Get exclusive CAP network offers from top brands

View CAP Offers

Affiliate account security!

[bsa_pro_ad_space id=2]
  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #788845
    Anonymous
    Inactive

    @allfreechips 189013 wrote:

    OK, in the mess of my termoil I am changing my info on aff accounts. Let me point out some GIANT security holes I am seeing while doing this

    Some will send you a current password, not a link to generate a NEW password!

    Some show your password and security question/ answer when you log in!

    THESE ARE TERRIBLE practices.

    Really bad security!

    I got hacked in Sept and 3 pmops/email addresses and pw’s were changed. Money, my id and all my ach info was stolen. 2 accounts I caught in the nick of time. I was reimbursed the stolen money by the program. Very greatful for that gesture. They also opened a fraudulent NT account and NT called me and verified the bogus account and shut it down.

    After that I emailed every program regarding their security, one put a request in with the software provider to make some improvements. I have seen a couple improvements but nothing close to standard security like only showing the last 4 digits of a bank account #.
    I also brought up revealing the answer to the secret question.

    #789016
    Anonymous
    Inactive

    Hey guys

    Just my 2 cents here..

    While we are doing everything we can to ensure stuff like this doens’t happen, I would suggest that we (everyone) need to be a little more careful when it comes to passwords.. It’s easy enough to have different passwords on everything, and not the same password across the board and to really make sure you don’t carelessly leave your password lying around, ESPECIALLY inside an email account whether its one of the free mail accounts or on your own server.

    One of the measures we take for example: every 10 hours I get an alert with all the people who have changed their payment method in that last 10 hours and I check every single one individually – if anything looks suss I contact the email on profile since that can’t be changed by the affiliate and can only be changed by me..
    Obviously in the rare case that something does go wrong, we are here to work with you to come to the best solution.

    #789046
    k29
    Member

    I agree with Renee,

    Although Identity theft is always a really disturbing event, and some of you have noticed what seems like lax security in affiliate sites, we must remember that what was originally compromised was an email account.

    As affiliates become wealthier from their online businesses, they will increasingly become potential victims of identity thieves. In general, things to avoid are phishing schemes like those you’ve probably all seen from scammers claiming to be ebay, amazon, etc. We need to begin to be as suspicious of emails claiming to be from affiliate programs asking you to update your account information for no apparent reason. The easy way around an email telling you to ‘update your info’ is to not click on the link in the email, and to type the URL directly in your browser instead.

    Another good rule is to glance at the URL when typing in log-in information. For instance when loging in to CAP, you log in at http://www.casinoaffiliateprograms.com, if you notice any variation (such as http://www.CAP.com) be suspicious! (Maybe not too big a deal for CAP, but definitely of concern at any site where you exchange funds, such as your bank or your affiliate program).

    That said, there are legitimate concerns being expressed in your feed-back here, and we will definitely take a look at our protocols here at IA to minimize the risk to affiliates on our end.

    #789048
    Anonymous
    Inactive

    i can verify that Renee and Rewards Affiliates follow those practices.

    on Monday morning Renee told me that I have changed my payment method to some weird Moneybookers account ([email protected]). comes out that someone logged into my account and changed the payment method. in a stricken panic mode, i had to change passwords across all programs and all email accounts (jic). thankfully only rewards affiliates had the changed payment details…but still had me worried.

    one thing for sure is that programs should not allow the email to be changed without them being contacted directly. and secondly, payment detail changes should be verified manually by AMs.

    #789049
    k29
    Member

    Oups,

    Jamie just filled me in on the registry theft. So has nothing to do with a compromise of an email account. Sorry, my bad.

    Reminds me of an emerging trend that was starting when I left the fraud department at a bank; mortgage fraud.Here is something about that: http://www.cbc.ca/news/background/mortgage-fraud/

    For those who really worry about this (I saw in another thread where a webmaster had to pay 32k to buy back his domain name) I suggest you look at identity theft insurance. What you are looking for is something to cover the legal fees.

Viewing 5 posts - 1 through 5 (of 5 total)