3 September 2007

Shoppers Beware! Jacket Store in Old Cash Converters, Belconnen

| H1NG0
Join the conversation

My parent’s came down to Canberra two weekends ago to visit me for my birthday, and while they were in Belconnen, my father bought a leather jacket from the jacket store currently located in the old Cash Converters building next to Zeffirelli’s Restaurant. He paid for it using credit. This is the only place he has used his credit card in some time.

A couple of days later, Virgin Credit called and asked my father if he booked several flights on Tiger Airlines, because his card activity looked suspicious. My father knew nothing about it until Virgin called. Virgin have said since Tiger Airlines is a new company, they don’t have very good credit card security at the moment and credit card number theives are booking flights.

My father has the card, but it is now useless as he has cancelled his account. Virgin Credit are currently investigating this further. Let this be a warning to anyone who purchases anything from such “temporary” stores. Don’t pay with Credit!

Join the conversation

All Comments
  • All Comments
  • Website Comments

That’s right.
The certificate is an assurance that the encryption used is legitimate so data should be safe in transit. And that the person at the other end is who they say they are in most cases.

Also, I would like to point out that the majority of fraud from online shopping (outside of eastern europe and russia) is the result of weaknesses at the user’s end and not while in transit or at the shop end. Spyware and trojans all nab people’s details. That and in the past year, VISA and AMEX in the US has announced that employees have sold millions of user’s data to crims. Nice when you can’t even trust the credit company.

The certificates don’t say “yes you can trust these guys with your CC number”. All they say is “You really are talking to who you think you are, or at least someone who’s got access to their private key file.”

VYBerlinaV8 now_with_added grunt11:51 am 04 Sep 07

Bartron, re-read your post, and perhaps you don’t trust VS as much as I first thought.

VYBerlinaV8 now_with_added grunt11:48 am 04 Sep 07

Bartron – good to see you trust Verisign, because that is what we’re really talking about here. Given that financial institutions don’t use an ABN-DSC, but simply a certificate issued through a somewhat arbitrary process deemed acceptable by Verisign (over which we have no real visibility other than their publicly available policy), I’d be careful about just how far you trust such a cert. That said, I agree they are MUCH better than some other providers.

Gee, Virgin Credit badmouthing Tiger Airlines. What a shock.

You can sign your own 128 bit certificates if you want to, it ain’t hard (I do it on development web servers). The problem is most people see the padlock or https and think ‘safe’ without looking at who signed it. Depending on the service that peobably doesn’t matter, e.g. bigpond signing their own certificates for in-house use (webmail and account management perhaps).

Verisign is just a ‘known entity’ in the transaction process….someone that says ‘yes you can trust these guys with your CC number’….mostly becasue you paid them to say that though.

going OT…..Virgin are actualy pretty good with detecting odd purchasing behaviour (although for other reasons I decided to drop them). They twice called me…one was a legit purchase I made via a web site, the other was for DVD hire from some video store in Canada which was promptly refunded.

“Verisign is simply a digital certificate issues by a third party for encryption and digital signatures.”
But it still means that they have paid a substantial amount for the certificate, that they have being verified as a legitimate business and that the certificate is a proper 128 or 256bit cypher vs some of these do-it-yourslf digital certificates such as the one Bigpond uses on some of its servers.

Woody Mann-Caruso4:50 pm 03 Sep 07

(Of course, the AFP could always be sitting there waiting for them now.)

Woody Mann-Caruso4:49 pm 03 Sep 07

aren’t the thieving idiots going to have use their real name to book and claim the tickets

I’m not sure they have to. I book tickets for relatives online all the time with my credit card. They just do the electronic check-in thing – nobody ever looks at their ID. I guess there’d be nothing to stop me booking a flight for Al Kyder, paying for it with WMC’s credit card, then waltzing into the foyer, pressing a few buttons at the kiosk and collecting my boarding pass.

VYBerlinaV8 now_with_added grunt1:44 pm 03 Sep 07

Verisign is simply a digital certificate issues by a third party for encryption and digital signatures. It is irrelevant in terms of how your information is processed once it reaches the destination.

“banks accept the responsibility for frauds of this kind”

Though don’t be lulled into a false sence of security. Only in the US do VISA cards have an actual Zero Liability Warranty from VISA int. In Australia, it is the issuing bank who decides how liable you are. If you actually trawl through the terms and conditions of a credit card , there are all soughts of clauses stating within which time you must tell them, who can have access to your card and how it can take months to actually investigate and clear you. That said, if someone books online or in another country, then it should be quite easy to clear you.

Beyond someone actualy using your card details to make purchase. The other risk is someone using your card details as ID. Mobile phones and internet providers often require ID for orders of new accounts and phones. Vodaphone for example accepts credit card details has a form if proof of identity.

Another thing to be careful of is “verification”.
I purchase a lot of expensive camera equipment from the US. The traders require an image your card and statement if you order from overseas. Haven’t had any problems and the sites use Verified by VISA and Verisign so it seems safe. But if anyone needs a photocopy of your credit card, make sure you trust them.

Yeah, I am not going in there. It looks like a dodgy store from the outside. I know the stuff isn’t going to last 2 weeks.

As I said, its not a problem. Virgin recognised the activity on the card and called my parents who were unaware of it until that point. They won’t be charged. Somehow I doubt anything further will come from it, but I hope it does. Virgin did a fine job of detecting the problem and notifying my parents.

VYBerlinaV8 now_with_added grunt11:51 am 03 Sep 07

It sounds worse than it really is, because banks accept the responsibility for frauds of this kind. You just have to identify it to them and they generally reverse the charge and associated interest, and then chase down the people who did it (or not, at their discretion). A certain amount of fraud is included in their business model.

I’m not sure. Virgin’s Fraud Investigation team are going to follow it up but they weren’t able to give us the details of the bookings.

Identity Theft Mr Evil………

Should be easy to trace though, because aren’t the thieving idiots going to have use their real name to book and claim the tickets?

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.