New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
is it a home-made credit card
Can you contact me privately so I can review your case?
your not going to recommend him to contact his bank to report the incident as the card may have been stolen?
Got this a couple months ago and failed to take action. Sounds like I saved myself a headache.
I don't think you're being dodgy at all, I'm just trying to figure out what's going on from over here in the cheap seats. The point I was making (badly) is that your refunding one of the invoices for that gentleman doesn't actually speak to the other claims of attempted charges. I mean the fact you refunded it means it was real, right? And if that one was "real" does that imply the others (attempted, completed or not) were also real?
You don't have to answer that stuff I'm not trying to interrogate you, just over explaining myself.
i hope dasabo acquiring dasabo does not have anything to do with this
I completely understand your point.
We've been investigating the reports we've received for a few days now. Many of them aren't backed up by concrete data. Currently, we've only received one realistic support request from Ed Novas, which was processed hours ago. There were indeed some credit top-up transactions (which he claims were unauthorized). I remind you that all transactions require 3DS approval, so the end user must approve them otherwise they won't go through.
We receive a lot of transactions every day, even for large amounts, so a transaction of a few thousand euros wouldn't be particularly noticeable.
In his case, we confirmed that the transaction actually occurred, and since he kindly told us it wasn't his doing it, we proceeded with the refund (always keeping in mind that when we issue a refund, we also lose money because we have to pay the fees).
We're currently following a well-defined modus operandi, so I reserve the right not to disclose further information until we have a clearer picture of the situation.
We're also receiving requests from the authorities regarding improper use by some of our customers of the services sold to them.
Of course, the LET community can only form an opinion based on the limited information we've provided here, and I understand that, but you should understand that there are specific, including legal, reasons why I can't disclose further information.
What I can reassure you, as I have done before, is that we take every report we receive seriously and thoroughly analyze them, including directly with the issuing banks. If we receive a payment that's even legitimate but we believe could cause long-term problems, we prefer to refund it.
LOL
@Dasabo can you remove the credit card payment option from your WHMCS, the one named "Stripe (OLD)"? Its associated input form is not an iframe and the credit card data is sent to your own server. The other payment method "Stripe (Credit/Debit Card)" collects the user's card data using an iframe served by stripe.com so it's less worrisome.
Edit: ignore me, "Stripe (Old)" also uses iframes from stripe.com, each for every individual input element.
This seems like it might not be PCI-DSS compliant.
Yes, we will do so in the next few days. The (old) version is the outdated Stripe module. WHMCS has released the new module with the new version, which has more features, which is the one you see above.
In both cases, neither module records clear text information about the card details; the only things we can see are the last four digits and the expiration date.
Stripe (Old) will be removed in the next few days when we activate electronic invoicing for the new company. Currently, we still have several customers using the old version.
P.s. the new module is called Stripe Dynamic
Actually, that’s not quite right, as we don’t store card details on our servers; instead, the card is tokenised, so even we cannot view the data in plain text, and this is one of the requirements of PCI-DSS
Usually, the card data would pass directly to the payment processor without ever traversing the merchant's network. The processor then sends the tokenized card number back to the merchant. This isn't my area of expertise, but I do know how it typically works. Note that I didn't say it was certainly non-compliant, just that it might be.
Don 't rely on me, I checked the page again and I see iframes now receiving the card data. I have an unusably laggy computer tonight, fault on me for not seeing it.
But, that because your thieving transaction got declined, in that instance.
Sure you'd know!
Just got this by email 7 minutes ago.
Yes, I got the Stripe money refund emails and am waiting for my bank to process that. Thanks for the support, your customer service response was really quick.
The most concern I have is that I believe is that likely the one we got fraud transactions of thousands of bills, is becasue of Stripe (old) payment method. Even though my account was terminated, the transactions were made unauthorized, and I believe there might be a serious security issue or system auto-deduction process in the background. Since clearly the payment is indeed made by Dasabo, but that doesn't explain where those invoices are coming from. Please pay serious attention to this issue, as this may affect more users, and I noticed Dasabo would remove the Stripe (old) payment method, which is a feasible solution but won't help much in recovering your reputation. I was hoping for a serious investigation and report if possible. Thanks.
2 years ago I made this https://lowendtalk.com/discussion/comment/4158519/#Comment_4158519 comment about Dasabo's public relations and we still can't get this right...
Love how they picked the corporate PR version by framing it on the business transition as the reason for removing saved payment methods instead of being transparent about the unauthorized charge reports.
To be fair, I am not sure it is even possible to transfer saved tokens between different Stripe legal entities.
I can confirm that you cannot. All payments information are lost including ongoing subscriptions.
SRL means : business with limited responsibilities
That's kinda obvious, isn't it? Its the local language version of a Ltd, OÜ, GmbH, ...
@Dasabo Why not communicate directly that the removal of saved payment methods was prompted by reports of unauthorized charges, instead of using the transition as an excuse? A transparent approach would be to ask your customers to review their billing activity and report any unauthorized charges so you can investigate and take the necessary corrective actions.
Hello,
Because it’s not just about that: when you switch to a different billing profile—and consequently to a Stripe account with new company details—you cannot transfer card tokens from the old company to the new one. This is a specific restriction and limitation imposed by Stripe (and a sensible one, I would argue); therefore, you are required to generate new tokens—meaning users must re-enter their card details and authenticate them. There is no other way to accomplish this.
You are likely not a customer of ours; otherwise, you would have received the email sent a few days ago notifying you of this transition to the new company and requesting that all billing details be updated.
Absolutely not.
This is a complete lie. All transactions require end-user approval? Codswallop. I did not approve 10000 or 2500.
So, anyone paying attention to this thread can see that Dasabo has lied about these transactions AND that they are indeed involving the company itself:
Once again, this is about transparency. No one here appears to have received any email communication from you regarding the unauthorized charge issue, so where is the transparency in informing customers and encouraging them to review their billing activities? The way this has been handled, it looks like you're hoping these charges go unnoticed.
this is the sus provider from day 1
its also same in Romania