MonoPrice Hacked, CC Info Compromised?

ashmelev75

[H]ard|Gawd
Joined
Nov 29, 2007
Messages
1,796
Yeah, it's weird how some require it and some don't. It kind of defeats the purpose if the CVV isn't required all the time.

As I remember, the only thing required to process a credit card transaction is a credit card number. All other information is requested by a merchant to evaluate the transaction risk and may affect the cost of transaction.

For example, there are very high bank fees for processing transactions with manually typed CC numbers vs scanned from the physical card.
Same applies to processing transactions without a correct billing address or missing CVV.

After all, it is the merchant who suffers a loss if the transaction is fraudulent.
 

beowulf7

[H]F Junkie
Joined
Jun 30, 2005
Messages
10,433
As I remember, the only thing required to process a credit card transaction is a credit card number. All other information is requested by a merchant to evaluate the transaction risk and may affect the cost of transaction.

For example, there are very high bank fees for processing transactions with manually typed CC numbers vs scanned from the physical card.
Same applies to processing transactions without a correct billing address or missing CVV.

After all, it is the merchant who suffers a loss if the transaction is fraudulent.

Thanks for the clarification. So it's up to the e-tailer/retailer on how much info. they need from the CC. I know at a store, sometimes they require a signature and sometimes they don't. I guess that also impacts their transaction cost? Maybe the CVV on-line is the equivalent of a signature at a B&M store in terms of security against CC fraud?
 

Sprkslfly

Gawd
Joined
Jun 28, 2004
Messages
514
sites/stores etc shouldn't even be legally allowed to STORE this info anymore... use it for the current transaction and purge it. they have no reason to keep the info, and if people are going to complain they need to reenter it tfb

QFT +1
 

Igthorn

Limp Gawd
Joined
Dec 29, 2002
Messages
500
Looks like they confirmed it.

http://www.monoprice.com/home/view_notice.asp
Information Regarding Apparent Theft of Credit Card Information from Monoprice
(Last updated: March 31, 2010 8:20PM PT)

In early March 2010, we received reports from customers that credit card accounts they used to make purchases through our website had later been used to make fraudulent purchases from other vendors. When we received these reports, we took our website offline and promptly examined our computer network to determine if there were any indications that we had been hacked. We hired computer forensic investigators to help us. We identified suspicious files on one of our web-facing servers and asked the investigators to focus on those files. The investigators determined that thieves had penetrated that server. They determined that the thieves had probably intercepted and copied credit card data as we processed transactions.

Working with the investigators, we have preliminarily determined that thieves may have copied approximately 28,500 sets of card information from customers who shopped on the Monoprice website from February 23 through March 5, 2010. The thieves may also have copied about 6,500 additional sets of card data regarding orders customers canceled after they gave us their card information. We provided the card numbers of the potentially affected accounts to our credit card processor, who will provide the card numbers to the credit card associations. We understand the card associations will notify the banks or other financial institutions that issued the cards about the potentially compromised accounts and the financial institutions will determine what actions to take regarding the accounts.

We hired Kroll Fraud Solutions to send letters to each of the potentially affected customers about the apparent theft. Kroll will offer its ID TheftSmart™ fraud prevention services to those customers at our expense. If your credit card information may have been stolen by the thieves, you will receive a letter from Kroll within approximately one week to 10 days.

Before we put our website back online, we rebuilt our website using new hardware and software and strengthened the security measures we use to safeguard the credit card information. We are continuing to work with a security consultant to ensure that we are taking the appropriate steps to safeguard credit card information.

We truly apologize for any inconvenience and concern the apparent theft of credit card information from Monoprice has caused our customers.
 

Trepidati0n

[H]F Junkie
Joined
Oct 26, 2004
Messages
9,231
^^^

This is why monoprice will get my business again.

1) Find fault
2) Apologize
3) Correct the problem
 

beowulf7

[H]F Junkie
Joined
Jun 30, 2005
Messages
10,433
Looks like they confirmed it.

Thanks for the update. I see the note was posted by CEO Jong S. Lee. I hope he does take this as seriously as his message indicates MonoPrice is.

It's also good to know that only those who made CC transactions between Feb. 23 through Mar. 5 are affected as opposed to anyone who has made CC transactions w/ MP.
 

pc1x1

[H]ard|Gawd
Joined
Jan 1, 2008
Messages
1,165
Wish they responded to my emails though, they said they would contact me, but didn't. My credit card was compromised and wasn't fun. At least everything seems fine now, and hopefully I'll get the letter soon, and be able to close this.
 

pc1x1

[H]ard|Gawd
Joined
Jan 1, 2008
Messages
1,165
did anyone pull their credit history to check if any new cards were openned under your name?

No but I did mention to the bank what happened, I believe they only got the credit card numbers, not all of it. At least I hope, waiting for my letter.
 

Smoove910

[H]ard|Gawd
Joined
Dec 22, 2005
Messages
1,324
I found a $345.49 charge to Newegg on my account today. Apparently it was for a JVC Video Recorder. Unfortunately for the 'would-be' recipient Newegg had suspicion and cancelled the order. Also, unfortunate for 'would-be' thief, this is a felony and my local authorities will be contacting the local authorities where the item was to be shipped.

Word of the wise, keep your eyes peeled, or better yet get a new card from your bank.
 

86 5.0L

Supreme [H]ardness
Joined
Nov 13, 2006
Messages
7,071
just placed an order there a few days ago, then again I used paypal, not sure if that changes anything. Monoprice is THE place I got to for cables
 

Tyson95

[H]ard|Gawd
Joined
Jan 4, 2005
Messages
1,470
My card hit as well

Charge to Englishtown.com for 49.00
and several international charges of 13.63 to:
AT BOX OFFICE FZ LLC DXB
 

beowulf7

[H]F Junkie
Joined
Jun 30, 2005
Messages
10,433
Is MonoPrice still having CC issues or are those who used CCs on MP's site when it was vulnerable getting late fraudulent charges?
 

thfx

Limp Gawd
Joined
May 9, 2002
Messages
137
just wanted to add that I got my cc # stolen and used to buy airline tickets. seems that it is resolved at this point. my cc info was not saved on their server but I made a purchase a week before the announcement and was likely stolen at that time.
 

SPARTAN VI

[H]F Junkie
Joined
Jun 12, 2004
Messages
8,344
Think the hackers might have been able to lift email addresses and passwords? When I heard of this I had my credit union issue me a new credit card and placed a credit alert in my credit file. Just recently, my email account was hax0red from an IP address in China. Just found that my email password and my monoprice.com userid/password were identical. Grrrrrrrrrrrreat!
 

Tolyngee

Supreme [H]ardness
Joined
Oct 17, 2005
Messages
4,516
Think the hackers might have been able to lift email addresses and passwords? When I heard of this I had my credit union issue me a new credit card and placed a credit alert in my credit file. Just recently, my email account was hax0red from an IP address in China. Just found that my email password and my monoprice.com userid/password were identical. Grrrrrrrrrrrreat!

But if you were using the same passwords for both, shouldn't you have already been aware of this fact?
 

EvanH

Limp Gawd
Joined
May 6, 2009
Messages
128
My card has undoubtedly been compromised as a result of this hack. Went to my credit union to get the card replaced before I have to deal with chargebacks and all that, and they refused unless I agreed to pay $5. I have to have money stolen from me before they'll do anything. They didn't seem to understand even the basics of credit card theft, or how it works. /sigh
 

burnin8r

[H]ard|Gawd
Joined
Nov 19, 2006
Messages
1,211
don't mean to thread necro but I ordered an hdmi cable and right angle adapter from monoprice on June 9th and a day later my bank was contacted regarding a compromised merchant. In all my years of using paypal I have never had an issue like this.
 

GoldenTiger

Fully [H]
Joined
Dec 2, 2004
Messages
24,036
don't mean to thread necro but I ordered an hdmi cable and right angle adapter from monoprice on June 9th and a day later my bank was contacted regarding a compromised merchant. In all my years of using paypal I have never had an issue like this.

The vendor sees nothing but a payment when you use PayPal. No cc info is given by PayPal. It is wholly unrelated.
Sorry to hear of your issue.
 

beowulf7

[H]F Junkie
Joined
Jun 30, 2005
Messages
10,433
I ordered from MP almost 2 weeks ago. So far, my CC looks good, knock on wood. :cool:
 
Top