Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Lefisu63]

I've bought MC 22 and now MC 23 - and I only receive an email with the key - but with no receipt (e.g. as pdf or so). Where is it? I normally download and store it with the .exe setup and noticed I also didn't get one with MC 22.

The bad thing is - my bank has just called me that my Credit Card data has been hacked - and the only one website in 2017 where I've entered my credit card data online - was buying MC 23. The data has been used in America for e.g. Route 66 (more details I will receive Wednesday).

[RoderickGI]

The only time my credit card has been compromised was after a paper impression transaction at Santa Monica beach. The bookstore claimed their electronic system was down, and it was during the transition, so they still had the impression machines.

I have done heaps of online transactions and never been hacked that way.

I think social engineering is more likely than a problem with a secure purchase from JRiver. Someone photographed your credit card and noted your PIN number at a supermarket, took a bank statement from your letterbox and followed you to a shop to get the PIN number, or something similar.

The receipt thing? Yeah, I've never seen one of those. Your email plus bank statement not enough? 

[Lefisu63]

I think social engineering is more likely than a problem with a secure purchase from JRiver. Someone photographed your credit card and noted your PIN number at a supermarket, took a bank statement from your letterbox and followed you to a shop to get the PIN number, or something similar.

Definitely not in my case.

I'm also one of the programmers in this (my, our) bank - so I know about all the problems (and we all have required training courses regarding this).

I've never used the credit card itself for the past 2-3 years or entered my credit card data online anywhere else this year. The card data are only stored on Amazon and Sony Playstation Network (and I hope they have not been hacked again ).

The receipt thing? Yeah, I've never seen one of those. Your email plus bank statement not enough? 

The email only contains the link info + key - no payment info details. The credit card statement from the bank - hmm - normally I need a receipt to reduce the tax of my income (as software developer I can do this (in Austria) when I buy hardware + software - although MC is 100 % for private usage of course )

The mysterious thing is that the credit card data has been used in America. However - more details where exactly I will receive tomorrow.

[RoderickGI]

Well, I would suspect the Sony Playstation Network first, particularly if the card is the same one as the last time they got hacked.

I don't think JRiver stores any CC details, so either the transaction would have to be captured as it happened, or JRiver's payment processor would have to be hacked. Unlikely.

Someone from JRiver may come along and offer a receipt, or if your search around the forum you might find the email address of JRiver's admin person. 

[JimH]

I don't think JRiver stores any CC details ...

That's correct.

[Lefisu63]

Well, I would suspect the Sony Playstation Network first, particularly if the card is the same one as the last time they got hacked.

This is not possible. If a card or card data has been used/hacked - it will be de-activated immediately by the bank and you get a new card with new number.

JRiver's payment processor would have to be hacked.

That is what I mean. Or someone from the company itself has used the data.

The credit card data of a co-worker (here in Austria/Europe) was also used by a hotel employee in Indonesia last weekend. He has bought some games etc on Google Play store with the data. My co-worker had to forward the credit card data via booking.com to the hotel in Indonesia for the payment. 2 month after his holiday the card data has been used by the hotel employee.

@JRiver - which payment partner service are you using?

[RoderickGI]

This is not possible.

I love statements like that. "Not possible"?

If the card data had been stolen, but the data had never been used yet, and Sony either didn't know which data was stolen, or didn't want to admit it, or inform everyone affected, then the card would still be active, and could be used by anyone who bought the data. After all, that is why people steal such data, to sell to someone who will use the data one time, at some time in the future.

Your co-worker's experience is much like my bookstore example. A low level employee had their hands on the card data, and used it at a later time. It sounds like he sent that data in a message to Booking.com? I would never do that, particularly to a hotel in Indonesia. After all, that is why Payment Processing Services exist. To make sure the data is secure from all casual observers.

JRiver have said before that they never see your card data, so it couldn't be anyone from there.

I guess someone could hack the SSL encrypted transaction while it was in process. But that wouldn't be easy!

Also, Payment Processing Services live and die on the security of their transactions, so highly unlikely someone from there would be involved.

Hence, the Sony hack was my most probable source of a leak.

Anyway, sorry you got hacked.

[JohnT]

This is not possible. If a card or card data has been used/hacked - it will be de-activated immediately by the bank and you get a new card with new number.

That is what I mean. Or someone from the company itself has used the data.

The credit card data of a co-worker (here in Austria/Europe) was also used by a hotel employee in Indonesia last weekend. He has bought some games etc on Google Play store with the data. My co-worker had to forward the credit card data via booking.com to the hotel in Indonesia for the payment. 2 month after his holiday the card data has been used by the hotel employee.

@JRiver - which payment partner service are you using?

We use Elavon: https://www.elavon.com/index.html   Using their "Converge" integration.