Casinos

Casinos By Status

Popular Filters

By Banking Options

Games

All Games

Bonuses

Popular Bonus Filters

Forums

Popular Forums

Forum User Features

Complaints

Submit A Complaint (PAB)

PAB Rules and Guidelines

Browse PABs

Gambling News

Popular News Sections

About Us

About Us

external image

Unauthorized charges made on card used at a Club World casino

milemaster

milemaster

Dormant account
CM Veteran (10yr+)
Joined
Aug 24, 2005
Location
Yarnbombing, Phlugerstan
My visa which has had no other use than for depositing at a CWC casino (Manhattan Slots) has been compromised. I had 14 charges appear today from Google voice which I certainly did not authorize. It's possible we've got a rogue processor out there, check your card statements!


Click here to find out why this casino is in the Rogue Pit
 
Question - is this card a bank check card, a prepaid debit card and a real charge card?

I have never had any strange charges on my prepaid cards related to casinos but I did have one episode of a charge being taken by processor but not credit to casino account.

I only keep enough on my card for that times play so it would be impossible to run charges on it when there is no money there.

I have been watching all my accounts closely just to make sure though.
 
This is starting to get a little worrying for our U.S friends on cm.

I hope the U.S facing casinos on CM are taken notice of all these threads popping up lately with stolen funds. Someone should really be looking into this, its becoming to much to just be a coincidence.
 
anniemac said:
Question - is this card a bank check card, a prepaid debit card and a real charge card?
Click to expand...

It was a bank check card tied to a bank account used for online gaming. All the charges appeared to originate from china but it's all I can tell at this point. My bank already removed the charges in my account but I've now got to fill out an affidavit officially disputing them.

I've been playing online for years and this is the first time I've ever been faced with this.

I always thought the risk was withdrawal payment delays, but now we've also got to worry about the possibility of shady processors. This really isn't a fun form of entertainment anymore. I'm going to throw in the towel I afraid until the online gambling landscape improves.
 
milemaster said:
My visa which has had no other use than for depositing at a CWC casino (Manhattan Slots) has been compromised. I had 14 charges appear today from Google voice which I certainly did not authorize. It's possible we've got a rogue processor out there, check your card statements!
Click to expand...

When paying online I prefer sites that link directly to the payment gateway vs. homegrown pages that hyperlink the information after its submitted.

That way I know whether I'm having a problem with the processor, or the site itself. ;)
 
Don't know if anyone has bothered to mention this to the CWC people, AFAICT no one has said as much, so I've just done so.
 
Hi, please can you PM me your username and the last four digits of the card in question.

This is obviously a matter that requires investigation.

Thanks
Tom
 
milemaster said:
I always thought the risk was withdrawal payment delays, but now we've also got to worry about the possibility of shady processors. This really isn't a fun form of entertainment anymore. I'm going to throw in the towel I afraid until the online gambling landscape improves.
Click to expand...


Agreed, Agreed, and Agreed! .... Things have got to improve that's for sure. Every time I make a deposit lately I get the feeling I'm donating to a bogus charity, I wonder what price will I pay for doing so....

Really is unacceptable you have to go thur all this, sorry. Hope they straighten it up quick n painlessly for you!
 
There's just a little too much of this going around right now in the gambling community. I've always recommended using bank accounts not tied to household funds for USA players. For now, IMHO, maybe it's best to stick to generic prepaid debit cards from the corner store, tied to no personal bank account at all.
 
All these different threads about unauthorized charges has me wondering if one or more processors got hacked or worse.....something larger than the processors.

There is a another forum that I'm member of that occasionally some spam gets through and I've saw messages offering to sell cc/debit #'s. The more you buy the less they cost and supposedly they are guaranteed to work. What they cost depends on how many you buy and how high the line goes up to. Small test amounts are often charged to verify the card is good and we've been seeing several posts about that. If not caught they then are used for much larger charges.

Using anything other than a prepaid card is much too risky for those especially in the US.
 
@ Maxd and CM,

The lost deposit that I had was with Desert Nights and yes, the first thing I did was notify CS and Ms Sloto about it. This was back on April 21 so they knew about a possible problem then.

I've personally never had a problem with any CW casino. But like I said, I only use prepaid cards but I think I am going to start using P&P only for depositing.
 
anniemac said:
@ Maxd and CM,

The lost deposit that I had was with Desert Nights and yes, the first thing I did was notify CS and Ms Sloto about it. This was back on April 21 so they knew about a possible problem then.

I've personally never had a problem with any CW casino. But like I said, I only use prepaid cards but I think I am going to start using P&P only for depositing.
Click to expand...

Actually this was back when they were using the processor from AZ. The one that eventually got me upset with Netspend had me leave Netspend, because they wouldn't even take a charge from this processor after a while. So I ended up seeking out a new prepaid card.
I really don't even think it's the Chinese processors. I think it was something that happened with the AZ processor really. I know I've ragged on and on about the Chinese processors. Yet it would seem funny that my one charge would come from AZ not China.
Who knows whats really going on, I'm going to highly doubt the casino is one the behind the fraudulent charges, just because I would think they would know better.
I would think it would involve a bit more on the processor side, just because as demonstrated it really doesn't take much to be a casino processor. Just tell them how much your going to charge to process payments to and from. If the price is right, they sign on with you and away they go. Look at how easy the US Government did it.
Then the other part is get out before one of the governments come in and crack down on you.
 
I had a similar incident about a month ago. I only play at 2 sites and had recently sent documents to both on an updated card. My card was used on paypal, google, and something called merit. I caught it as the charges were occuring and so did ViSa. They called me and we cancelled the card. Before hearing from visa I was contacting google and paypal. Merit charges never went through, assuming because only preauth and card was cancelled. Google took about a week but fully refunded all charges. They were a hassle to contact but once I got to the right person everything went quickly. Paypal said they would not process the charges, but did anyways, then said would refund but would take 30 days, so after 10 days my bank contacted them and told them they were reversing the charges. So I did end up being fully refunded for about 200 dollars in charges. Only had to cover for about a week.
The point being that the first casino I contacted about it was very rude and called me rude for implying that an employee from there or from their processor most likely, had stolen my card info and used it. The casino was not nice about it, even though both paypal and google tracked the use to china and could even give me the email addresses used registered in China. The thief had even tried to charge an airline ticket to Iran. So I never actually officially notified cwc because of the response I got from the first casino. I did mention it in passing in an email, but no one from cwc ever commented on it.
So yes this is an issue, however, I constantly monitor my card and usually use a prepaid. However prepaid doesn't work when you use paymycard so occasionally have to use bank cards to withdraw to bank accounts. I don't have an answer but wanted others to know that yes this issue is occuring and is tied to someone having access to bank cc numbers through accredited casinos. Oftentimes my banks will not process deposit requests because of the processors, maybe they know who is unreliable, I don't know. But the only problem I have with the cheque option is that I sometimes get checks from Canada and my bank does question those. So each method has a pitfall and I surely don't have the answers. JMHO
 
gambler777 said:
I had a similar incident about a month ago. I only play at 2 sites and had recently sent documents to both on an updated card. My card was used on paypal, google, and something called merit.
Click to expand...


I'm pretty sure the OC probably has a system in place, when you enter your card details to make a deposit, the card details aren't seen by human eyes. I would think that it's fully automated and the transaction moves directly to the processor and sent on to your FI for authorization and then back to the OC with an approval, or denial. All they see is if it was approved, or denied and the last four digits of the card.

The only way it would be an OC in house problem is if they capture the information on the site, then manually enter the data before sending it to the processor, which is unlikely if they have high volume real time business.

I deal with automated teller machines on a daily basis, high volume sites and also deal with processors. When using an ATM everything is encrypted, including the keypad and the transaction information is securely sent to the processor, on to the FI and back to the ATM. I can't see card holders names, the only thing I can see is the last four numbers of the card, amount of transaction, time, date, approved, denied and so on.

I've even went to service an ATM and found large amounts of money just laying in the tray. Called the processor cause I knew it was the last person who used the machine but they don't even have access to that information for me to return the money.

My concern is you sent in documents on an updated card. I'm assuming you scanned the card, was it front and back? Or was it a form requesting card information with a signature? My question would be did you block the card numbers with the exception of the last four #'s, or did you provide full details, front and back?

If in fact you did provide all the details my second question is did you email this data to the two OC's and if so was it encrypted email? Or did you fax the information to a fax #? Or did you mail the information?

Here's a screen shot of a processor backend as you can see no secure customer information is allowed to be seen even by a processor.
 

Attachments

  • processor.webp
    processor.webp
    25.3 KB · Views: 157
Could a dodgy processor implement a system whereby they COULD access all the information, or is enforcement outside of the processors control?

The weakness does seem to lie in the scanned documents sent to a casino if nothing is blocked out.

Winward casino once rejected my card scan because I had blocked out the middle 8 numbers and the 3 digit security code, and demanded I resend with nothing blocked out. They backed down when I told them I had contacted "VISA International" to ask whether it was OK to comply with this. I wasn't bluffing either, but they didn't seem too concerned about it, which puzzled me given that it was advice from the banks to never let anyone copy the full set of card details, and to "never let the card out of your sight" when using it.

After not being too concerned myself, because all fraud was covered by the Consumer Credit Act, and the bank would have to refund the charges anyway, I began editing out the middle 8 digits and security code routinely when preparing scans of my card, and this edited version is all I have sent since.

Winward are the ONLY casino to have made a fuss about it, all the rest accept it.

Identifying the culprit(s) is going to be tough, the casinos seem to be in denial that it has anything to do with their systems, and are probably not taking this seriously. I expect they assume the culprit is from somewhere else the user has used the card, however this is hard to justify when the card has ONLY been used at casinos online.
 
i just got one today from itunes with 6 withdrawals all totaling 149 dollars.
called bank they stopped it asap and canceled my card.

i never thought i would be compromised with some of the casinos that are on the good list here.
is all i use these cards for to deposit and im glad i checked my statement or i would of never knew.

very angry at moment
 
vinylweatherman said:
Could a dodgy processor implement a system whereby they COULD access all the information, or is enforcement outside of the processors control?

The weakness does seem to lie in the scanned documents sent to a casino if nothing is blocked out.

Winward casino once rejected my card scan because I had blocked out the middle 8 numbers and the 3 digit security code, and demanded I resend with nothing blocked out. They backed down when I told them I had contacted "VISA International" to ask whether it was OK to comply with this. I wasn't bluffing either, but they didn't seem too concerned about it, which puzzled me given that it was advice from the banks to never let anyone copy the full set of card details, and to "never let the card out of your sight" when using it.

After not being too concerned myself, because all fraud was covered by the Consumer Credit Act, and the bank would have to refund the charges anyway, I began editing out the middle 8 digits and security code routinely when preparing scans of my card, and this edited version is all I have sent since.

Winward are the ONLY casino to have made a fuss about it, all the rest accept it.

Identifying the culprit(s) is going to be tough, the casinos seem to be in denial that it has anything to do with their systems, and are probably not taking this seriously. I expect they assume the culprit is from somewhere else the user has used the card, however this is hard to justify when the card has ONLY been used at casinos online.
Click to expand...

Hasn't it been proven that ewallets are a stepping stone for online U.S. gambling transaction approval?

They are not processors, just a way to move money, that's why they come and go.

The posters/players need to reply as to what information they share, how.
 
tat00 said:
i just got one today from itunes with 6 withdrawals all totaling 149 dollars.
called bank they stopped it asap and canceled my card.

i never thought i would be compromised with some of the casinos that are on the good list here.
is all i use these cards for to deposit and im glad i checked my statement or i would of never knew.

very angry at moment
Click to expand...

This is beginning to get out of hand....

Everyone who has had their card compromised... you have run a full malware scan and have found no nasties? no key loggers, etc.?

There seems to be a great big gaping security hole somewhere in the process of our inputting card info (or sending it in with docs) at online casinos or between the processor and the casino.
 
Thinking of Malware; have any players experiencing this EVER installed a "dodgy" casino, even if just to try their free chip with no intention of depositing. These is one case in the past that I know of where a rogue casino deliberately piggy-backed malware on the casino installer which blocked the computer from being able to access the services of a competitor. They were rogued for their troubles.

It is possible that a rogue operator has gone one futher, and tried to introduce even more dangerous malware on the back of a casino install, or even developed a fake casino purely for the purpose of inducing installation for a promised free chip. Even with the casino uninstalled, the malware will stick around.

Further, many players have to tweak, disable part of, or even switch off entirely, their anti-virus to get casinos to work because of the "false positive" problem. This is the perfect way to sneak something past local security. Even if the anti-virus detects the malware, users will assume it is yet another troublesome "false positive" and give permission for it to install. Once installed, if it looks like a casino lobby, it won't keep triggering the anti-virus.

The malware could attack the one point of weakness, initial registration of the card, where the WHOLE number is typed in, and this information sent back to the casino server. The malware could intercept this and read the card details, but allow the message to go back to the casino server so that no error message alerts the user. The malware need only look like it is submitting a bet in order to slip the "send home" of these details past the anti-virus.

The attack could be generic enough to be able to read card details from ALL casinos running a specific software, with RTG being the obvious candidate for getting hold of US card details, and Top Game perhaps second best candidate. Both softwares seem not to vet their licensees, so anyone can get a license, and then try to piggy-back the malware into the casino install.


What is needed is a scan so thorough that it will detect any malware, no matter how well hidden, along with detailed advice so that users can run it properly.

If we can show that users experiencing this problem have no nasty malware, we can rule out the malware on PC security breach, and concentrate on other parts of the process.
 
Since this happened to me, I have stopped depositing. I do not trust the environment rite now. I also do now know for SURE which casino processor got me.
I am not giving my new card info to anyone. IT is sad it has come this . I do want to do the prepaids as you would have to send in a copy of every one to cash out. Too much work.
Ill still hang around watching to see of things ever improve.
 
As far as malware goes, my computer has never had a virus. I have a virus checker and run full scans just for my benefit. I do get a message from AVG everytime I open both my casinos, it says they are infected with malware when i do the download and install, i just tell it to ignore, but it does say the casino has malware, not sure why this is. Is this something I should be concerned about? I have been playing for almost 8 years, have had problems occasionally with processor processes twice, or processing a denied transaction, however this is the first time my card has actually been compromised and both my cards were compromised in the last 3 months.
 
vinylweatherman said:
I began editing out the middle 8 digits and security code routinely when preparing scans of my card, and this edited version is all I have sent since.
Click to expand...


I feel really stupid! It never occured to me to just say NO!

I sent the authorization form along with copies of my bank visa db/cc front and back unedited for "account verification" to two casinos recently.
(I joined both casinos through links on CM's List of Accredited Casinos).

The casinos are asking a lot from a customer to intrust them with such privileged and personal documentation/information. On the other hand, I realize a casino is also at risk and must protect their assets as well.

However, the seriousness of these unlawful violations can not be dismissed. It's critical we find out if these offenses have a common thread.
There are so many variables that could come into play on either side, from anywhere!....

Fraudster-Crooked Casino, Thievish Processors-Ideny Theft, Rigged Software-Cyber Crime, Malware-Spyware, and that Sneaky Conniving Lil Middle Man that pops up all the time.

I am concerned my financial information could be compromised. Being a player from the US my options for deposits/withdrawals, even casinos are very limited. (I'm not implying this issue is US only, it applies to all of us)

I'd like to see Online Casinos take steps to render these issues and if need be make sacrifices (A short term loss in return for a greater gain) to provide customers with a service that is secure, safe, and reliable (The ability of a person or system to perform and maintain its functions in routine circumstances, as well as unexpected circumstances).

IMO, Online Casinos are not in the business of providing a "public service" per say. (The business of supplying an essential commodity.) However, I strongly believe they fit into the catagory of "public services of general interest" (A service beneficial to all the parties involved).

On line Casinos are Big Businesses in the field of entertainment. We pay to receive their services the same way we pay for any other product we order.
It's my opinion they should take responsibility to insure we receive their services in a secure manner free from risk or loss.

***When expressing my fears to a friend they simply said to me, "You know what your dealing with, the nature of the business. It's all a "gamble", isn't that why you do it? .... If you play you pay or don't get paid.... whatever the case may be... you take the risk***

I strongly disagree with that view...
 
Bono2u2 said:
I sent the authorization form along with copies of my bank visa db/cc front and back
Click to expand...

It's never safe to send the front and back of a credit, or debit card without some of the information blocked out. Honestly a card scan showing your name and last four digits should be sufficient to verify you have possession of the card.

Again the only reason to provide a full front and back is if in fact they're manually keying the information in to a processors website system vs. having it intergraded in the site when you enter it making a deposit.

I'm assuming you emailed this information to the casino's without using encrypted email, for those that don't know how unsecure email is should Google the subject. Lean how many stops your email makes before getting to the recipient and all the people who can gain access. You also run the risk of sending your secure information to the wrong email address which I'm sure is done quite often by many people, not just this industry.

A good encrypted email account costs around $100.00 per year, pretty steep if all you need it for is sending doc's to OC's for verification. That's why I built a system for players to send their doc's securely to OC's.

It's apparent from a couple threads that there's a problem with card details being compromised somehow and somewhere during the funding process but in all fairness to the OC titled in this thread, it could be the manner you're sending the information to them and not the OC, their employees or their processor.

I've contacted many OC's over the past three years and most of the replies I get are pretty short, not in our business plan to change procedures. So it's going to take a rise is fraudulent charges, finger pointing like here or players to just say no before finding the actual cause for unauthorized charges, MO.
 
milemaster said:
7 charges were 1.00 authorizations, and the other 7 were for 10.00 each. It appeared I caught it in the middle of the spree as my bank cancelled the card.

My last charge/deposit I made was 5 days ago.
Click to expand...

I just caught an authorization for 1.00 about a week ago. It came up as j2 efax. It didnt look familiar so I googled j2 efax , and saw it was a scam. I canceled it that day so that the larger charges wouldnt start coming through. I dont use my card often online, so I am not sure where the problem is, but I have used it at Club World. I understand it would be the processor that does it and not the casino itself. I am sure it would be an old processor that is not doing biz with them any longer. Who knows what exactly happended, so many ways to defraud. I would have to assume someone sold the credit card #'s. I would be curious to see if anyone else had this "J2 Efax" charge.
 
Still no word back from Tom about the unauthorized charges and it's been a month and a half. In the future Tom, please don't send me a PM telling me that "I am working on this as a matter of urgency." and then vanish for a month (so far). You'll notice my 2-3x four figure monthly deposits have dwindled down to virtually nothing. Guess it doesn't matter..
 
amatrine said:
Since this happened to me, I have stopped depositing. I do not trust the environment rite now. I also do now know for SURE which casino processor got me.
I am not giving my new card info to anyone. IT is sad it has come this . I do want to do the prepaids as you would have to send in a copy of every one to cash out. Too much work.
Ill still hang around watching to see of things ever improve.
Click to expand...

I use prepaid Visa debit cards all the time and never have had to send in a copy of the prepaid card. Where have you had to send in a copy (if you don't mind my asking?)

Diane
 
Diane,

I can't think of but one casino group that I play at that doesn't require a copy of the card I use to deposit. For that reason, I never use my regular bank account debit card for anything casino related.

Maybe you could tell us how you get by without sending in a copy and use PayMyCard to withdraw? :)
 
anniemac said:
Diane,

I can't think of but one casino group that I play at that doesn't require a copy of the card I use to deposit. For that reason, I never use my regular bank account debit card for anything casino related.

Maybe you could tell us how you get by without sending in a copy and use PayMyCard to withdraw? :)
Click to expand...

I don't know. I have never had to provide a copy of a prepaid card yet.

Pay my card works for w/d as long as you have previously used that same cc for a deposit. I use a mix of prepaids and regular cc without problem so far.

Diane
 
anniemac said:
Diane,

I can't think of but one casino group that I play at that doesn't require a copy of the card I use to deposit. For that reason, I never use my regular bank account debit card for anything casino related.

Maybe you could tell us how you get by without sending in a copy and use PayMyCard to withdraw? :)
Click to expand...

Diane said:
I don't know. I have never had to provide a copy of a prepaid card yet.

Pay my card works for w/d as long as you have previously used that same cc for a deposit. I use a mix of prepaids and regular cc without problem so far.

Diane
Click to expand...

Yeah... everyone on the world (except maybe my mom) should have a copy of every prepaid I've ever used by now - even at places like INet and CW where I've been playing since ... well... forever. :rolleyes: (I've never used a bank debit or CC for casino deposits)
 
I had $975 unauthorised transactions sucked from my bank account that is linked to my visa debit last year, luckily the bank reversed the charges within 24 hours and I got my money back. The audacity of the scammer, had my phone number and called me asking to send in verification documents, and were very adamant that they needed a bank statement showing my full name, account and BSB number, ive had my identity stolen before so im not backwards when it comes to these mongrels playing their games.

The casino that syphoned the cash said it was for previous purchases that they credited but never got from me, this was cross referenced and they were lying. They wanted a copy of my credit card and my bank told me under no circumstances to provide any online gaming establishment a copy of my credit card or my licence apparently there is a scam going around where our details are being sold to the highest bidders not only to sought out business from us but being used for fraudulent purposes also. So just be very careful when sending documents, I realise the casino has to cover their own butts by verifying that we are over the age of 18 or 21 and that the card is ours to use, however surely there are other ways to verify a player, be it via snail mail and phone like Bet365.

I think the safest way for all of us is to use other deposit methods like Ukash, Poli, Skrill, Neteller etc without having to give over card and account numbers, unless of course the casino is a trusted one that does not share information and ensures that all is protected.
 

Similar threads

B
Payment Complaint Slotastic Casino is stalling on a $2,000 withdrawal with arbitrary rules around maximum withdrawals and KYC
Replies
4
Views
356
teckiwi
T
Nate
  • Sticky
Must Read Black Hole Casinos: The New Face of Online Gambling Scams
Replies
29
Views
3K
Valhalla
Valhalla
pereblue
  • Article Article
Can Coinbase be used for gambling?
Replies
33
Views
20K
ragnar1218
R
chiya
Question Unauthorized debit card charge made by SKP LTD .. Who are they?
Replies
10
Views
24K
Sophia78
S
Hamster 100
PlayHub Casino - accusing me of fraud on slots?
2 3 4
Replies
171
Views
36K
sushman
S

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)

Accredited Casinos

Read about our rating system and how it's done.
Back
Top