
Checking account hacked by Tagged member. 48 hours, no response from Tagged. - taeyoungwoo
http://www.taeyoungwoo.com/checking-account-hacked-by-taggedcom-member-n
======
jimminy
"Because I had a debit card, I could not have more money withdrawn from my
account than how much I had. Therefore, when this idiot tried to keep
purchasing 200,000 gold, he/she was stopped. Thank God it wasn't a credit card
--the bank would've eventually stopped the transactions from suspicious
activity, but who knows how much money could have been taken from my account."

This seems to be a bit naive, credit-cards have far superior fraud protection,
so no money is actually taken from your account, and it's easier and quicker
to fix by the institutions.

[EDIT] As pointed out below, yes they both have the same fraud protection
backed by a credit agency like Visa. However, if it's debit you lose cash and
it can take up to several weeks for it to be refunded. That versus being out
the amount of credit you can borrow for a few days.

A few years ago, with the debit he would have been at risk for possible
overdraft or insufficient fund charges.

I keep a low-limit credit card($500), that would have the exact same
characteristic that he is claiming makes the debit card better. This is the
one that is used for the majority of my transactions.

~~~
apsurd
As a rule, I only use credit cards. I have a debit card for the sole purpose
of using ATMs.

In the case your card is lost or stolen, you aren't liable for any fraudulent
purchases and the most important thing - you haven't actually _lost_ any
money; only the credit card company has.

I'd hate to have to jump through hoops and wait a month to get my money back.
For a large percentage of the population, losing a couple grand quite
literally means they can't eat or pay the rent that week/month.

Credit is great!

~~~
smsm42
For many card transactions the credit card company would issue chargeback in
the case of fraud for the merchant, which will end up losing money and paying
additional fees. So the losing party is frequently not the CC company but the
seller.

Losing credit can be a problem too, especially if one has regular bills coming
through credit card, which are not problem regularly, but if part of the
credit is frozen by the fraudulent activity, this may become a mess. I'm not
sure how all banks behave during a fraud dispute, but they very well may
reduce credit by the disputed amount until the dispute is resolved, even
without the owner having to pay anything.

~~~
lusr
I'd argue that having a blocked credit card is FAR more manageable than a
blocked debit card and this is precisely why I almost always only carry credit
cards (I also move my income into an investment account from my cheque account
as soon as I'm paid, less expenses expected in the next week).

Firstly, most recurring billing systems are built with credit card failures in
mind - the card can expire or be listed as a hot card, for instance, and needs
to be updated. This has happened to me and you are not penalised in any way.
I've also, once or twice, gone over my limit without the card being rejected -
the bank seems to give me some sort grace credit. This is fine by me since any
fraudulent transactions on a credit card are _claims_ against me that the bank
needs to prove. I can switch to another credit card if that card gets marked
as a hot card.

Secondly, a debit card is usually linked to a cheque or savings account. If
it's a cheque account you could end up incurring overdraft charges which
totally screw you over and mess up your standing with the bank; if it's a
savings account, you're screwed out of your savings while the bank
investigates and returns your money (bank I worked for until recently stated
that it takes SIX WEEKS to investigate when a friend's debit card was
cloned... that's a lot of lost interest).

------
dsl
Tagged does not need to respond to you, and there is not a single thing they
can say or do that will make the situation better for you even if they did.
You've contacted your bank, opened a dispute, and now the issue is between
Bank of America and Tagged (unless BoA contacts you for additional info).

Having your money stolen sucks dude. Keep your cool and everything will work
out for you. Most of all, just try to remember you are not a unique and
special snowflake - this happens thousands of times a day and everyone except
you involved has established procedures for dealing with it. Let the fraud
investigation and resolution run its course.

~~~
Maxious
Maybe not for him but there's a lot they can do for themselves if they act
fast - freeze the ill-gotten funds and make a profile of who they went to.
Wouldn't direct contact with victims be faster and more rewarding for Tagged
than waiting for business hours credit card industry processes?

~~~
devicenull
And how do you tell someone who is actually reporting a legitimate issue,
versus someone who's trying to piss off one of your users?

------
LVB
I'd like to know if Mr. Woo had two-step authentication turned on for his
Google account. (He mentions only that they, "gained access to my Google
account.") It's the potential for this sort of damage, or much worse, that
prompted me to turn it on and incur the slight nuisance of generating new keys
every 30 days.

Good article on the far-reaching calamity resulting from a hacked email
account:
[http://www.theatlantic.com/magazine/archive/2011/11/hacked/8...](http://www.theatlantic.com/magazine/archive/2011/11/hacked/8673)

~~~
drivebyacct2
Is it even that much of a nuisance? Last Pass and two factor auth are no
brainers for me. I ALWAYS have my phone with me so two factor is a given and
Last Pass has mobile apps and lets me have a unique password for every single
site. I honestly have a hard time taking people seriously if they're too lazy
to use something as simple as Last Pass, etc.

------
taeyoungwoo
First, thank you all for your comments--I just recently opened my first
checking account so I am new to this whole credit/debit card business. It's
great to receive feedback from people who know a lot more than I do about
these issues.

Tagged contacted me today at noon (Sunday Feb 12), but NOT as a response to
the direct contacts I made. They responded after reading my blog post (which
I'm pretty sure they saw through HN or through Twitter). Interesting.

I have screenshots of all the transactions, which include the date/time of
transaction and the order ID, and I sent this information to Tagged. They
responded within 20 minutes saying that they are "looking into [their] systems
to gain some clarity."

$200 of the $300 has been restored to my checking account, and I am still
waiting for the final $100 to be returned. However, regardless of having the
money returned quickly, I wanted to (and still want to) find out exactly who
did this. That is why I contacted Tagged on top of Bank of America (which
responded very quickly). Google Wallet advices to contact the seller directly
about the orders, which I did.

To answer some of the common questions among the comments: yes I do have
2-step authentication for Google, yes I changed my password, and I rarely log
onto my Google account on shared computers.

~~~
dangrossman
An IP address is not a person. Tagged doesn't know who did this, so they can't
tell you. Even if they wanted to, they'd be violating data protection laws,
their own privacy, and possibly their merchant agreement by giving out that
information.

~~~
taeyoungwoo
Not an IP address--the user. A user account had to use my card info to
purchase the goods. If Tagged can't tell me who did it, at least they can shut
down that account for fraud.

I'm looking through Tagged's terms of service and privacy policy right now to
see what their terms are on issues like this.

~~~
dangrossman
Undoubtedly they will do so when they receive the chargeback, without your
help. Not that it will be of any consequence to you or the actual person that
opened the account.

[http://www.stopthehacker.com/2010/03/03/the-underground-
cred...](http://www.stopthehacker.com/2010/03/03/the-underground-credit-card-
blackmarket/)

------
andrewcooke
school internet turns off at night?! where is this?

~~~
taeyoungwoo
Many independent high schools throughout the country (mostly boarding schools)
have similar Internet policies, mine included.

~~~
andrewcooke
thanks (i was confused by the word "school" - the uk and us terms for school,
college, university, etc, differ, and so i thought this was what a university
rather than a high school).

hope you got/get your money back.

------
videoappeal
1) Have you been using a shared computer? 2) Did you have a weak password? 3)
Do you use same password (or a small pool of passwords) for most sites and
service?

Answering yes to any of the above and you really should not be posting on HN

~~~
theDaveB
So that means I shouldn't be posting on HN because I use a shared computer.

Are you on drugs or some kind of prescribed medication ?

Dave

~~~
videoappeal
I should add "Have you been accessing sensitive sites such as your Google
accounts" on a shared computer." The HN reference was to distinguish if the
poster's complaint was worth of a discussion or is it one of 100k+ people a
day that get caught by keyloggers/phishing/social-engineering through their
own stupidity (like accessing Google wallet on a shared computer)

