Any advice on security?

Wow, my CC got used fraudulently! This has never happened to me before... It's the account I use for all my online stuff, and I don't carry the card, so it must have been hacked in some way. Scary stuff.

Doesn't paypal offer a service that gives you a one-time use CC number to use for on-line transactions? If anyone knows, reply or PM me, please.

I've been concerned about security here too, after a recent thread disclosing the forum security flaws. Before I went on vacation at the beginning of Sept., I deleted all my payment info, because I thought I'd probably have to use an insecure wireless connection, which I did. I plan to have my old main be the only account with payment info on file (different pwords, of course), and just transfer Lindens to me when I need them. Think that will work? So far I'm still accessing the Forum, even tho I no longer have payment info on file. Wonder if that will continue to be the case?

What do you guys think are reasonable security precautions?

PS. I don't think the security breach happened at LL. I had not re-entered my payment info until last night, and the fraud happened this last weekend.

honestly Allegria, i claim my cc lost about every 3 months, and they send me a new acct # and cards.... which makes the old acct invalid.

sorry this happened. really sux. i hope it wasn't too much $$ and that you get it resolved before your credit is ruined.

I don't think my credit will be ruined, I caught it within 2 days and the card is now cancelled. I just don't want it to happen again.

i haven't done this yet, but i'm going to.... someone suggested buying those gifty visa cards and putting money on them and using them for online stuffs.... that could be a way to handle it.

in the interim, now that you cancelled your card and are getting a new one, mark this date and do it again in 3 months... claiming it lost. that'll at least avoid a repeat of same.

Lock down your email passwords - that's #1. It's more critical than your bank password or anything. Once that is breached, hackers pwn your password resets. Often *all* of them.

Also amazing is the number of people whose security question is "what's your dog's name" - and then they mention Pookie twice a week in their blog.

what does this mean? how do you lock them down?

The service charges on those cards are outrageous, 3ring. I'm going to investigate the virtual card that paypal and some banks offer. They expire after one or a few uses.

Cancelling your card periodically is a thought.

Reset my email pwords... that's good advice, i used them on a wireless connection while on vacation, and didn't think to change them.

It just means to make sure your passwords are protected. In general you should change them now and then, make them strong (numbers, letters and special characters, no common or easily guessed words and not too short) and make sure that NO ONE else has access to them.

Allegria - log into your paypal acct (set one up if you don't have one yet). Then on the left side of the screen, click on "PayPal Plug-In". That will install a plugin to your browser that will let you generate a new cc for each online usage, with the cc number really being paid from your paypal acct, either via your checking account or a real cc.

Also, pay the little bit of money to get the additional security device sent to you. This is a little device that you use to give you a new random number each time you log in to paypal.

ETA: And never ever enter a password that is used for financial/protected/important stuff on a website that is just HTTP rather than HTTPS

by canceling your cc, or claiming it lost or somthing, with paypal, don't you risk having your SL account frozen for some time? 0.0

it's not good for much other than peace of mind, but check with the bank that issues the card which was hacked/charged. Ask them if the CCV or a zip was used? (prolly wasn't) With modern computer hardware it's quite feasible to try random combinations of 16 digits plus a 4 digit expiration. If you process enough of em fast enough, by probability some small percent just works. So your CC# could have been directly spoofed with no provocation whatsoever on your part. The bank can usually tell that by how the card was used. If you have a $0.99 charge followed by a $1.99 then $9.99 etc, that's another indicator that it's a blind attack. RL bots are a much bigger problem than any SL bots.

I've removed the CC info from my SL accounts, and am still accessing everything just fine. I don't intend to put payment info back on file for Allegria, unless I find I can't access the forums one day.

Thanks lil, I didn't know payPal had the little security device. I use them for work accounts, and feel much more secure.

Prolly not. But, more importantly, if you cancel your CC often, you risk your RL credit score, and suddenly every Tom, Dick and Harry wants to call your credit card company to verify your identity every time you buy a latte (>.<

Happened to me when my wallet got stolen/lost twice within six months.
.

I thought that might happen, but have not had the experience myself.

Actually, if you are changing the cc number associated with your paypal account very often, you risk having your paypal account locked until you can fax them all sorts of documents to prove who you are. A few years back, Citibank had a 'virtual cc number' generation and I added and removed a few cc numbers on my paypal account. After roughly the 6th time or so of doing this, my account was frozen for possibly fraud and it took me two weeks of trying to talk to them and get them the correct documents to straighten things out. Here I thought I was being a good cautious consumer and ended up making myself look suspicious.

I just joined the club. My check card was also compromised. Luckily it was large amounts of money. It would have been sometime before I caught the little amounts. Grrrr!

I stopped using credit cards a couple of years ago, I don't even have one anymore. I have a Visa Check Card tied to an account strictly for online shopping and keep only a small running balance, transferring funds to it as I need.