Party Poker in The Guardian

[tikay]

Thanks ontilt.

It has certainly opened my eyes, & I shall be taking a lot more care in future.

Much credit goes to Ironside & Bongo for taking the time to educate us in the error of our ways, & to show us how exposed to fraud we really are. Or were....

[ifm]

if all my bank wanted from me was my online account number and 3 digits from a 12 didgit pass then i would be changing banks ASAP
all a person would need to attempt to logg in would be the account number and a good piece of software that could go thru every 3 diget combinations (under 500k) that could be done in under an hour

Blimey!  so would i!!
In this particular case you log in with an 8 digit username (sent by post) and a password of your choosing, then you are taken to a different screen where it'll ask you for say the 2nd 6th and 10th digit of a different 12 digit password, these are selected from a dropdown list (can computer programs use dropdown lists) such as in the address bar of internet explorer. Only then if correct can you gain access to the site.
This is by far the best security i've come across and i have all my credit card, other bank acounts etc online.
Again though it could theoretically be guesses though the username is random letters numbers etc.

As for your question Tikay, if someone logs into your account using your username and password tough!
Sites do not have policies for reimbursing you for this type of fraud whereas banks do (if someone withdraws money from your account/card you just sign a form to say you didn't do it and they will give you the money back!!)
Poker sites do however have policies designed to stop money laundering, if you dump chips off and they see it they can and freeze your account!!! The great Pokergirl1 will attest to that, i think primapoker froze 50k of his cuz they said he did this, not sure of the outcome though.
I once read somewhere that some of these computer programs will EVENTUALLY be able to get into any username/password guarded site. Though some believe it or not are stored in the cgi bin itself (this is a little complicated to explain but it can be accessed thru the website address).
Ian

[Bongo]

Yes the computer programs can both read (they can take screenshots of them) and also send them to the bank.

My maths tells me that you need to know 10 of the 12 digits to have a >50% chance of knowing all 3 that are asked. I then calculated that you will need to observe 7 logins on average to know 10 digits of the 12. My maths could well be wrong though.

[ontilt]

I think the key to preventing this kind of password cracking is having accounts that lock out until you verify your identity in person which is what banks do.  As I believe someone mentioned earlier this would be much more of an overhead and undoubtedly hit the rake as people would not play when locked out accidentally.

[ontilt]

"I once read somewhere that some of these computer programs will EVENTUALLY be able to get into any username/password guarded site. Though some believe it or not are stored in the cgi bin itself (this is a little complicated to explain but it can be accessed thru the website address).
Ian"

-- bit on the technical side but there was a hotmail crack not long ago where you could get the password via the querystring and read anyones mail. One of my friends did this and found out we had all been laughing at his sexual escapades, but at least he didn't steal my banking details! But this also makes the point that you ought to be careful about storing your account details in easy to access email accounts, turning off auto remember password on machines (which I have seen lots of people forget) especially if you are playing on a public computer and also not using the same passwords for everything. It depends how paranoid a person you are, its also unsafe to use your credit card ina restaurant or on holiday or give someone the number on the phone or use chip and pin, but you can't live in fear! Maybe poker sites ought to post a help page on how to be safe playing on the internet.  - Maybe you coul post one on this site Tikay?

[Bongo]

I'd be willing to help with the guide, if you were to go ahead.

On the subject of hotmail i know several people who have had their password compromised through the use of the security question. A friend got caught out by this, he was using MSN Messenger when someone struck up a conversation with him (using the messenger program)  and after a while asked him about his pets and then what his cats name was. This was his security question.

[Paddywhack]

The player mentioned, Hippicrit, had 5k robbed from his account, The hacker guessed his password and then transferred the cash to his own a/c. he played a 5k heads up, apparently thinking he would win and then return the money unnoticed. Pokerstars refunded the money to hippicrit. Scott Grey had his account on Party dipped, he lost 4k+ I think, he got no joy from Party apparently and is none too happy. If anyone sees him at the Irish open, the could get the full story.

Also a point that I've been thinking about, how many players register on forums with their poker username and the same password they use on Stars/UB etc?.  If Tikay wanted, he could probably clean out quite a few accounts.

[redsimon]

An interesting post script to this....I just had a 'phone call from my VISA card provider. Two sums of $200 a time were taken off it last night on a certain online poker site. Not by me! Now the odd thing is I have only ever used this VISA card twice online, both in 2002 on Paradise and Ladbrokes. (Basically since 2003 I have not had to buy in because I have built my online bankroll up and avoided risking too much of it on any one session).

So I guess it could have been swiped in a shop when i've used it, like I say never used it for anything online at all for 3 years.

At least VISA rang and have stopped the card, but i guess this happens a lot?

[ifm]

I had a similar experience, my debit card was used over a weekend totalling 1700. 500 was a restaurant bill (strange that it was exactly that amount).
I actually noticed it myself, just happened to check my acount online.
All i can think is that either it was double swiped somewhere or someone got my details from a petrol station reciept (yes all the info they need is there!!!!! though most have changed their reciepts).
Anyway the bank repaid me and gave me a new card.
Incidentally i also had my cheque book stolen once and someone walked into various post offices and cashed cheques 200 a time 25 times!!!
Luckily i had already reported it stolen/lost and the bank again repaid me.

Ian