Quote:
Originally Posted by TeenCat
lol people if you cant learn that there are always people better than you dont be amazed you are loosing money! find some generated ccbill combo, merge user/pass and you have unhackable password, and if someone steal money again, it must be some db injection or server side scripting and thats something what must payment processor solve. but not if you have pass looking as "pass1234" . wake up you are not alone on the internet
|
I'm not sure threads like this can be productive, but it might help if people didn't make assumptions. This person's password was apparently XX233223445: not the most obscure sequence possible, but nor is it one anyone is likely to arrive at without multiple attempts.
I have no idea if EP lock access after say 3 failed attempts at entry. If not, that would be a first step. A couple of my banks ask several questions when the account is opened and online add one of these questions at random to the id and password for login. Since people rarely write these answers down (they are familiar things like place of birth, first school), even if someone gets hold of your ID and password, they would need to know you very well to get into your account. That helps too.
What bugs me most - and to date I only had this problem with a debit card from a regular bank - is the unwillingness to track down the culprit. I had a card compromised, so I restricted its replacement to online use. It was compromised again, so the third time I used it solely to pay my then host who offered no payment alternatives. It was compromised again.
If my bank made any attempt to trace the offender, they never said so. I made police reports, but you could see their eyes glaze over at the mention of the word "internet". And my host didn't seem in the least interested that unless someone dishonest worked in my bank or my email was being intercepted, logically the thief was likely to be among their staff.