According to their privacy policy "Eye4Fraud obtains Personal Data about you from various sources. “You” may be a visitor to one of our Sites (“Visitor”), a user of one or more of our Services (“User” or “Eye4Fraud User”), or a direct or indirect customer of a User (“Customer”)"
Probably what happens is your bank or the card issuer or some place you used your card subscribes to one of these types of services and thus they get your info that way. It's a fraud protection service that many small businesses and websites use to prevent chargebacks. We would be the customers of their customers
Just another example of no matter how careful you are, all it takes is a bad actor somewhere along the chain to access it.
Completely agree with wittaj. Despite being careful, never leaving CC#s stored online if at all possible, I had a biz CC hacked... THREE times in 10 days. Called card issuer, went thru the CSR tree to eventually be dumped onto fraud dept, where I had to explain everything all over again. CC rep said they would investigate, let me know in 30 days if I was liable for fraud charges. Meantime, cancelled my CC#, issued a new one, sent via US snail-mail. BEFORE the new card arrived, I see more fraud charges show up on my account - the NEXT day - on the new CC#! I don't have the new acct #, haven't activated new card yet since it has not arrived. Called back, different CSR, same story, explain it all, then get dumped to fraud dept and start over. The rep says we'll cancel your new card and issue yet another, + another investigation on the new fraudulent charges, same story. A week later, get new card in the mail but not before more fraud charged attempted. Have not even activated card yet. WTH? Called the bank issuer of the card, really PO'd. Same story again. Finally request to escalate to a supervisor. Explained I just received the card, not even activated and I am notified of charges pending the originated BEFORE the card was sent. How can someone charge my acct BEFORE I EVEN had the card myself, and had not even been issued a new number (in the 2nd case)? I was told, the bank card issuers have an automatic card update function which AUTOMATICALLY sends your new account number out to ANY MERCHANTS who claim to have an ongoing business account with the cardholder (such as giving you CC to the phone, cable, ISP, utility co etc). My question was WHO determines TO WHOM the PAU (progrqammed autmoted update) service distributes my new account number to? Crickets, long silence. I was told well you can call the primary card issuer (MC, VISA, AMEX etc), request to have PAU deactivated. I was given a "direct line" to my primary card issuer, to have them drop the auto update function. Ended up at the main phone tree # everyone else calls for any and everything. Had to wade through 30 min phone tree madness, finally got a rep, and she told me "we don't handle that function. It's at the discretion of your CC bank issuer". Called the bank again, phone tree ad nauseum, finally got someone. Told them FIX it or I am EX CUSTOMER. I was told the automated update was removed from my account, all the fraudulent charges dropped.
When I went online to pay some bills, I was astounded to find some vendors (LARGE US corp's) had retained my CC# W/O permission, and what'ya know, my new CC# was already on file. SO, once they get you, a fraudster can KEEP charging you (in my case one "vendor" tried 6x for same "purchase, several times more for other alleged purchases).
As far as I can tell, the only recourse is to drop the card, don't use that bank issuer again... but I'm not convinced that VISA/MC/AMEX etc don't have and use the PUA update service on their own.
But the one that ticks me off the most is being told that I was a member of a very large group who "may have had" sensitive personal info "obtained and used without authorization". This was from a major US credit bureau. For my inconvenience, they were going to "give me" 6 mo "free" basic credit monitoring service. I already had a paid account for that very same thing. When I tried to sign into it to find out what was going on, they told me no such account exists. Brilliant. As far as I'm concerned, they're all corrupt. Oh, and they now send out new CC's via USPS, UPS/FEDEX - ALREADY ACTIVATED. So, anyone with access to your mail can scan the card IN THE MAIL, and bingo, gotcha. What Einstein thought that was a good idea?
blog.lastpass.com
securityintelligence.com
/cdn.vox-cdn.com/uploads/chorus_asset/file/23262657/VRG_Illo_STK001_B_Sala_Hacker.jpg)
www.theverge.com
www.wired.com
