all i can say i was a victim of fraud through apple iTunes. someone stole my acct info and downloaded nearly $500 worth of apps/music. i contacted apple and surprisingly they NO CUSTOMER SERVICE for itunes related fraud activities. i spoke to some guy who was handling laptop issues. he was very polite and helpful but unfortunately i was told apple does not credit or give your money back due to fraudulent activities. I'm like WTF?!?!?! my bank did their own investigation and credited my account. no thanks to apple.
unless apple does something to make iTunes more secure i am not buying another single thing off that app.
i highly recommend anyone who has their CC info stored on that app to delete it or use gift certificates. iTunes is NOT a secure downloading app by any means.
If you can prove your account info was leaked due to Apple's servers being hacked then Apple will be liable for the money you lose, otherwise it always lies with your bank. That isn't Apple, it's the way fraud claims are handled.
Maybe I missed it but I didn't see in the article if they know how accounts are getting stolen. If I had to guess the info was stolen through fraudulent websites and locally installed spyware. Apple shouldn't be liable for someone giving their info away via user error.
There certainly seems to be a lot of suspicious apps at the moment, like "visual tips" for $119.99 or "Mos Super Killer" for $114.99. Neither of which seem to do anything. The (c) credit suggests a Chinese author. The developer is listed as "ZZZ" and the Developer Website and Support links go to Google.com.
Where is the app approval process when you need it?
My guess would be that the people approving apps have been trained in recognizing violations of the developer guidelines but not so well trained in internet security. These people need to have some training in spotting internet fraud before they are turned loose passing Apps.
Most of them are pure evil in terms of their fees and what not!
But when this happened, I did have a concern that my credit card was not hacked per se, but it was the iTunes account, since that is where all the charges stemmed from. And I had read some stories online with other banks and credit cards, where they had trouble getting money refunded, since the fraud occurred on Apple's end. Well, long story short, I am glad my cc was good to give my money back.
That said, Apple should fix their system. Like give option of paypal like thing - enter your phone number to receive a text message for entering code for any purchase. I feel much safer with that.
Or any of such measures - limiting the max purchase amount (set this with some secret code to be inserted first for changing it)
Not a bad idea, or require that each machine you make purchases from be activated with iTunes Store. They already require this before you play content so shouldn't be a stretch to require it before you buy content. This way you would get an activation request via e-mail and would need to verify a separate PIN to activate.
That would cut down a lot of fraud since even if they were to somehow get access to your e-mail account they would have to also know your PIN and hopefully you would notice the e-mail and think enough of it to call Apple to disable it. Chances of them obtaining your PIN would be very low since you usually only enter it once at activation. Keyloggers can get e-mail passwords at any time because you enter the username and password quite frequently.
Only way to prevent fraud 100% is to make sure you know the risks and how to avoid them. If you are going to play on the world wide web you better know the risk and how to avoid pitfalls.
This is not true. You can open an iTunes account with an Apple Gift Card only, no CC at all. The process is not widely advertised, and in fact there was confusion among the Apple store when I asked before buying the gift card. But it IS possible. The worst thing that could happen to me is the loss of $15, which is the most I've ever had in that account.
I suspect (and hope) more people will consider this non-CC option after this round of fraud. I wish more people took this stuff seriously, and stopped depending on the CC companies to deal with stuff after the fact. If you think the big greedy banks just eat up those costs you're living in a fantasy land. Fraud costs are passed onto the consumers, through higher account fees, lower interest rates, higher merchant fees (which are passed along to us consumers),etc.
Using CCs and debit cards for every whimsical purchase may be convenient, but each and every time you use these cards adds one more vector for someone to steal your money, your personal information, and in the worst cases, your identity. Before you pull out the tinfoil hat comments, according to the FTC, 8.3 million people were victims of identity theft in 2005 in the U.S. alone. 8.3 million!
We're not talking about real "identity theft" here. We're talking about someone getting your password and e-mail address. That's bad, but I can't see how it's Apple's fault.
As for credit cards: You're fighting a losing battle. Consumers demand convenience. Personally, I find cash annoying. Places that only take cash infuriate me, especially when they refuse credit, but own the ATM machine in the corner, which itself charges me outrageous fees (this actually happened at a bar in town last year). I also find that I am more prone to spend cash when I have it. By using my debit card, I tend to buy only what I need or definitely want. Also, I frankly would be more concerned about losing $250 in cash (or being robbed in the street) than I would about ID theft. Sign up for LifeLock or what not. The 21st Century wishes to welcome you.
My guess would be that the people approving apps have been trained in recognizing violations of the developer guidelines but not so well trained in internet security. These people need to have some training in spotting internet fraud before they are turned loose passing Apps.
True. But surely the inclusion of a valid company name and URL are requirements of the developer agreement / approval process?
No, those options are "extra" secure. iTunes is secure just based on the amount of fraud compared to how many transactions have happened in total. It's the result that makes it "secure."
Think about the number of things that you access with just a name and password. Most of your online shopping is like this. I access my bank with just a username and password. It's the defacto standard.
And do you really want to have to verify an image and/or use a freaking USB key to download some music? It's totally inconvenient. It's annoying enough that I have to reenter my password just to update my apps on my phone.
You're wrong. It's going to take a few years to notice you're wrong though.
Financial institutions will start enforcing "extra" (as you call them) security measures in a few years. Most offer them as an option now.
Apple will be the same eventually. I'd be surprised if they don't start to offer optional security measures in the next year or two.
I'm sure they don't want to because it's going to cost them, but eventually user pressure and Visa/Mastercard will force them to.
It's not really that inconvenient. Some very convenient ideas...
Selecting a custom logon image or phrase out of a list (this would prevent a lot of phishing scams).
Locking an account to specific devices/computers with an "extra" security measure each time you want to add a device.
Locking purchases from an account to a specific country with an "extra" security measure each time you want to add a country.
Limiting purchases to a specific amount each day/week with an "extra" security measure each time you want to purchase above or change the limit.
You're wrong. It's going to take a few years to notice you're wrong though.
Financial institutions will start enforcing "extra" (as you call them) security measures in a few years. Most offer them as an option now.
Apple will be the same eventually. I'd be surprised if they don't start to offer optional security measures in the next year or two.
I'm sure they don't want to because it's going to cost them, but eventually user pressure and Visa/Mastercard will force them to.
It's not really that inconvenient. Some very convenient ideas...
Selecting a custom logon image or phrase out of a list (this would prevent a lot of phishing scams).
Locking an account to specific devices/computers with an "extra" security measure each time you want to add a device.
Locking purchases from an account to a specific country with an "extra" security measure each time you want to add a country.
Limiting purchases to a specific amount each day/week with an "extra" security measure each time you want to purchase above or change the limit.
Wait..you mean security will improve over the years? Surely not!
iTunes has 150 million customers. 400 people had their accounts accessed. Do the math. The system is fine. They will also add a few measures to improve security. No one said it couldn't be better.
Dear frind, do you have met some probem about ripping some files to any portable device? Yes, maybe you are thinking how to settle the ptoblelm well, here I can recommend you a site , I do hope it can help you ,good luck to you!
Using CCs and debit cards for every whimsical purchase may be convenient, but each and every time you use these cards adds one more vector for someone to steal your money, your personal information, and in the worst cases, your identity. Before you pull out the tinfoil hat comments, according to the FTC, 8.3 million people were victims of identity theft in 2005 in the U.S. alone. 8.3 million!
Quote:
Originally Posted by solipsism
But convenience almost always wins so I don?t think your ideas will make a dent here. I suppose the best you can hope for is a knowledgeable consumer.
Sadly, you're right. It's a really sad statement that people value a little convenience over everything else - safety, privacy, but it's certainly the trend. My hope is that by throwing out tidbits of education people will at least consider other options when it doesn't pose a significant inconvenience. I don't expect many people to move back to an almost fully cash based lifestyle, as I have, but most of the time cash is really easy. Look how many people whip out their debit card just to pay for a frickin' cup of coffee!
Slowly but surely, people (especially here in the US) are like frogs in a pan. They don't see what's happening to them, and won't until it's too late. They are slowly but surely giving up their freedoms and privacy day by day without a care -- only for the sake of a little convenience! The world is far more Orwellian than people think, but because it's not technically "the government", they don't care. Between Google's absolutely incredible knowledge base of individuals, Facebook's deep knowledge of social graphs, and credit/debit purchases being used to track everything from people's physical location to their purchase habits, we're basically there. Heck, now that various states are tracking virtually all private vehicle movement, maybe we are there.
Quote:
Originally Posted by solipsism
Having a separate card for internet, international or other questionable purchases. I try not to use my Debit Card for this reason.
There is an up side to using a CC. Built in protection from theft, which may be difficult with money orders or gift cards, and reward programs (as mentioned above) but you have to be fiscally responsible because that little carrot is attached to a very big stick.
Yup, haven't even touched on that part yet. The banks are finally being reined in a bit, but thanks in part to the disaster they've helped to bring to our economy, we've seen hard evidence that (what people have speculated for a long time) they actively prey on poor and uneducated folks who either cannot control their CC use or don't understand the ramifications until it's too late. I don't see the situation getting drastically better any time soon, but I can hold out hope that people don't totally lose sight of what's happening/happened.
We're not talking about real "identity theft" here. We're talking about someone getting your password and e-mail address. That's bad, but I can't see how it's Apple's fault.
Totally agree. My point was that by attaching an account to a gift card, rather than a credit card, there is a low and hard limit on the damage that can be done and you can just create another account. Sure, you can call the CC issuer and deal with it, but it's not only a pain in the ass, it enables crooks to steal vast amounts of money. The fact that you aren't the one that pays for it in the short run doesn't mean the damage didn't happen.
Quote:
Originally Posted by SDW2001
As for credit cards: You're fighting a losing battle. Consumers demand convenience. Personally, I find cash annoying.
I find that attitude annoying. Convenience, convenience, convenience, how childish. But you've read above, so I don't need to say any more here.
Quote:
Originally Posted by SDW2001
I also find that I am more prone to spend cash when I have it. By using my debit card, I tend to buy only what I need or definitely want.
I've heard this excuse before, and I don't buy it for a NY minute. If you use cash you're limited to what you have on your person, and you're not likely to spring for unneeded/unplanned items on a spur-of-the-moment purchase, but that happens all the time when you use cards. If you use cash and are considering a non-trivial purchase (but not large enough to "require" plastic), it takes a little extra effort to either plan in advance or swing by a cash machine, so there's an automatic throttle.
I DARE you to try it. I was actually able to convince a friend to (mostly) try it, and they were surprised that they actually spent LESS when moving back to (mostly) cash. Ultimately they didn't stick with it even after realizing this, which is so sad it's not even funny. But I think it was mostly because they actually found themselves uncomfortable being in a position of not being able to willy-nilly buy stuff they didn't need. Which proved my point, but they didn't like it.
Quote:
Originally Posted by SDW2001
Also, I frankly would be more concerned about losing $250 in cash (or being robbed in the street) than I would about ID theft.
Your most valid point. I guess I can be happy that most people don't carry cash, as it makes strong arm robbery less of an issue than it otherwise could be.
But honestly, while YMMV, I don't hang out in bad neighborhoods or put myself in risky situations. The odds of my being robbed are far less than the 8.3 million out of maybe 200 million CC users in this country. That's 4 percent chance of ID theft per year. Do you really think the odds of your being mugged are greater than 4% in any given year? Besides, whether or not you carry cash is not likely to actually create the occurrence unless you're flashing it around. It merely dictates how much $ you would lose in such an event.
Comments
all i can say i was a victim of fraud through apple iTunes. someone stole my acct info and downloaded nearly $500 worth of apps/music. i contacted apple and surprisingly they NO CUSTOMER SERVICE for itunes related fraud activities. i spoke to some guy who was handling laptop issues. he was very polite and helpful but unfortunately i was told apple does not credit or give your money back due to fraudulent activities. I'm like WTF?!?!?! my bank did their own investigation and credited my account. no thanks to apple.
unless apple does something to make iTunes more secure i am not buying another single thing off that app.
i highly recommend anyone who has their CC info stored on that app to delete it or use gift certificates. iTunes is NOT a secure downloading app by any means.
If you can prove your account info was leaked due to Apple's servers being hacked then Apple will be liable for the money you lose, otherwise it always lies with your bank. That isn't Apple, it's the way fraud claims are handled.
Maybe I missed it but I didn't see in the article if they know how accounts are getting stolen. If I had to guess the info was stolen through fraudulent websites and locally installed spyware. Apple shouldn't be liable for someone giving their info away via user error.
There certainly seems to be a lot of suspicious apps at the moment, like "visual tips" for $119.99 or "Mos Super Killer" for $114.99. Neither of which seem to do anything. The (c) credit suggests a Chinese author. The developer is listed as "ZZZ" and the Developer Website and Support links go to Google.com.
http://itunes.apple.com/au/app/mos-k...375499504?mt=8
Where is the app approval process when you need it?
My guess would be that the people approving apps have been trained in recognizing violations of the developer guidelines but not so well trained in internet security. These people need to have some training in spotting internet fraud before they are turned loose passing Apps.
Oh I never consider CC company's as saint.
Most of them are pure evil in terms of their fees and what not!
But when this happened, I did have a concern that my credit card was not hacked per se, but it was the iTunes account, since that is where all the charges stemmed from. And I had read some stories online with other banks and credit cards, where they had trouble getting money refunded, since the fraud occurred on Apple's end. Well, long story short, I am glad my cc was good to give my money back.
That said, Apple should fix their system. Like give option of paypal like thing - enter your phone number to receive a text message for entering code for any purchase. I feel much safer with that.
Or any of such measures - limiting the max purchase amount (set this with some secret code to be inserted first for changing it)
Not a bad idea, or require that each machine you make purchases from be activated with iTunes Store. They already require this before you play content so shouldn't be a stretch to require it before you buy content. This way you would get an activation request via e-mail and would need to verify a separate PIN to activate.
That would cut down a lot of fraud since even if they were to somehow get access to your e-mail account they would have to also know your PIN and hopefully you would notice the e-mail and think enough of it to call Apple to disable it. Chances of them obtaining your PIN would be very low since you usually only enter it once at activation. Keyloggers can get e-mail passwords at any time because you enter the username and password quite frequently.
Only way to prevent fraud 100% is to make sure you know the risks and how to avoid them. If you are going to play on the world wide web you better know the risk and how to avoid pitfalls.
This is not true. You can open an iTunes account with an Apple Gift Card only, no CC at all. The process is not widely advertised, and in fact there was confusion among the Apple store when I asked before buying the gift card. But it IS possible. The worst thing that could happen to me is the loss of $15, which is the most I've ever had in that account.
I suspect (and hope) more people will consider this non-CC option after this round of fraud. I wish more people took this stuff seriously, and stopped depending on the CC companies to deal with stuff after the fact. If you think the big greedy banks just eat up those costs you're living in a fantasy land. Fraud costs are passed onto the consumers, through higher account fees, lower interest rates, higher merchant fees (which are passed along to us consumers),etc.
Using CCs and debit cards for every whimsical purchase may be convenient, but each and every time you use these cards adds one more vector for someone to steal your money, your personal information, and in the worst cases, your identity. Before you pull out the tinfoil hat comments, according to the FTC, 8.3 million people were victims of identity theft in 2005 in the U.S. alone. 8.3 million!
We're not talking about real "identity theft" here. We're talking about someone getting your password and e-mail address. That's bad, but I can't see how it's Apple's fault.
As for credit cards: You're fighting a losing battle. Consumers demand convenience. Personally, I find cash annoying. Places that only take cash infuriate me, especially when they refuse credit, but own the ATM machine in the corner, which itself charges me outrageous fees (this actually happened at a bar in town last year). I also find that I am more prone to spend cash when I have it. By using my debit card, I tend to buy only what I need or definitely want. Also, I frankly would be more concerned about losing $250 in cash (or being robbed in the street) than I would about ID theft. Sign up for LifeLock or what not. The 21st Century wishes to welcome you.
My guess would be that the people approving apps have been trained in recognizing violations of the developer guidelines but not so well trained in internet security. These people need to have some training in spotting internet fraud before they are turned loose passing Apps.
True. But surely the inclusion of a valid company name and URL are requirements of the developer agreement / approval process?
No, those options are "extra" secure. iTunes is secure just based on the amount of fraud compared to how many transactions have happened in total. It's the result that makes it "secure."
Think about the number of things that you access with just a name and password. Most of your online shopping is like this. I access my bank with just a username and password. It's the defacto standard.
And do you really want to have to verify an image and/or use a freaking USB key to download some music? It's totally inconvenient. It's annoying enough that I have to reenter my password just to update my apps on my phone.
You're wrong. It's going to take a few years to notice you're wrong though.
Financial institutions will start enforcing "extra" (as you call them) security measures in a few years. Most offer them as an option now.
Apple will be the same eventually. I'd be surprised if they don't start to offer optional security measures in the next year or two.
I'm sure they don't want to because it's going to cost them, but eventually user pressure and Visa/Mastercard will force them to.
It's not really that inconvenient. Some very convenient ideas...
You're wrong. It's going to take a few years to notice you're wrong though.
Financial institutions will start enforcing "extra" (as you call them) security measures in a few years. Most offer them as an option now.
Apple will be the same eventually. I'd be surprised if they don't start to offer optional security measures in the next year or two.
I'm sure they don't want to because it's going to cost them, but eventually user pressure and Visa/Mastercard will force them to.
It's not really that inconvenient. Some very convenient ideas...
Wait..you mean security will improve over the years? Surely not!
iTunes has 150 million customers. 400 people had their accounts accessed. Do the math. The system is fine. They will also add a few measures to improve security. No one said it couldn't be better.
Wait..you mean security will improve over the years? Surely not!
Yes, that has been my point all along. At the moment it's inadequate. They'll continue to improve it until it is adequate.
I'm not sure what your point was.
Using CCs and debit cards for every whimsical purchase may be convenient, but each and every time you use these cards adds one more vector for someone to steal your money, your personal information, and in the worst cases, your identity. Before you pull out the tinfoil hat comments, according to the FTC, 8.3 million people were victims of identity theft in 2005 in the U.S. alone. 8.3 million!
But convenience almost always wins so I don?t think your ideas will make a dent here. I suppose the best you can hope for is a knowledgeable consumer.
Sadly, you're right. It's a really sad statement that people value a little convenience over everything else - safety, privacy, but it's certainly the trend. My hope is that by throwing out tidbits of education people will at least consider other options when it doesn't pose a significant inconvenience. I don't expect many people to move back to an almost fully cash based lifestyle, as I have, but most of the time cash is really easy. Look how many people whip out their debit card just to pay for a frickin' cup of coffee!
Slowly but surely, people (especially here in the US) are like frogs in a pan. They don't see what's happening to them, and won't until it's too late. They are slowly but surely giving up their freedoms and privacy day by day without a care -- only for the sake of a little convenience! The world is far more Orwellian than people think, but because it's not technically "the government", they don't care. Between Google's absolutely incredible knowledge base of individuals, Facebook's deep knowledge of social graphs, and credit/debit purchases being used to track everything from people's physical location to their purchase habits, we're basically there. Heck, now that various states are tracking virtually all private vehicle movement, maybe we are there.
Having a separate card for internet, international or other questionable purchases. I try not to use my Debit Card for this reason.
There is an up side to using a CC. Built in protection from theft, which may be difficult with money orders or gift cards, and reward programs (as mentioned above) but you have to be fiscally responsible because that little carrot is attached to a very big stick.
Yup, haven't even touched on that part yet. The banks are finally being reined in a bit, but thanks in part to the disaster they've helped to bring to our economy, we've seen hard evidence that (what people have speculated for a long time) they actively prey on poor and uneducated folks who either cannot control their CC use or don't understand the ramifications until it's too late. I don't see the situation getting drastically better any time soon, but I can hold out hope that people don't totally lose sight of what's happening/happened.
We're not talking about real "identity theft" here. We're talking about someone getting your password and e-mail address. That's bad, but I can't see how it's Apple's fault.
Totally agree. My point was that by attaching an account to a gift card, rather than a credit card, there is a low and hard limit on the damage that can be done and you can just create another account. Sure, you can call the CC issuer and deal with it, but it's not only a pain in the ass, it enables crooks to steal vast amounts of money. The fact that you aren't the one that pays for it in the short run doesn't mean the damage didn't happen.
As for credit cards: You're fighting a losing battle. Consumers demand convenience. Personally, I find cash annoying.
I find that attitude annoying.
I also find that I am more prone to spend cash when I have it. By using my debit card, I tend to buy only what I need or definitely want.
I've heard this excuse before, and I don't buy it for a NY minute. If you use cash you're limited to what you have on your person, and you're not likely to spring for unneeded/unplanned items on a spur-of-the-moment purchase, but that happens all the time when you use cards. If you use cash and are considering a non-trivial purchase (but not large enough to "require" plastic), it takes a little extra effort to either plan in advance or swing by a cash machine, so there's an automatic throttle.
I DARE you to try it. I was actually able to convince a friend to (mostly) try it, and they were surprised that they actually spent LESS when moving back to (mostly) cash. Ultimately they didn't stick with it even after realizing this, which is so sad it's not even funny. But I think it was mostly because they actually found themselves uncomfortable being in a position of not being able to willy-nilly buy stuff they didn't need. Which proved my point, but they didn't like it.
Also, I frankly would be more concerned about losing $250 in cash (or being robbed in the street) than I would about ID theft.
Your most valid point. I guess I can be happy that most people don't carry cash, as it makes strong arm robbery less of an issue than it otherwise could be.
But honestly, while YMMV, I don't hang out in bad neighborhoods or put myself in risky situations. The odds of my being robbed are far less than the 8.3 million out of maybe 200 million CC users in this country. That's 4 percent chance of ID theft per year. Do you really think the odds of your being mugged are greater than 4% in any given year? Besides, whether or not you carry cash is not likely to actually create the occurrence unless you're flashing it around. It merely dictates how much $ you would lose in such an event.
Good conversation, nonetheless.