Page 1 of 2 12 LastLast
Results 1 to 15 of 25
  1. #1
    2 Star Lounger
    Join Date
    Oct 2009
    Location
    Shoreline, Washington, USA
    Posts
    147
    Thanks
    0
    Thanked 1 Time in 1 Post



    TOP STORY

    iTunes account theft strikes close to home


    By Susan Bradley

    These days, even online security experts can get burned by identity thieves who strike at popular online services.

    A recent attack on an iTunes account dramatically points at the need to regularly change passwords and manage online billing info.

    The full text of this column is posted at WindowsSecrets.com/2010/07/08/01 (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by revia; 2011-01-19 at 15:43.

  2. #2
    New Lounger
    Join Date
    Jul 2010
    Location
    Slippery Rock, PA USA
    Posts
    4
    Thanks
    1
    Thanked 0 Times in 0 Posts
    The solution to this problem is Virtual Credit Card numbers. BankRate.com has a good definition.. I use a CitiBank credit card for this. I can set my credit limit and expiration date and the virtual credit card number can only be used by one merchant. So I figure that I spend $50 at iTunes in the next year so I set my virtual credit card limit to $50 with an expiration date 12 months in the future.

    When the $50 is used up the credit card will be declined. But I have an option to add more funds to the card at any time. And when the 12 months are up I just add another 12 months and upfate my account information on iTunes just like I would if I got a new real credit card with a new expiration date.

    So I have a different virtual credit card number for each merchant.

    Now here's the real beauty of virtual credit cards: I hate automatic renewals of web services and the viirtual credit card solves that. I sign up for a trial newslettter and I don't want the hassle of canceling if I don't want automatic renewal. So the trial is $9.95 so I set my limit to $9.95 and the card is delined when the renewal come up, If I like the newsletter I just raise my credit limit so the renewal charge will go through.

    /RockFox

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Toronto, ON
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    People should remember that one of the way your accounts can be hacked is by using the password reset facility. These usually involve providing answers to either standard questions, or questions of your choosing. The problem is that someone who knows you and your past can probably guess at these answers -- remember that this is how Sarah Palin's yahoo account was accessed.

    The solution I suggest is to give a false answer to a standard question -- but since you provided the false answer, only you will know what that false answer was.

  4. #4
    New Lounger
    Join Date
    Dec 2009
    Location
    Toronto, Canada
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I use credit card "gift cards" for all my online purchases and payments. They're available in denominations of $25, $50, $100, and $200. Similar in application to the virtual credit card approach noted in another post here, they limit my exposure to risk and also serve as a convenient budget constraint for purchases and services. Available from all major card brands, including VISA, MasterCard and AMEX.

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Fayetteville, NC
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    When creating passwords use special characters that are not on the top row (above the numbers). People tend to use the special characters that are not on the top row (above the numbers) more and make solving your password easier if you limit your password to those special characters.
    Make your password more complex by using other special characters.

    Also, as said above, use virtual credit card #s online. Many banks have them now.
    When I am buying online I open a separate window to my bank account and create a virtual # seconds before making a purchase. It is tied to my real credit card and ready for use immediately.
    I then type in the virtual # on the other website and make my purchase.

  6. #6
    New Lounger
    Join Date
    Mar 2010
    Location
    South Texas
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The advice might be a little to specific but iTune cards are a good idea for keeping your exposure to theft controled. You can redeem them from your iPhone and the unspent balance is available from your computer or your phone. You are only risking the amount remaining since your last card was redeemed.

  7. #7
    New Lounger
    Join Date
    Jul 2010
    Location
    Rochester Hills MI USA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Judging by the different blogs this problem is rampant. I also had the misfortune of having my account hacked and even after changing my password and removing my payment method someone still tried to make bogus charges. Like you, Apple has stepped back absolving themselves from any blame suggesting password changes and contacting the credit issuing agency and this through email. Hm maybe it's time to look at other options.

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Kansas, USA
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Credit card fraud struck me when I made a purchase at Geeks.com. 30 minutes after I made my on-line order someone used my card information to order $2,500 worth of computer products at Dell.com. I had used my Discover card and they called me because the purchase was flagged by their fraud software. They cancelled the account and re-issued the card, which was a real hassle for me. I even called Dell to warn them not to ship the order, but they acted like they couldn't care less.

    Discover card, and perhaps some others, offer a one-time use card number for making purchases. I now use this service for on-line orders especially from merchants I have never used before. I used the service for a purchase for the Ez Egg Cracker, and sure enough, they tried to use the card number to enroll me in a purchasing club. I recieved the item, but they couldn't enroll me in their club. By-the-way, the item was a joke present for my Dad's birthday.

    I would recommend the one-time use service for everyone who makes purchases on-line. You can obtain a number at their web site if you have an account, or call for it if you are really paranoid.

    William Bailey

  9. #9
    New Lounger
    Join Date
    Jul 2010
    Location
    Sarasota, FL
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I agree the way to go is Virtual credit card numbers. (After I wrote this, I saw somebody already mentioned it below.) I use Virtual Credit Card Numbers to help prevent fraud on the web. Most Credit Card companies offer that option. Basically a new new credit card number is generated with an expiration date that can be used one time (Or the virtual number can be used multiple times by the exact same company for recurring charges.) You can set the credit limit and expiration date also. I usually use a very low limit for small purchases and add several dollars over the purchase price to cover either taxes or shipping & handling, etc. Anything more than that amount you set, just won't work fortunately. You can later go back and raise the limit for future purchases if you so desire or simply just create a new number. Once the virtual card number is used by a company, it can't be used by anybody else. That way if there is a problem, you can simply cancel that virtual credit card number and not effect you main credit card number for other purchases. I use many virtual credit card numbers for different companies during the same time period.

    Hope that helps!
    MG

  10. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    South Portland, Maine, USA
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Whenever possible I use Discover Card Secure Online Account Numbers. You can generate a new number for each online vendor. If anyone except that vendor submits a charge against that number it will be rejected. http://www.discovercard.com/customer...eate-soan.html

  11. #11
    New Lounger
    Join Date
    Jul 2010
    Location
    New York, NY
    Posts
    17
    Thanks
    1
    Thanked 3 Times in 2 Posts
    Apple has no way of knowing who's using who's account and password, with or without permission, so like all merchants they leave it to the customer to take precautions. If you have an easily-guessed password (or, more likely, an easliy-answered personal-identification question), it's your own carelessness that's the problem.

    That said, I think Apple is in a position to do a bit more than most retailers, because all of their "goods" are delivered electronically. Surely they have the ability to give you the option of limiting downloads to one or two approved IP addresses, and/or emailing you for confirmation if a new IP address is used; and perhaps they could even blacklist the IP addresses of thieves. I've always thought that they had the ability to cut off delivery of services to stolen iPods, iPads, and iPhones as well. If these devices had little or no value to thieves, I think that would be a huge selling point -- and I find it strange that Apple, which is so consumer-centric in other respects, doesn't see it.

  12. #12
    New Lounger
    Join Date
    Dec 2009
    Location
    Meridian,MS,USA
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I also use Citibank virtual credit card numbers for every purchase online. I set it for the exact amount of the purchase including shipping and use a different number for every purchase I make.

  13. #13
    New Lounger
    Join Date
    Jul 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Great column! Forwarded to all my users.

  14. #14
    New Lounger
    Join Date
    Jul 2010
    Location
    Oakland, CA, USA
    Posts
    6
    Thanks
    2
    Thanked 0 Times in 0 Posts
    I cast another vote for virtual credit cards. Band of America calls it ShopSafe. You can have multiple numbers for different vendors, and you can raise and lower each number's credit limit at will. Frequently I won't know before I place an order exactly how much I'll be charged for tax and shipping, so I pad the limit a bit. Once the charge goes through, I can reduce the limit to virtually nothing until I'm about to place another order with that vendor. I do that regularly with iTunes, and my bank seems unfazed by my doing it.

    Careful, though, if you have more than one account with the same issuer, and make sure you know which virtual card is linked to which account.

    All in all, it's a great idea that hardly anyone I mention it to has been aware of.

  15. #15
    New Lounger
    Join Date
    May 2010
    Location
    Nashville, TN, USA
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    One thing I've noticed about iTunes through my travels on the Apple discussion site is that a lot of its users have the mistaken impression that they are required to have a card on file. You only need one to sign up because it's how they verify your legal country of residence. Once it's set up you can remove it. Some of them also think that they can't get the free downloads without one. That's not true either. There are a lot of people with CC info on there that don't even need it. There were people on that board that got hacked who have never previously made a purchase on iTunes.

    I've also noticed two different kinds of attacks. The one getting the most recent attention is primarily account hacks. Many of these are tied to the fraudulent promotion of a particular app developer. The others are stolen CC info from other places. They get lumped together because iTunes is a common target for spending these stolen funds and also for testing if a card number is valid.

    I don't have info stored on iTunes. I have info on a couple of other sites, but it's generally the branded card for that particular company, and they are deliberately low-limit cards with no overdraft enabled. I'm not responsible for fraudulent charges, and if it happens it only ties up that one account while it's getting sorted out. None of my current cards have virtual cards available but this system works for me. If I need a purchase on iTunes I eiither put my info in for that transaction then remove it, or buy an iTunes gift card. I usually buy my music from other sources anyway.

    Christa

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •