lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 20 Apr 2007 16:31:13 -0400
From: "James Matthews" <nytrokiss@...il.com>
To: "Jason Miller" <jammer128@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: OT? - TDBanknorth + merchant's CC auth

True however thats what online shopping is!

On 4/20/07, Jason Miller <jammer128@...il.com> wrote:
>
> old, nothing new.
>
> On 4/20/07, Troy <tcregger@...nedyinfo.com> wrote:
> > Last month I had an interesting experience with sears and tdbanknorth.
> > Here's the story:
> >
> > I purchased appliances at sears... the experience was a nightmare in and
> > of itself as they screwed up the shipping date several times. Sears
> > ended up having to throw in almost USD 200 in accessories and credits
> > just so I wouldn't walk away from the sale, OK... nothing odd so far and
> > I got some free stuff, all good right?
> >
> > Well, somehow, sears mistakenly refunded me ~ USD 120. I later confirmed
> > that this did happen and was a mistake, but I hadn't noticed the credit
> > to my account at the time since there was heavy activity on the account
> > that month.
> >
> > A full 5 weeks later, I'm checking my balance and paying some bills when
> > I notice that there's this charge for USD 120 (and change) from sears!
> >
> > What the fuck? I asked myself... I then decided to ask TD and sears the
> > same question. So, I'm on the phone to TD and sears, trying to figure
> > this out.
> >
> > After a bunch of calls and basically getting snubbed by TD I learn that
> > even though I was not present to authorize the transaction, didn't sign
> > anything, and never entered a PIN, sears was still able to charge my
> > account.
> >
> > That didn't sit well with me so I sent a message to TD explaining that
> > the transaction was not authorized and that I wanted the funds returned.
> >
> > Here's what TD said...
> >
> > >
> > > "If you were credited with funds in error then Sears has the right to
> debit the account to make a correction."
> >
> >
> > And "if you dispute the charge, talk to sears" e.g. "the hand"
> > apparently...
> >
> > So... basically as I understand this, if you're a merchant, or otherwise
> > have access to transaction records CC#'s, names, etc., then there's
> > literally nothing stopping you from charging someones card for whatever
> > and whenever you want?
> >
> > Or am I reading this situation incorrectly?
> >
> > If that's true, then what's the deterrent? repercussions from the bank?
> > honor? how much do you trust the guy behind the counter?
> >
> > Apparently if you're banking with TD nobody there is going to lift a
> > finger and it's between you and the merchant...
> >
> > ...or evil anonymous hacker who happened to score access to a CC
> > authorization account and some card numbers.
> >
> > I closed my TD account, but I find this rather disturbing all the same.
> > I also don't expect much better from other banks or CC companies, and as
> > always the burden of security lies mostly with the individual. In this
> > case it was an honest error, sears did credit my account in error, and I
> > would have been happy to return the funds, but being a security minded
> > person I would have hoped that I'd have to authorize the transaction
> > regardless... but no, I didn't even have to be notified.
> >
> > I learned something, so it's a good day...
> >
> > ~.:always use cash:.~
> >
> > --
> > '''
> > 0-0-
> >  ~
> >  `
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com/watches.asp?Brand=39
http://www.wazoozle.com

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ