



Hope that helps,



[quote name='harringg' timestamp='1304353985' post='26067']

I recommended 1PW to a co-worker. I own a family pack for Mac, 1PW for Windows, and 1PW for iPhone and have been a long time advocate.



He purchased on 4/28/11 and came in this morning and told me his card has been used 3 times this weekend for unauthorized purchases and hasn't used it this past week other than one phone order on 4/26/11 to a company he does routine business with.



I've sent an email to Agile support, but that says they will get back in a few days. Just hoping someone sees this in the event that the server being used for credit card orders is compromised. Also hoping to bump my email request up in the que.





Should he contact Beanstream (the company Agile uses for CC orders) or Agile directly?

[/quote]

harringg

Thanks for the feedback. I didn't get an autoresponder confirmation (that's why I posted here, wanting to make sure it was seen by someone), but someone from support has contacted me via email and I've passed that information on to my co-worker.



You are right, it could have been anything, it was the timing of it that had them concerned and since I recommended the software, I felt I should make some effort tracking down a point of contact for them.



Appreciate it.

[Deleted User]

You're very welcome, and I have to say your co-worker is lucky to have someone like yourself, recommending 1Password and then trying to track down the card details leak, so on behalf of everyone here, thanks for being awesome <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



Glad to hear one of our team was able to respond via e-mail too, please do let us know what else we can do to help.





[quote name='harringg' timestamp='1304369124' post='26087']

Thanks for the feedback. I didn't get an autoresponder confirmation (that's why I posted here, wanting to make sure it was seen by someone), but someone from support has contacted me via email and I've passed that information on to my co-worker.



You are right, it could have been anything, it was the timing of it that had them concerned and since I recommended the software, I felt I should make some effort tracking down a point of contact for them.



Appreciate it.

[/quote]

brenty

Something to keep in mind is that using a regular credit card or even a debit card that goes through the credit card processing system benefits from the fraud services of the issuing bank as well as the major credit companies -- such as Visa's [url="http://usa.visa.com/personal/security/visa_security_program/zero_liability.html"]Zero Liability[/url] (the others have similar policies and services.)



It can still be a pain to jump through hoops, but in the end knowing that you are not liable for fraudulent charges can offer real peace of mind; and nowadays banks will issue you new cards promptly to ensure that damage is minimal. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />