I predict that at the next DEF-CON in August 2015, the vulnerabilities in ApplePay will be fully exposed

_________________
U.S. Army Retired

If you don't think that we're all paying for the cost of this fraud in the CC fees that are passed to us through the retailers then you're sadly mistaken.

_________________
Share your ideas freely at https://www.facebook.com/groups/libertydiesels/

So you want ID to compensate us and charge us extra for the parts like Home Depot? You cant have your cake and eat it.

BTW, I never carry a balance on my credit card, so I guess I am not paying for fraudulent charges considering I am not paying intrest.

_________________
2006 LTD Bright Silver loaded with all the needed mods, CCV intact.
Proudly supporting CRD vendors, and their development of quality parts and accessories.
Equipped with HDS thermostat, plenty of heat, faster warm-ups, increased fuel mileage.

I'm the same way. The cc companies actually pay me with rewards or cash back. I guess they are still ahead from back in my college years. They gave cards out like candy and I took the bait every time. Learned my lesson.

_________________
05 CRD
97 Toyota FZJ80 12v Cummins/NV4500-build thread
96 Lexus LX 450
96 Ford F350 4x4

Well good for you, sounds like you've got this sussed. Free credit, convenience, zero risk. Doesn't get any better than that, does it?

Of course, ignorance is bliss. Any retailer that accepts CCs pays exorbitant processing fees, as a percentage of the transaction, to the CC provider. Every retailer passes these fees onto the consumer in their markup, and yes, this also includes ID.

Even if you don't carry a balance and even if you get rewards from your card you're still paying these fees through the retail markup. Smart consumers will take these steps to minimize the cost but you're pretty naive if you don't realize every one of us is paying indirectly to cover the cost of this fraud.

I'm surprised at the number of people have been fooled and clearly don't understand how the CC system works. The banks don't give free credit and the certainly don't pay us to use their card .

And yes, if a business makes my personal/CC information available to all and sundry due to a lack of security I do expect them to be penalized. This responsibility should extend to any third parties that are providing e-commerce solutions.

_________________
Share your ideas freely at https://www.facebook.com/groups/libertydiesels/

As I do in general agree with those statements (we have in fact Gramm–Leach–Bliley Act that stipulates non disclosure and obligation for all businesses (banks, stores, etc) to protect customer non public information such as ssn, accounts, addresses, etc), the fees that are paid to cc companies are not that "exorbitant", I think they are 3% +/- something, depending on the merchant. Since the security and convenience comes at a price, every feature would justify a fee. And that's one of the reasons banks are all in bed with apple about apple pay, it will save them money and also pass part of the responsibility to somebody else (apple).

Regarding credit card rewards, I have few that have annual fees but give you miles and hotel points (I used to travel quite a lot and those annual fees would justify hands down), but the way this usually goes is by having a "partnership" between bank and hotel/airline company, with mutual benefits for both sides. Plus, both hotels and airlines have all those rewards included in the price - duh, obviously right? I still enjoy my marriott black visa signature since I get a free night a year regardless (which is more than the annual fee) plus getting points that translate to free nights. Same for airline company visas, you get miles. When you travel a lot it's a no brainer to open those. Who paid for those "perks"? The business you use the cards for (aka client since this is billable), and the "regular" people (don't want to sound elitist at all, just couldn't find a better word) that have no perks and pay for the ones with perks, lol. So at the end, somebody obviously has to pick up the tab for all those extra "goodies" and that's all great when that somebody isn't you.

_________________
2005 kj CRD, samco, suncoast tc, provent, Kennedy lift pump, GDE ECO full torque, 2nd gen filter head, 245/70/16 a/t tires, mopar light bar, fumoto oil valve, OEM Skid Plates, ARB Front bumper and HD OME, tru cool LPD47391 40k GVW tranny cooler (stock cooler delete), FF Dynamics e-fan and shroud, rocker arms replaced, HDS2 190F thermostat.

Considering I take credit cards, but hardly ever in my business, I know all about the fees, the fees have been about the same for almost ever. So why are the fees not going up? What makes you think the credit card company eats the fraudulent charge, they get the money back. Every time I dispute a charge, the charge is reversed and the vendor does not get nothing.

_________________
2006 LTD Bright Silver loaded with all the needed mods, CCV intact.
Proudly supporting CRD vendors, and their development of quality parts and accessories.
Equipped with HDS thermostat, plenty of heat, faster warm-ups, increased fuel mileage.

The TDI club is having the same discussion as we are about this, and here is what I wrote up over there:

The likelihood is that the breach happened at whoever does the backend processing for IDparts, NOT at their level itself.

I've lost 4 different cards just this year, and one of the replacements has already been breached yet again. The rest of my family also has lost an additional 5 cards, so don't feel like this is all about you or IDparts or Home Depot or anyone else.

The credit card system in the USA is a joke. We all know this, but which is easier to knock over: A bank vault surrounded by armed guards, or a baby with a $5 bill that you want?

The vendors are just as much victims in this, and I have NO PROBLEM continuing to patronize IDparts or any other vendor that has been hacked. Computer security is everyone's business, but the hackers are state-sponsored from fun places like Russia or North Korea, so they have unlimited resources to break our systems. We are pawns in this mess.

Someone helped themselves to my TD Bank card a few months ago, and used about $450 of my money to buy themselves a nice new phone at AT&T. I didn't find out immediately because I was on a job, but the text message about a low balance got my attention about a week later, and I was able to stomp out the problem right then, got a fresh card the next day at the local branch.

If it takes you 6 months to notice a fraudulent transaction on your accounts... That isn't the fault of the vendor, now is it?

The ID theft angle is less possible from IDparts. They don't have enough of your information to actually be capable of opening cards / credit lines in your name. Have you ever returned anything you bought to a retailer like Home Depot or Target or Victoria's Secret or Best Buy?

The common thread with all those vendors is "The Retail Experience" a third party company that requires any returns to be accompanied by a DRIVERS LICENSE scan! They then "helpfully" share the full contents of their database with ALL OTHER companies that are part of their 'loss prevention' scheme. So if you return a hammer to Home Depot... They have just told Victoria's Secret about that.

So.... Hack THAT database, or any of the partner company databases, and you get the whole ball of wax about each customer, more than enough information to create false credit lines.

Still not IDpart's fault.

_________________
Proud supporting vendor of LOST Jeeps
TRAVELING CRD TECH. I come to you!
Need help? Just ask! I've taken it apart more than most.
Email jeep [at] maincomputer [dot] com - BOARD MESSAGING IS BROKEN
Over 225 CRDs currently driving with my valves, timing belt, rockers, or ARP Studs.
Bad noises = REALLY bad things.

Point is, that the data needed to hack a credit card is very little, and can be obtained from MANY potential sources. It is quite possible that IDparts' backend processor was hacked months ago, and only just now alerted their own customers (of which IDparts is one) and now IDparts is alerting their customers too.

But when you have ALL your data being retained by the likes of a hidden corporation like TRE... Why blame one particular vendor? The data theft could have happened almost anywhere and gotten access to the same data.

X2 my point as well, not the fault of ID Parts in any way. Nor do they need to compensate me because of it.

_________________
2006 LTD Bright Silver loaded with all the needed mods, CCV intact.
Proudly supporting CRD vendors, and their development of quality parts and accessories.
Equipped with HDS thermostat, plenty of heat, faster warm-ups, increased fuel mileage.

Depends on where the breach happened. If it was in id parts servers or originated there, they take the blame, if it was on a payment server that belongs to a partner, then it's the parter fault, but associating with a partner that has issues brings problems to idparts also. So they carry more or less the responsibility. And that's the law here in US.

_________________
2005 kj CRD, samco, suncoast tc, provent, Kennedy lift pump, GDE ECO full torque, 2nd gen filter head, 245/70/16 a/t tires, mopar light bar, fumoto oil valve, OEM Skid Plates, ARB Front bumper and HD OME, tru cool LPD47391 40k GVW tranny cooler (stock cooler delete), FF Dynamics e-fan and shroud, rocker arms replaced, HDS2 190F thermostat.

I just got a new card sent to my since mine was about to expire and it has the chip in it. I've noticed that Home Depots card readers all have the slot for chipped cards but I dont think they work yet. I had the hardest time when i was in the Netherlands for work, no one would take my non-chipped card.

I try to use my phone to pay for things via google wallet, but 9 times out of 10 the thing doesnt work. I think a lot of this has to do with the fact that there is some conglomerate of retailers(Best buy, walmart, CVS, etc) that are trying to make their own phone payment system, so they blocked google wallet and apples payment system.

_________________
2006 CRD - GTB2056 turbo by Dieselguy86, Eco Trans Tune, Lift Pump, Week's, HDS Tstat, Racor Filter, ARP's, OME 790's+Top Plate, JBA 2.5", JBA UCA, Moab's+265/75R16, ARB Bull Bar, 4.10's, TrueTracs

As far as I can tell there is no legally mandated deadline to get rid of the magnetic strip cards and replace them with chip & PIN or chip & signature although there are predictions that by the end of 2015 some 70% or so of cards will be chipped.

That said there is an "agreement" that kicks in October 2015 that's applicable at least for Visa and MasterCard regarding who (merchant or bank) is liable for fraudulent transactions. The most important part of that agreement appears to be "if a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable." (Wall St. Journal). This effectively creates a 2 way incentive to get chipped cards and readers out there.

I can only speak for UK (England and Scotland), France, Egypt, and Israel but we never had any problems with face to face credit card transactions so long as I was careful to mention before they ran the card that it had no chip. Apparently the card readers allow for that fact to be noted early in the transaction. We did have issues with the Paris Metro automatic ticket machines not accepting an card without a chip which wasn't much of a surprise but we had no problems with using cards without a chip at ATM machines to get cash.

_________________
Sold to LOST member my 05 Ltd, GDE Stg II turbo + TCM tune, SunCoast TC w. Transgo kit, Steiger window regulators, Samcos, Fumoto valve, 2nd gen filter head with Lub. Spec. bleeder, Hayden clutch & 11 blade fan, inverted spare, P-1 battery, BF Goodrich Long Trail TAs, Etecno1 glow plugs, timing belt at 50K miles/8 yrs

Just placed another order with IDparts last night, with a new card that they didn't already have on file.

I'm not worried about it, if anything happens to this one (or when) it will be as before - I see the problem, call in and go get a new card. The nice thing about some issuers like TD Bank, you can get a fresh card just by walking into a branch and asking for it. They print them on the spot!

Now if only TD offered text messages for every transaction, that would be a big nail in the scammer's coffins.

My Capital One business card sends me an email with each purchase. That is how I nail my scammers early.

Look at TD online, they might have a preference for email or text. Most CC companies do.

_________________
2006 LTD Bright Silver loaded with all the needed mods, CCV intact.
Proudly supporting CRD vendors, and their development of quality parts and accessories.
Equipped with HDS thermostat, plenty of heat, faster warm-ups, increased fuel mileage.

TD does have emailed alerts, but they are only for a single dollar level, not for every card transaction. I've asked them about it repeatedly, and they don't seem interested. Maybe that will change eventually.