back to article Wacom says crooks probably swiped customer credit cards from its online checkout

Graphics tablet maker Wacom has warned customers their credit card details may well have been stolen by miscreants while they were buying stuff from its website. We're told people's payment information was likely pilfered from the biz's online store between the end of November and early January, and that if you get a message …

  1. Yorick Hunt Silver badge
    Thumb Down

    Hmmm...

    Well-known CMS in which vulnerabilities are discovered at a rate much faster than they can be patched, and each patch introduces new vulnerabilities?

  2. Anonymous Coward
    Anonymous Coward

    PayPal

    I know a lot of people really do not like PayPal and with good reason but I would buy almost nothing online without it. I'm not going to type my CC number into a website unless there no other choice and it's an absolutely essential purchase. There are so many different links in the chain from my browser to the CC provider and I don't trust them all. I might even have a keylogger running on my device. Also, websites that offer to store my card details, for my convenience, can put that offer somewhere unpleasant.

    As the article implies this is probably a CMS breach but I find it sad that the Wacom checkout page loads scripts from:

    commerce.adobedtm.com

    cdn-4.convertexperiments.com

    connect.facebook.net

    cdn.gigya-ext.com

    www.google.com

    cdn.jsdelivr.net

    js.klarna.com

    consent.trustarc.com

    unpkg.com

    static.zdassets.com

    www.googletagmanager.com

    static.hotjar.com

  3. osxtra

    It's Only Money

    We did receive such an email on Jan 27, and yes, there were bogus charges being "investigated" by the bank belonging to the card used for a purchase on the Wacom site around the end of November.

    The fraudulent purchases themselves were dodgy - exact dollar amounts rounded to the hundred - and it looks like at least in our case at least two groups were using the card info, as the first hit was toward the beginning of January with subsequent hits spaced some days apart, but in the middle of that there was a charge then a reversal the next day, as if someone else was testing, perhaps gearing up for more charges.

    It makes me wonder just to what lengths the bank would go to catch these criminals. The items would have been shipped somewhere. Some may still be in transit. Perhaps the FredEx delivery driver coming to your door could be a police officer.

    A bit more labor, but one thing that would stop this fraudulent activity in its tracks is a "one-time" card number issued by the bank, with a specific dollar amount on it (plus maybe a little more padding for extra shipping, etc.). You'd get into your credit card account, enter the purchase amount and site from which the product is being purchased, and be given a customized card number & one-time code to use at checkout.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like