Dirty F

onehundredfiddy

basschick

if these were virtual visa transactions, meaning that the money was spent online at a merchant, the user would not have to have all the cardholder's info - just the name, number, expir. date and numbers on the back of the card. any merchant who has run a card for a transaction may have all of that information and so might their employees.

they wouldn't need to log into the account - i don't when i buy domains with our virtual visa.

seems to me that if the merchant who accepted the card in good faith has the ip number of the user, and it isn't in a similar area to where the actual cardholder was at the time, that's the beginning of a chargeback or even legal action from epassporte and/or the cardholder.

__________________
Got Gay and For Women Traffic?

THY

so there was a chargeback done for the purchases or not?
even if it takes 6 months i will get the money back at some point...

RawAlex

From a security standpoint (as well as being able to prove your business expenses in case of an audit) a check is always better than a wire to a an electronic payment system... after all, did you buy content or play poker?

Not bashing epass, just being practical and using the tool at the level it was intended for.

Alex

azzam

I'm confused. If the details from my Visa that my bank has given me are stolen then the bank reverses the charges, gives me a new card, and contacts law enforcement to hunt down the offender. If the Visa details associate with an Epassporte account are allegedly stolen then Epassporte blames you, refuses to refund any money or give any details on the thief, then gets all shitty and refuses to answer any more problems on the forums ever?

Agent White

If I had to guess what happened based on what's been said, THY's machine was/is compromised by a backdoor. That person is probably running a keylogger and used his machine as a proxy to log in as another epass user in the past. They either captured his info from keylogging it or it was left in local file on his machine.

From there, they made virtual visa transactions to an online merchant, thereby bypassing the withdrawal limits as those effect cash transactions and not purchases.

Backdoors essentially let someone run any software they want. They can run a keylogger to capture local keyboard input, they can run an http proxy that will route all their web traffic through the infected computer's internet connection, they can use your machine to send spam, all sorts of nasty things.


If what Chris is saying is correct, they don't have THY's visa/cvv2 information in house, it's authenticated by a third party, which is pretty common. This rules out anyone gaining access to that data via hacking his epassporte account and also rules out an inside job.

In this case, epassporte's security is really not the issue as it wasn't the sole factor in THY losing money. Access to his Visa particulars was.

roly

i'm no expert on this, but if a store takes a fraudulent credit card sale then the loss is down to the store not the card holder? surely the same applies to a "virtual visa card" or am i missing something?

lucky1

If you don't have a keylogger, virus, spyware, or open wireless than this sounds like a very possible cause.

__________________
-
See sig --->

THY

i know what backdoors are and how to detect-avoid them...
i used to play jokes on ppl computers when i was 16 through irc using trojans and that shit... im not new to this..

in any case i still think theres information missing from epass...

flashfire

scary stuff...Its impossible to not keep money in epass...I can only take out 1k per day. Say I get a 10k payment I cant take it out for 10 days!

V_RocKs

I believe what Chris was saying is when you use a Virtual Visa online you need to pass the same basic authentication as if you were using your own personal credit card.

Name
Address (number/zip code)
CVV2, Exp.

So someone didn't send your money to their own account which is what you started saying in your post. Chris is saying that money left your account not by a P2P transaction, but by a Virtual Visa transaction with an online merchant.

So the guy hacked a 2Checkout account and had your username and password to access the message system on your own Epassporte account to read your CVV2 number from the Welcome to Epassporte message. Next he got your address from inside the Account Admin. Then he used that info to charge 4 $500 transactions totaling $2000. Then moved the money out of the 2Checkout account.

Now this is hypothetical since I don't know what online merchant he used. You should since you saw the transactions in your transaction history. If you can login to the account do a screen shot of the tranasaction history screen so we can all see who or what charged the $500, a P2P as you said or a Merchant.

SmokeyTheBear

jesus dude take a chill pill . i wasnt implying you should change "policy" its not a bank policy to refund money either but occasionaly they do it. and yes i realise your not a bank , anywhere i stated bank , insert whatever financial institution you would like to be called.

regarding the lengthy post you made , i think those were the details this guy was looking for before he started this thread.. i'm not sure why epassporte employees always have to see epassporte threads as "bash" threads.. this type of thread can be very helpfull in minimizing the times you have to go through this by keeping your customers informed..

__________________
hatisblack at yahoo.com

LaoTzu

In this wonderful, capitalist internet culture we live in, I'm waiting anxiously to see who will step into the mix and replace this shitty, sub-culture feeder of a payment solution, adult/gambling/laundering/tax-evading service for the underworld and easy target for the even lower credit card scammer/hacker.

There was a time when webmasters could transfer funds via the more legitimate Paypal, but given the current political environment, we've been relegated to the financial ghetto or red-light-district. Shouldn't be too long before a next-gen legitimate payment solution alla Paypal arises to compete, and in so, accepts the legitimate business of law-abiding and acceptable-level-of-service-expecting adult webmasters.

THY's problem, although it could affect me as an affiliate of one of his programs, is just a pixel in the big picture for epassporte's record. The response of whoever the hell that was in the epass corp just makes me want to veer away from them even more. I heard "This issue is petty, and we're not speaking to the public anymore."

Looking forward to a little market competition.

Doctor Dre

And the fact that epass is not giving him any help at all does not help epass's case.

I will be using wires for every big transferes from now.

Any banking operation that respects itself would definitly have an insurance close for the user as well as a good investigation. Epass fraud departement is a big fraud itself. It don't do shit when you need it and it piss you off when you don't.

__________________

Barefootsies

This is correct.

__________________
Should You Email Your Members?

Link1 | Link2 | Link3

Enough Said.

"Would you rather live like a king for a year or like a prince forever?"

tony286

10,000 dollar payments checks are a great thing and no fees.

GigoloMason

Not entirely accurate.

__________________

rehash

I am the other sucker who got ripped by epassporte (5*$500 ..$2500 total in a few minutes) the destination account was the same as THY's
So I confirm all THY's story as I talked with him over this period.
Epassporte is covering the thief, they would not even give me his IP or his name...I mean the IP of everyone who logged in into my account...which should be only me..so it's my private info....they will not give me that.

Could anyone explain how is it possible that same guy hacks 2(or more?!) high balance accounts in the same time? don't tell me keyloggers/spyware stories, because I don't even use Windows.

__________________

jayeff

About 18 months ago a payment of several hundred dollars was taken from my bank by someone who apparently had all the Mastercard details necessary for the transaction. I discovered the transaction the next day when I checked my online statement.

Here's how events subsequently went down, which shows not only what can be done but provides a sharp contrast with how EP handled the case highlighted in this thread.

1. I called my bank and without hesitation they gave me the details of who had taken the money (Western Union): even the telephone number to call. The only parallel with EP's reaction was that they said could not refund the lost money without a chargeback request, however they quoted a processing time of 2-6 weeks not an unspecified number of months and suggested that first I ask WU for a refund. They cancelled my card, issuing a new one which arrived a few days later.
2. Western Union could not have been more helpful. They immediately refunded my money and gave me all the details of the person to whom the money had been sent, along with the IP address of the person claiming to be me, who had instructed the transfer.

The only people who were less than helpful were my local police. They seemed to be out of their depth once the word "internet" came up, so I made a report directly to the police in Denver (where the money had ultimately been withdrawn). As far as I know nothing came of that, but at least making the report was quick and painless.

All of that took less than an hour and although it was thanks to WU being so cooperative that I got my money back the same day, the worst way (a chargeback) I would not have faced the delay that THY apparently does.

The difference seems to be that while I got to deal with people who actually wanted to solve my problem, EP are primarily interested in covering their own asses. That is the difference between good customer service and bad...

Manowar

interesting stuff

Chris Mallick

EMAIL ME: [email protected] if you have questions.

__________________

Chris Mallick
[email protected]

jigg

i am so tempted to drop my epassporte registration

__________________
......
eight,eight,two,eight,eight,four,two
......

Daruma

this seems to put a different light NOT supporting C's talking points ??

__________________

SmokeyTheBear

I will play devils advocate here and answer that question for you..

If someone keylogged you and THY and planned on stealing the money, it only makes sense they would do it at the same time to avoid getting caught.

Keyloggers aren't os specific so just because you dont have windows doesnt mean you werent keylogged.. ( it also doesnt mean you WERE keylogged either )

Also on that topic, there are many other ways someone could have sniffed your password , including an inside job at your isp. or an insecure wireless connection.

Could also be someone has messed with the way your compter reads dns and is pointing to a fake page/ip when you go to epassporte.com

Before you got ripped off , when was the last day you logged into the account ?

__________________
hatisblack at yahoo.com

polle54

That is a horror story alright

__________________
ICQ# 143561781

polle54

Please don't

I think we are many people who would like to know this.

Very legit questions he is making.

__________________
ICQ# 143561781

THY

i sent him an email, but i will keep everyone informed of course.

btw they were all P2P transactions, my account was blocked the same day but i took screenshots before they did.... i will post them later, there is something i just noticed and im trying to figure out...

also not sure if i mentioned but my epass account was blocked few days before this happened, because of suspicious activity (for the 2nd time in 1 month) and this happened after they re-activated my account and after i had to send all my IDs scanned too... including my epassporte card details.

SpeakEasy

Wow, this is quite an interesting thread to say the least. From an outsiders point of view it appears that epassporte (Chris Mallick) tried to cover his ass by side stepping again, however failed in his weak attempt. This basically reinforces the fact that they are not a real financial institution and you basically have no recourse if a serious problem ever happens to you. Then he jumped on split_Joel who is actually correct in his comments. Then he decides to change his message board posting poliies but refusses to change any needed real epassporte policies? You Lived by the boards, and you die by the boards. All I can say is WOW, things that make you go hummmmmmmm

rehash

I was logging in like 3-4 times/day
no wireless...and anyway...THY is in the other side of the world, hard to believe someone sniffed both of us...same for the dns...since we use completely different connections and OSs....

__________________

rehash

Interesting detail, mine was also blocked few days before all this happened and I had to send a lot of scanned documents...

If there was any kind of suspicious activity before...they check us instead of finding who is actually doing that activity? or they want to say I steal my own money? for my account(2 years old) these fraudulent transactions were the first outgoing p2p..

__________________

Daruma

wtf is going on with these guys?

both on opposite sides of the world
both had accounts blocked before
both had to scan and send document
both have different operating systems

something doesnt smell right if you ask me - i think epass has a lot more explaining and investigating todo before laying the blame outside their walls

__________________

Daruma

this thread makes me wonder how much business they lost compared to if they would have just returned money - even if it was out of their system already to keep THY and the other guy happy

I bet they lost a lot more business than the $4500 they should have paid back

__________________

split_joel

Chris why do you expect more out of me? I am an honest person, I speak my mind and if you don't like it then I am sorry. I think its fucked that you guys know some shady shit happened and you refuse to just give the money back. Two accounts, two different sides of the world, both hacked at the same time. Sounds to me like you need to hide somthing. Even if there's nothing to hide a real company would eat the cost and go after the person on there own. This is what divides the good and bad companys. Epassporte does not care what happeneds to there customers, they do not need to they will always have buisness and they got plenty of money. In the end though epassorte will forever have a bad name and they could of made so much more money, but now people don't know if they can trust epass. In the end epass is going to lose so much because of this. So so sad. Chris learn to respect others and ill respect you and the company you work for. Work hard and make an honest wadge, not steal, lie and cheat.

__________________
E-mail marketing - Automation Scripting - IP Space
AIM: splitjoelp ICQ: 254759453 skype - splitjoelp 702-941-6465

SplitInfinity

The cover to the book thats bound to come out about this thread should be:

tASSy

__________________

tassy*PINK
* ICQ ~ 318*097*066 *

SplitInfinity

There ARE weapons of mass destruction.
We decided to seize random epassporte customers money
to assure the American people that NO terrorist monetary
value is associated with this payment form.

sharp

damn that blows.

SplitInfinity

Artists mock up of the newest and latest epassporte logo.

SplitInfinity

Whether or not Epassporte is FDIC insured SHOULD NOT MATTER.
FDIC is reserved for banks. EPassporte, should have its OWN insurance
outside of FDIC.

Its common sense. If you let your customers get ripped off, then you suffer the burden of your customers fleeing your service and posting hate on boards.

If passwords are a problem, as they always seem to be with epassporte,
then why dont you solve the problem and ENFORCE 100% hard to crack passwords on your services? Hell, even webmoney uses certificates for
authentication and avoids passwords all together.

StatsJunky

That about sums it up. If something goes wrong with Epassporte you're shit out of luck.

__________________
erik AT suthnet.com

jayeff

I don't think anyone is under the illusion that EPassporte is a bank. But when they operate in the same areas as a bank does, it is hardly surprising that people expect similar standards of service. An example arising from this thread, is why should a chargeback take so long to happen? Several people have asked in the past why an unused pre-authorization takes so long to clear.

EP's response to these and similar questions is always that those are their bank's rules. But that answer leaves a sour taste because we all work with banks which have dramatically shorter timescales. It's a little difficult to believe a bank could exist which offered common services so much slower than those of its competition. But if those are the rules of this particular bank, what on earth made EP choose to work with them?

The thing about EP not being able to return money once it is out of the system is only a partial response to stories like the one in this thread. Insured, regulated or not, why didn't EP provide the same information to its customers that my bank (as per my earlier post) was immediately willing to provide me? Even if that had not helped me recover my money quickly, my bank made themselves part of the solution and not part of the problem.

Third-world employees, I think is just a metaphor for the kind of script oriented support EP have in place and which people associate with outsourcing. If you have anything which cannot be resolved by a pre-written answer, you are in trouble. That's not in itself particularly unusual these days (although again it falls far short of the response people are used to getting from financial institutions, so EP shows up badly), but then you have the frustration of knowing that when a further response arrives 8+ hours later, it will be a template that is barely, if any more more helpful. There is very little other than the absolutely routine which you can accomplish without relying on whoever is helping out via the boards and even that support, as I discovered back in August, can be lacking.

It has been that way ever since EP started. To cap it all, every time CM decides to hit the boards, he seem unable to resist implying that everyone who complains has an ulterior motive. That really p*sses me off, because I only post polite, accurate descriptions of my own experiences. My only motive for doing so is to attempt to shame EP into dealing with some aspects of their service better, because I don't want to deal with the same crap every time something goes wrong, however infrequent that may be. Yes, I could stop using EP, but that would mean dropping a couple of sponsors or paying $60 in wire fees every time they pay me.

I'm sure there are some agendas in play, but I'm equally sure I'm not the only person who simply wants EP to handle problems in a more approachable, more efficient manner.

Daruma

I'll say it again... insured or not - it would have been cheaper to act like a bank and return $ in this case rather than have this thread blowup for days...

__________________

V_RocKs

Not really... Thousands of webmasters will continue to receive payments and hundreds of companies will continue to load their accounts. All of this involves fees they will make that when compared to your income should seem amazing.

You will die someday. Epassporte will still go on.

Daruma

I don't doubt they will still get deposits... however your statement about my income - you have no clue.. I'm familiar with the #'s involved

__________________

Jace

I love it when large adult companies come on gfy and tell everyone they won't chat about shit on here anymore

um...this is the largest webmaster board, you are a large payment processor in adult, doesn't it make sense to mingle with the customers and make things right?

saying you won't post on here anymore is just an easy copout, and as we have seen from the various other companies out there that tried this same tactic, it doesn't work and makes you look far worse in the long run

minusonebit

People are supposedly working on soultions, but none are actually up and running yet.

Pure Evil

nice responses, real professional. and this fucking clown is supposed to be the owner of epass? yeah im goin to trust someone like that with my money

__________________
I am the fourth Horseman.

EdgeXXX

Hmmmm... that's interesting that you mention that, because I was just on epassporte.com and noticed that there are NO "terms and conditions" outlined anywhere. Care to explain?

__________________
.
.
.
.

rehash

I have a feeling there could be more people in our situation...since it was a pure luck to find THY's first post..that could be one reason they will not refund...the loss could be much higher than $4500

But anyway...they are not able to explain how $4500 can go out of the system in one hour...who the hell has $4500 ATM limit? they said the money could have been split into more accounts(please note the "could"..which shows how much they know about what happened)..but when they ask for all those verifications...how can it be possible for someone to have so many accounts?

Not only they are not refunding us, but they cannot even explain what happened...this shows a lot about how professional their "Risk Management Team" is...

__________________

HairToStay

A few things strike me as odd. THY supposedly is on the same IP as someone who was phishing at ePassporte. If he's not on a network then he seemingly has been 0wn3d. What type of connection? Sounds like your machine is being used as a bot.

With no alternative to ePassporte at this point, they can spout off as be as rude or obnoxious as they wish and won't lose any customers.

They aren't insured? So what's to stop anyone here from opening up their own service? Set up a secure server, collect money from people and hold it in your own bank account, etc.

__________________
Make bank by giving your surfers free pics every day and it costs you NOTHING! Use POTD Sponsors to find adult sponsors in more than 75 niches who offer a POTD feature!