Nelson

<i>>>> I always understood that 3 digit code to be proof that the party trying to place that transaction had the card in their hand. (If I'm wrong on this I'd appreciate the correction.)</i>

That's the intent no doubt. But when you enter the three digits on a web page for a purchase, then those 3 digits are out in cyberspace for some amount of time, hence subject to hacking.

Mt wife and I have one card that is used <i>only</i> for recurring online transactions. If that card is ever stolen then we know it happened online. Also, if one of our everyday cards is hacked (much more likely), then we don't have to hastily change all our online accounts.

bvlenci

I have certain online merchants I'm willing to trust, and for all other internet transactions, I use a prepaid card.

My Italian credit card has an option to inform me whenever it's used; the notification comes immediately after a purchase or withdrawal, so the card couldn't be used more than once.

My US debit card has a rather low daily limit, which I can override if I want to make a larger purchase with it.

These are the kinds of things you need to do to avoid losses.

Jean

Many U.S. cards offer alerts when the card is used.

Debit/ATM cards can be risky for U.S. account holders. (I don't know about other countries.) If the loss/theft of a debit or ATM card isn't reported within 2 business days (or the fraud isn't discovered until the statement comes), the account holder is liable for up to $500. If a credit card account is compromised, the account holder is potentially on the hook for only the first $50, and the rest is on the credit card company. If the credit card loss/theft is reported before it's used fraudulently, the account holder has zero liability.

http://www.consumer.ftc.gov/articles...nd-debit-cards

Holly_uncasdewar

My cc was declined today when I went to buy gas. Got home and called the cc company. Someone's been trying to use it for purchases in Florida and in China. They took the charges off and cancelled the card.

Earlier in January I made reservations for 4 hotels in Italy, 2 by fax, 2 using the hotels' online booking system. I'll never know where the hack happened. Now I suppose I'll have to contact all 4 hotels with a different cc number, lest they cancel my reservations. What a PITA.

xyz123

Did you shop at Target between Thanksgiving and 15 December? If so, that might answer how your number got compromised.

Holly_uncasdewar

No, I haven't been inside Target since last summer. And only use this card 2-3 times per month, all online at vendors I've been using for several years. Haven't used it in person in years.

nyse

>>>"Mt wife and I have one card that is used only for recurring online transactions. If that card is ever stolen then we know it happened online. Also, if one of our everyday cards is hacked (much more likely), then we don't have to hastily change all our online accounts.">>>

Nelson, I do exactly the same thing. My "online use" card doesn't have the greatest incentive program so I don't mind limiting its use.

Holly_uncasdewar

Correction: haven't used it in person in years, with the exception of the gas station every 6 weeks (and I jiggle the card slot and cover the keypad first). This is the first time I've used hotels' online booking systems. Don't know if that's how it happened, but I will be going back to emailing and then faxing when I'm ready to reserve.

Indykris

I recently had my credit card number stolen and fraudulent charges after using booking.com.

elizacat

I had the same problem last year after booking some hotels in Italy on the hotel's websites. All were supposed to be secure and encrypted. Two months later we had a fraudulent charge for an airline ticket. I had only used this card for several months for these bookings and to purchase the air tix on a major airline's site. The charge was reversed but 2 days before we left one of the hotels e-mailed us to say they had tried to run the card for approval and it was no good. We had thought to give them the new card when we got there but now had to call all of them with the new number so our reservations would not be cancelled. Yes, a pain.

I have never had this happen with faxing the card number but when I tried with the first res, the fax would not go thru because of "poor line quality". So I did them online

Interestingly, because a couple hotel sites did not show https, i e-mailed the info and because of the timing of the fraud I knew the culprit was not them.

I no longer will book online. I either fax the CC info(if a fax works) or will call with the number or email it if I have to.

The whole thing is a gigantic mess and if this happens right before you leave and your card is deactivated, it' s really a problem.

I think the guidebooks are a bit too blithe in advising use of direct booking with the hotel websites. They are not as safe as purported.

annhig

indychris - could you give us a bit more detail please?

how were you able to identify booking.com as the culprit?

xyz123

In the interests of being re-assuring to everybody and fully aware what a pain this might be, all I can say is be thankful it is only credit card fraud and not identity theft. Unfortunately, credit card fraud is a result of wanting and using 21st century convenience. Or, as the famous bank robber Willie Sutton once said in 1953 when asked why he robbed banks, he thought for a second and said, "Because that is where money is." Today's credit cards are where the money is and credit card fraud is a part of our lives.

But, at least for USA credit cards and I am sure most others, credit card fraud can be dealt with. Consumers have for the most part zero liability for fraud. Call the bank, tell them which charges are not yours and they are instantly removed and a new card issued, sometimes by overnighting it to you wherever you are. The banks want you to have the cards. To the banks, credit card fraud is a very small part of doing business. I think the latest figures show banks in the USA lose 13¢ on every $100 of profit they make on credit cards. I would take odds like that every day of the week and twice on Sunday.

I know it can be a bit of a chore to notify merchants of a new number when it happens. But I wouldn't change the way I use my credit cards because of this and neither should anybody else. If it happens, it happens. I see some idiotic advice like don't use your credit cards for small purchases, for example. Nonsense.

Look if this is the first time this has happened to you, you're probably very lucky. Just don't let it ruin your holiday or change your way of living. It's an unfortunate part of life, today, but on a scale of 1 to 10 of bad things that can happen, at worst it's a 2.

nochblad

annhig

fully in agreement.

it is strange to say the least that someone who registered this month slagged booking.com on his/her first posting with what was almost a gratuitous comment

Dukey1

I wasn't aware that a fax machine on the receiving end is automatically secure.

Rostra

<<<Or, as the famous bank robber Willie Sutton once said in 1953 when asked why he robbed banks, he thought for a second and said, "Because that is where money is.">>>

Actually he didn't but it's a cool story as to how that saying was attributed to him.
www.snopes.com/quotes/sutton.asp

xyz123

Let me say this. Last week I got a call from Bank of America security telling me they had reason to believe I had had my credit card number compromised and for my (and their) protection they were sending me a new card with a new account number. I checked out all the various places I had used the card recently. My 3 groceries but then many charges at each a firm called localphone.com in Britain to pay for my US forward to number (they have great races and it's worth $1/month).

Today in reading through this I realize I had made a few hotel booking on bokking.com and given that particular cc number for guarantees. Hm. Are they the culprits? Were they hacked? My evidence suggests it is a possibility although far from being beyond a reasonable doubt!

Jean

By some estimates, 30,000 websites are hacked EVERY DAY, and about 90% of U.S. companies admit to cybersecurity breaches at some point in time. It's naïve to assume that ANY online purchase/reservation is 100% secure, no matter the promises of encryption, security, blah blah blah.

It was reported that booking.com was not affected by the Heartbleed security flaw, but who knows what else is out there that we don't know about yet.

Most hacking occurs from within the U.S., but indictments were handed down yesterday against 5 members of the Chinese Army who've been hacking into American companies for 8 years. And this is just one of at least 20 identified hacking groups in China.

And then there's the Russians....

annhig

going off on a slight tangent, today I received a message from someone purporting to work for the british ministry of justice telling me that my U$ 250,000 dollars compensation for being a victim of a nigerian scam [sic] is going to be paid to someone else who has declared himself as my heir as I have been reported as being dead.

to prevent this, I have to send them proof of my existence.

does anyone fall for this nonsense?

xyz123

Yes...all the time. Otherwise the garbage from these vermin would stop. (Of course, there are many greedy people n the world).

titus2014

I booked hotels on booking.com for Rome, Florence, Venice and Salzburg. Within a day, my credit card was compromised and had an unauthorized charge of over $1000 on Expedia which I never use.

Apparently, when I spoke with a rep from booking.com they said once a hotel is booked on their website, they pass the credit card number to the hotel which you booked. However, after reviewing some comments of the hotels on booking.com, it appears that some of the are illegitimate and use booking.com as a medium to steal credit card info.

So, whether you are using booking.com or other sites, beware and cautious of using your cc.