CCAvenue Payment Gateway hacked. CEO cries foul

[Kuantum]

Debit card always require authorisation through password. So credit cards are vulnerable if used outside india and not debit cards. Right ???

^ Yes that's right. Only risk is when you enter CC details on payment gateway but that too is now protected by MC Secure/ VBV for authentication and those details are not shared with any third party, including the payment gateway.
This is the risk as those CC details if compromised can be used in sites not participating in MC Secure/VBV, like most international sites.

 

[mehrotra.akash]

Debit card always require authorisation through password. So credit cards are vulnerable if used outside india and not debit cards. Right ???

Most (if not all) indian debit cards cannot be used online for international transactions

 

[CA50]

I dont think there is any need to be worried about your cards as of now, as
i)There were no credit card numbers stored on their servers
ii)They did not have access to the 3Dsecure password, which is necessary for payments

Mate have they implemented 3Dsecure password, because last time i paid for ebay, i got the regular page where i had to enter the ATM pin :huh:

 

[premiumseller]

Payment Gateway CCAvenue Hacked [Updated/Open Questions]

its true ccavenue hacked

 

[mehrotra.akash]

Mate have they implemented 3Dsecure password, because last time i paid for ebay, i got the regular page where i had to enter the ATM pin :huh:

I was referring to Credit cards.

Dont have experience with SBI, but in case of ICICI debit card or payment by netbanking, there is additional security implemented by ICICI bank, entered on the ICICI page itself, so you are safe unless ICICI is compromised.(3 numbers from a grid on your card and your internet banking password is needed)

 

[axeman]

thats not the real point actually. if they got hacked, then malware could have been dropped on the users PC via their site, and such malware can record keystrokes, screengrabs, manipulate web pages etc, so even your 3d secure passwords, non-typed passwords etc can & would be stolen leading to many more headaches all around.

 

[thatsashok]

i have to purchase a couple of things online. So should i stay away from sites using CCAvenue for payment ???

 

[CA50]

thats not the real point actually. if they got hacked, then malware could have been dropped on the users PC via their site, and such malware can record keystrokes, screengrabs, manipulate web pages etc, so even your 3d secure passwords, non-typed passwords etc can & would be stolen leading to many more headaches all around.

Thats the reason for why i use On screen keyboard, but security treats gives me nightmare

 

[asingh]

Payment Gateway CCAvenue Hacked [Updated/Open Questions]

its true ccavenue hacked

If that report out is true. BIG GULP+dry throat.

 

[esanthosh]

I've done lot of transactions using CCAvenue in the past, but this worries me.

Judging from the list of tables from this post - http://www.hackerregiment.com/ccave...ay-hacked-and-passwords-published-online.html, I'm not sure what to think.

Are Payout details, Payout Summaries archived every three months - May, Aug, Oct? Why No Jan 2010 or 2011? Do they store only the last three archives?

Others like transactions seem to be archived weekly. But the latest date I find in a table name is 2010-10-10 (after that 2010-10-05 and then only 2010-09-24).

Does this mean CCAvenue was hacked in Oct, 2010 and nobody said anything about it OR they have not created archive tables after Oct, 2010?

Wonder what's in the citibank_cc_details, ICICI_cc_details etc.,

 

[The Sauron]

CCAvenue CEO Vishwas Patel Denies Authenticity Of Hacking Report; Claims Mischief

Updated: CCAvenue CEO Vishwas Patel Denies Authenticity Of Hacking Report; Claims Mischief - MediaNama

 

[axeman]

Thats the reason for why i use On screen keyboard, but security treats gives me nightmare

on screen keyboard is a big joke actually in the security industry. its a gimmick. the current bunch of trojans can actually feed a frame by frame image of whatever you are doing on the pc, and relay ur display to the hacker. so, if you are watching a video on youtube in between a transaction, he will see the same video as you see it

 

[MohitPreet]

thats why i always use VCC

 

[thatsashok]

i wonder how many railway tickets were booked from IRCTC from that day.

BTW are billdesk and ccavenue the same?? i thought they were different..

 

[krishnandu]

I think billdesk and ccavenue is diff.

 

[axeman]

I think billdesk and ccavenue is diff.

they seem to have some relation, a banker told me today billdesk is also down

 

[blueren]

on screen keyboard is a big joke actually in the security industry. its a gimmick. the current bunch of trojans can actually feed a frame by frame image of whatever you are doing on the pc, and relay ur display to the hacker. so, if you are watching a video on youtube in between a transaction, he will see the same video as you see it

Yas! Any most keyloggers have that feature.. I installed one in my college

 

[wishmaster.dj]

i am worried. what happens now?

as someone already asked, should we 'redo our plastics'?

 

[kartikoli]

changed the password ... hope nothing gone wrong

 

[krishnandu]

^^Which password?? Are you talking about CC??