# I won't pay for a VI w/ credit card ever again



## Chamberfield (Feb 2, 2021)

A few days ago I purchased a VI from a small developer ( I won't mention any names) who doesn't accept PayPal. It was credit card only. 

I was hesitant to use my card, but I really wanted the VI so I bit the bullet. Sure enough, the next day my credit card was hacked.

Never again. From now, it's PayPal or no sale.


----------



## cuttime (Feb 2, 2021)

Same here, but I have a pretty decent card and good standing with the company. The payment was declined because it was "an atypical purchase". I immediately cancelled the card and got a new one the next day via overnight. No harm done, but I definitely see your concern. Overall, I'm not sure how one can directly see a card hack directly tied to a specific purchase.

FWIW, the purchase was in the EU, but the hack was for a US purchase.


----------



## chillbot (Feb 2, 2021)

Chamberfield said:


> A few days ago I purchased a VI from a small developer ( I won't mention any names) who doesn't accept PayPal. It was credit card only


Sucks, but let the developer know... unless they are blatantly selling your personal info this is no fault of theirs.

I don't know your situation but I will offer this:

- I've bought a zillion sample libraries, more than the average bear anyway.
- I've probably bought from your unnamed small developer.
- I use a credit card on every single purchase (I want the miles).
- My credit card company cries wolf about fraud once a week at least, they flag everything they possibly can.
- I've never had a fraud/hack/whatever with any developer, small or otherwise.

Obviously your mileage is going to vary.


----------



## Trash Panda (Feb 2, 2021)

A small developer might not be aware they have a potential breach unless you tell them. Might be a good idea.


----------



## d.healey (Feb 3, 2021)

I'm surprised that a small developer would have the infrastructure to handle card payments themselves, most use a third party like Stripe. I wouldn't trust any small company to have the proper protocols to store my details securely.


----------



## Mike Greene (Feb 3, 2021)

To take David's post a step further, I highly doubt any of the developers we deal with handles payments directly. First, it would be insanely difficult (especially for a small developer,) second, it would be a very bad business decision, because having customers' info exposes us to all sorts of liability.

Also, if a developer did have the skillz to be able to get that info, they would also be smart enough to not then use it the very next day. 

It's possible their payment processing service was breached that day, but a breach like that would be a huge deal we'd probably have heard about. (These processors are big companies.) If I were a betting man (which I am,) I would bet the timing is coincidental, and your info was obtained in some other way.


----------



## Ivan M. (Feb 3, 2021)

Think about this:

Your computer: Could it be you have some spyware on your computer? Was it a long time before this purchase that you used your card online? Did you install something in the meantime? Do you have a full version of some security/anti-virus software?

The network: Were you on a secured network?

The seller: Is the seller's website secured with https?

And, of course, inform the seller.

I worked a bit in the e-commerce industry, and from what I've seen it's quite complicated, so many security protocols and laws are in place to prevent frauds, I just don't see a single person or a smal company setting this up for themselves. That's why there are e-commerce platforms with ready-made solutions.

Of course, that's just my opinion...


----------



## Chamberfield (Feb 3, 2021)

Thanks everyone for the tips. The credit card form on the developer's site was handled by a 3rd party. I will let them know what happened. I don't cast any blame on the developer at all.

Chillbot... man I wish I had your kind of luck. I always seem to be burned by using credit cards online. I've had really good results using PayPal for years, so for me that seems to be the safest option.

I'm pretty sure it's not my Mac. I have pretty good security measures in place, but I'll look into it.


----------



## gamma-ut (Feb 3, 2021)

Chamberfield said:


> A few days ago I purchased a VI from a small developer ( I won't mention any names) who doesn't accept PayPal. It was credit card only.
> 
> I was hesitant to use my card, but I really wanted the VI so I bit the bullet. Sure enough, the next day my credit card was hacked.
> 
> Never again. From now, it's PayPal or no sale.


I have had a similar thing happen in the past week. Similarly, the most likely culprit is a hack on a smallish music software vendor using a third party payment processor (Fastspring). If it's from that, I suspect a cross-site scripting attack. This was a vendor that had halted a sale because of issues the week before. However, it's always hard to be sure when the hack was done on a card (though it's used mainly only for a few big-name suppliers where the brown stuff would hit the fan hard if they were hacked) and may simply be the result of data being sold on and being used now.


----------



## JonS (Feb 3, 2021)

cuttime said:


> Same here, but I have a pretty decent card and good standing with the company. The payment was declined because it was "an atypical purchase". I immediately cancelled the card and got a new one the next day via overnight. No harm done, but I definitely see your concern. Overall, I'm not sure how one can directly see a card hack directly tied to a specific purchase.
> 
> FWIW, the purchase was in the EU, but the hack was for a US purchase.


Sorry to hear that :( Right now I am credit card hack proof for the first time in my life, not necessarily in a good way but hey im a struggling artist giving it all for my art. Any scammer steals my credit card will find out that I have zero credit available on all my cards....


----------



## rrichard63 (Feb 3, 2021)

Chamberfield said:


> I've had really good results using PayPal for years, so for me that seems to be the safest option.


I think this cuts both ways. I would probably feel more comfortable if PayPal were the only website that had my credit card numbers. But, for exactly that reason, if I were a thief I would probably be trying to hack into PayPal's database rather than any place else. I suspect PayPal has more credit card numbers combined with address and other personal information than any other database on the planet.

On a different point, I think Mike Green is right. I don't think credit card numbers are often used immediately after they are stolen. It seems likely to me that your card was stolen a while ago from a different location.


----------



## PaulieDC (Feb 3, 2021)

Chamberfield said:


> A few days ago I purchased a VI from a small developer ( I won't mention any names) who doesn't accept PayPal. It was credit card only.
> 
> I was hesitant to use my card, but I really wanted the VI so I bit the bullet. Sure enough, the next day my credit card was hacked.
> 
> Never again. From now, it's PayPal or no sale.


Just a curiosity question, how did the developer actually accept payment? Meaning, how did you get them your card number? Their website?


----------



## José Herring (Feb 3, 2021)

I either just use debt cards not linked to my bank or I use Paypal. I try to not use my credit cards directly but sometimes you can't avoid it.


----------



## Chamberfield (Feb 3, 2021)

PaulieDC said:


> Just a curiosity question, how did the developer actually accept payment? Meaning, how did you get them your card number? Their website?


Yes, it was a credit card payment form on their web site. This is a brand new developer who only offers 1 VI, and upon closer inspection, there's no branding on the credit card form that indicates who the 3rd party is... Fastspring for example. Nevertheless, I contacted the developer to let them know what happened.


----------



## Antkn33 (Feb 3, 2021)

Chamberfield said:


> A few days ago I purchased a VI from a small developer ( I won't mention any names) who doesn't accept PayPal. It was credit card only.
> 
> I was hesitant to use my card, but I really wanted the VI so I bit the bullet. Sure enough, the next day my credit card was hacked.
> 
> Never again. From now, it's PayPal or no sale.


I’ve had PayPal screw me over by not compensating me for a sale gone bad.


----------



## Macrawn (Feb 3, 2021)

I use paypal for most online transaction. Hadn't realized it's more secure, but I guess it is because someone using your email would have to log into your account to pay for something and would be subject to authentication vs just using the credit card number. 

I've always felt safer with the card because I know the cred company will refund fraud (or rip off transaction) especially on big purchases. I don't trust paypal as much in that regard, so I always prefer cred card on something expensive.


----------



## Mike Greene (Feb 3, 2021)

Chamberfield said:


> Yes, it was a credit card payment form on their web site. This is a brand new developer who only offers 1 VI, and upon closer inspection, there's no branding on the credit card form that indicates who the 3rd party is... Fastspring for example.


Hmmm ... so maybe I would lose that bet.  Although that would be really odd if they're really do this from their own site.

*EDIT* - I checked just now and there's no branding on my Realitone credit card page, either, even though it's Shopify who handles the processing, not me. In my case, since Shopify not only does the processing, but also hosts the site, I guess they can make it not so obvious that a third party is involved. My guess is this other developer does something similar.


----------



## Chamberfield (Feb 3, 2021)

Mike Greene said:


> I guess they can make it not so obvious that a third party is involved. My guess is this other developer does something similar.


Yep, I'm guessing that's probably the case here. I really hope it's not the developer trying to DIY!

My online credit card statement is currently disabled until they send me the new card, so when it's online again, I'll be able to see who processed the transaction and maybe shed some light on the mystery.

Also, out of curiosity, are there some countries that won't allow PayPal? There's no info on the developer's site about where they're located, but I'm guessing Europe since prices are in Euros.


----------



## PaulieDC (Feb 3, 2021)

Chamberfield said:


> Yes, it was a credit card payment form on their web site. This is a brand new developer who only offers 1 VI, and upon closer inspection, there's no branding on the credit card form that indicates who the 3rd party is... Fastspring for example. Nevertheless, I contacted the developer to let them know what happened.


10-4, just wondering. It's tough to build in CC payments, new small businesses should just set up PayPal, all the security is built-in. Anyway, hope you escape unscathed.


----------



## babylonwaves (Feb 5, 2021)

I would advise anybody to stay away from a unknown developer who does not offer a PayPal option. PP the easiest and most convenient step for anybody when starting to goods online. There is absolutely no reason for a developer to offer CC payment only. I know that some sellers don’t like PayPal because customers can open claims after purchase and that means additional risk and work. But then, if the offer is fair and solid, from my experience, claims don’t really happen.


----------



## bill5 (Feb 9, 2021)

Chamberfield said:


> Never again. From now, it's PayPal or no sale.


I hate to tell you this, but paypal isn't exactly a guarantee of security. They've had known numerous issues and after against my better judgment I opened an account, sure enough I experienced an issue which they never really resolved. Never again.




d.healey said:


> I'm surprised that a small developer would have the infrastructure to handle card payments themselves


I'm surprised you're surprised. It's quite easy to do. I can't speak to liability issues though.


----------



## devonmyles (Feb 9, 2021)

Not full proof by anymeans but, I use one separate account for (any) online purchases.
I also removed the overdraft facility. When I'm ready to buy, I then move money over into that account. My PayPal account is linked to that account as well.


----------



## rrichard63 (Feb 10, 2021)

devonmyles said:


> Not full proof by anymeans but, I use one separate account for (any) online purchases.
> I also removed the overdraft facility. When I'm ready to buy, I then move money over into that account. My PayPal account is linked to that account as well.


No, not foolproof, but a good idea. It has a second virtue of encouraging self-discipline in the face of GAS symptoms. In order to work, you have to link your PayPal account to one and only one bank account or credit card.


----------



## Chamberfield (Feb 10, 2021)

bill5 said:


> I hate to tell you this, but paypal isn't exactly a guarantee of security. They've had known numerous issues and after against my better judgment I opened an account, sure enough I experienced an issue which they never really resolved. Never again.
> 
> 
> 
> I'm surprised you're surprised. It's quite easy to do. I can't speak to liability issues though.


We can all only speak from our own experiences. I don't use the credit card feature on PayPal, it's debited from my checking account, and I always try to keep a low balance in that account in case someone ever did hack in, they wouldn't get much.

I've been using PayPal for over 15 years and have had zero issues. That doesn't mean they're fool proof, but it's been hassle-free from my experience.


----------



## bill5 (Feb 10, 2021)

You've been fortunate. I used it for far less time and had issues.


----------



## Gerhard Westphalen (Feb 10, 2021)

I've never had issues using my credit card online but I also always make sure that they use some kind of protected service. 

Funnily enough, as far as I can tell, my cc info has only ever been stolen in-person. I hadn't used it in a while and the day after I used it at a grocery store, it had several online purchases on it. They were all from Canadian websites and I certainly hadn't ordered anything from within Canada (other than Amazon) for a while. I assume that someone got closed to me and "tapped" it.


----------



## Bman70 (Feb 10, 2021)

I had someone rent a $200 storage unit in New York with my card once. I think that was from the old Playstation hack though. It is strange to see the purchases people make with pilfered card numbers.. why _storage_?


----------



## gamma-ut (Feb 10, 2021)

Bman70 said:


> It is strange to see the purchases people make with pilfered card numbers.. why _storage_?


It could be for money laundering, not the cost of the storage itself.


----------



## Polkasound (Feb 10, 2021)

About three years ago, an airline agent called me to ask if I had authorized the purchase of several plane tickets to Argentina. I said no and immediately called my credit card company, and they verified that yes, my card was used to buy the plane tickets.

I was pissed off at my credit card company because the card is a spare that I only use once or twice a year for tiny purchases, just to keep the account active. How on earth they did they not flag plane tickets to Argentina???

Since I only had one transaction on the card for the entire year – a recent fuel purchase – the pump I used must have had a skimmer in it.

Regarding PayPal, I've been with them a little over 20 years now and haven't had any safety issues. I only had one dispute with them about 15 years ago when an eBay seller screwed me out of $100. PayPal closed the case in favor of the seller without even acknowledging the documents I sent them. I remained such a thorn in their side that they gave me $100 just to make me go away.


----------



## Ivan M. (Feb 11, 2021)

My bank has this approach: for online purposes they give you a separate account with a debit card. You only put money on it when you're buying something. And it's being replaced yearly.


----------



## 24dBFS (Feb 11, 2021)

I use Gumroad to handle all things related to payment for my products and up until January 2021 there was no option for the customers to pay via PayPal, they (Gumroad) only used Credit Cards and I found it really odd. As of January 2021 PayPal is finally there as an option and I can see already that many customers are preferring PP over CC since it is that easy and you can always dispute if needed. But even with vendors using only CC there is always a way to claim a return or block the payment up to 6 weeks after the purchase (at least here in the EU so far I know). There are also banks that will double-check each transaction going over certain amount set by the client. 
I personally never had issues described by the OP and always felt secure buying stuff online although already 3 times my bank changed my credit card by just sending me a new one without me asking for it explaining that it was necessary on their side - meaning in plain English "We had a breach and decided to swap all the card numbers that we have lost" but they will of course never said it straight like that.


----------



## Akat1 (Feb 11, 2021)

devonmyles said:


> Not full proof by anymeans but, I use one separate account for (any) online purchases.
> I also removed the overdraft facility. When I'm ready to buy, I then move money over into that account. My PayPal account is linked to that account as well.


Same. The separate account is a nice extra layer of protection. I guess the 3rd layer of protection is that my wife does all the accounting and doesnt hesitate to ask "Who is So-and-so Audio place UK?" when the text pops up on her phone.


----------



## d.healey (Feb 11, 2021)

bill5 said:


> I'm surprised you're surprised. It's quite easy to do. I can't speak to liability issues though.


I'm surprised you're surprised I'm surprised, your turn. 

I'm referring to setting up to process card payments, not adding a form to your website that links to a card payment processor. The latter is easy of course but for the former is complicated. You'd essentially have to setup a separate payment processing company.


----------



## Eptesicus (Feb 14, 2021)

Chamberfield said:


> A few days ago I purchased a VI from a small developer ( I won't mention any names) who doesn't accept PayPal. It was credit card only.
> 
> I was hesitant to use my card, but I really wanted the VI so I bit the bullet. Sure enough, the next day my credit card was hacked.
> 
> Never again. From now, it's PayPal or no sale.


Interestingly, i have just had a fraud alert/attempted transaction on the card that i solely use for foreign transactions and it has only been used (primarily) on sample libraries. In fact apart from an amazon payment, i think everything in the last few months, maybe even year has been sample libraries...

No guarantee, but I've never used it in a shop or taken it out so chances that a developers site/payment system (maybe the same one you used..) has been compromised seems quite high.

Anyway, card cancelled and new one on the way.


----------



## Chamberfield (Feb 14, 2021)

Eptesicus said:


> Interestingly, i have just had a fraud alert/attempted transaction on the card that i solely use for foreign transactions and it has only been used (primarily) on sample libraries. In fact apart from an amazon payment, i think everything in the last few months, maybe even year has been sample libraries...


Sorry to hear your card was hacked. I found out the developer is located in an obscure Eastern European country, and I do know that hackers are very clever in that part of the world. I'm not sure if that had anything to do with it, but the combo of a sketchy transaction and being hacked within 48 hours didn't seem like a coincidence.


----------



## Nick Batzdorf (Feb 14, 2021)

My wife has had her card hacked about four times, but we're not responsible for it and the credit card company just cancels the card and mails her a new one. I have a card with a different number on the same account, and we can still use that.

Mine has never been hacked.


----------



## Eptesicus (Feb 15, 2021)

Chamberfield said:


> Sorry to hear your card was hacked. I found out the developer is located in an obscure Eastern European country, and I do know that hackers are very clever in that part of the world. I'm not sure if that had anything to do with it, but the combo of a sketchy transaction and being hacked within 48 hours didn't seem like a coincidence.



I think it is almost certainly a VI developer's payment system that has been compromised. Unless Amazon or Paypal was hacked (very unlikely), i have only used this card on virtual instruments from various companies.

The card has literally never left my house, lol as i dont use it regularly/as my daily credit card.


----------



## ok_tan (Feb 15, 2021)

Chamberfield said:


> Sorry to hear your card was hacked. I found out the developer is located in an obscure Eastern European country, and I do know that hackers are very clever in that part of the world. I'm not sure if that had anything to do with it, but the combo of a sketchy transaction and being hacked within 48 hours didn't seem like a coincidence.


Obscure eastern european country? 😊 point of view hm?

Greetings from indonesia 😂


----------



## jononotbono (Feb 15, 2021)

Credit Card transactions are insured. You can get your money back. That’s one of the reasons you should use a Credit Card.


----------



## Chamberfield (Feb 15, 2021)

jononotbono said:


> Credit Card transactions are insured. You can get your money back. That’s one of the reasons you should use a Credit Card.


I've never lost any money. My bank is great about contacting me whenever they detect fraud, and I've always been reimbursed.

It's the hassle of being a sent a new card and then having to relink the card to all my auto-pay accounts etc. 

I prefer not to do this several times a year. I would rather avoid altogether if possible.


----------



## Nick Batzdorf (Feb 16, 2021)

The problem is that there aren't many other choices if you can't walk in with cash.

There's Paypal, and I think Apple is working on a variation (if it isn't active already), but if you have objections to those then you're probably out of luck.


----------



## Vladinemir (Apr 18, 2022)

Happened to me today too. My bank informed me about this fairly quickly. Somebody was shopping for music with the card. I appreciate they stuck with the theme and wanted to support an artist but might as well do that with their own money.


----------



## Henrik B. Jensen (Apr 18, 2022)

I had to replace my Mastercard last month because apparently someone had tried to use it.

I can't say for sure how / where my card info got hacked, but I made three purchases from sample library companies last month, two of them smaller ones.


----------



## MartinH. (Apr 18, 2022)

Henrik B. Jensen said:


> I had to replace my Mastercard last month because apparently someone had tried to use it.
> 
> I can't say for sure how / where my card info got hacked, but I made three purchases from sample library companies last month, two of them smaller ones.



Let them all know what happend just in case. If they got compromised they probably don't even know.


----------



## Vladinemir (Apr 18, 2022)

I sent mail to companies too.


----------



## Henrik B. Jensen (Apr 18, 2022)

MartinH. said:


> Let them all know what happend just in case. If they got compromised they probably don't even know.


I didn’t think of letting them know but you are right, I will. Thanks


----------

