warning Network Solutions Might Leak Credit Card Details Between Accounts

[Arca]

I just logged into my Network Solutions account and discovered that my “primary payment option” has been changed.

The credit card and personal information of another NetworkSolutions customer is now listed there.

So basically I have somebody elses credit card (that won't expire until years later), name, and address as my primary option on file in my account.

I have no idea how it got there. Must be some kind of bug in their system.

So basically I could go on a buying spree buying premium domains in the Network Solutions system (or just renew all my domains) with this other Network Solutions customers' credit card if I wanted, thanks to Network Solutions putting his credit card into my account... It's shocking how poorly they protect their customers' sensitive data!

Just a warning to everyone who have given their credit card info to Network Solutions. Your sensitive data may have been "copied" to the accounts of other Network Solutions customers. Keep an eye out for unauthorized transactions originating at Network Solutions, as it could be another user using your credit card.

 

[Haroon Basha]

Why dont you buy some domain name immediately, then they will run behind you, ultimately.

I am just writing this in lighter vein. Please do not take it serious.

 

[Acroplex]

I don't. While I understand that you ran into what appears to be a bug, announcing it to the public while not providing that same info to the company isn't exactly good practice. We all have favorites and non-favorites in any market, including domaining, but security issues should be reported in private. NetSol isn't exactly watching this very thread and someone might take advantage of this issue, if it exists.

 

[Haris]

So I think it's time to log in to my NetSol account and go buy some domains with someone else's credit card

 

[Arca]

So I think it's time to log in to my NetSol account and go buy some domains with someone else's credit card

Just don't buy DomainNames.com.

 

[Haris]

Just don't buy DomainNames.com.

Unfortunately there is no credit card in my account lucky you

 

[MapleDots]

I remove my domains from NetSol as soon as the 60 day lock past a NameJet auction win passes. I've no credit card on file.

Did you have to fill out a form on why you want to move out and endure countless email spams.

Worst experience I ever had was with netsol, seemed like I had to beg for my domain. I won't deal with namejet anymore because my domain ends up in netsol.

 

[Arca]

Did you have to fill out a form on why you want to move out and endure countless email spams.

Worst experience I ever had was with netsol, seemed like I had to beg for my domain. I won't deal with namejet anymore because my domain ends up in netsol.

Clicking through a few pages of that transfer out "form" is standard procedure for everyone for every single authorization code you want to retrieve. You have to do it individually 100 times if you want to transfer out 100 names.

 

[1Darko]

You can report it at federal trade commission:
https://www.ftccomplaintassistant.gov/Information#crnt&panel1-1

 

[tonecas]

Whenever I bring up issues/wrongdoing to NetSol, they either don't care, don't have a clue, or tend to be extremely defensive and sometimes turn around and accuse me of wrongdoing/threaten me/my account with them.

I'm not going to report this to them only to risk them coming up with some BS about me attempting credit card fraud/stealing other people's credit cards.

I have no proof that it wasn't me who put those credit card details there (and they have limited records of what's going on in their system as well). I just logged in and discovered that somebody elses credit card details are now in my account and provided the community with a warning which people can choose whether or not they want to act upon.

Anyone who's given their credit card to NetSol should consider blocking them from making charges and/or requesting a new credit card number to be issued to them to be on the safe side.

I would do the same. No consideration to a shady and incompetent company that has been ripping of costumers for years that do not know better

 

[hookbox]

I agree with others here that you should report it and keep a paper trail. Last thing you need is for them to come to you saying you're committing credit card fraud.

 

[tonecas]

Clicking through a few pages of that transfer out "form" is standard procedure for everyone for every single authorization code you want to retrieve. You have to do it individually 100 times if you want to transfer out 100 names.

And then you receive a transfer email from them where you can follow a link to a web page where you can authorize right away the transfer but it doesn't do anything and you have to wait for the 5 days default period. Ridiculous and on purpose to refrain a costumer to exit them. And 3 days to provide a transfer code because of security reasons, give me a break...

 

[MapleDots]

Clicking through a few pages of that transfer out "form" is standard procedure for everyone for every single authorization code you want to retrieve. You have to do it individually 100 times if you want to transfer out 100 names.

Really? and its normal for them to say wait 3 days, we will approve you to get the code if we see fit? Did you see the questions you have to answer?

Not trying to be uptight but with my other two registrars it's a single click and I have the code. 1 single click.

I am in the process of moving out 240 domains and that single click is a lot of work.

IMAGINE if I tried to move 240 domains from netsol! wow I would be old and grey before that was done.

Yikes!!

 

[Arca]

I agree with others here that you should report it and keep a paper trail. Last thing you need is for them to come to you saying you're committing credit card fraud.

I have NJ and SN receipts for every name in my NetSol account, so I have proof that everything in my account was paid for by me. It would ultimately be futile for them to attempt to discredit any purchase in my account as "credit card fraud" as I have proof of paying for every single name there. I still don't want to go through a dispute proving this with them though.

I never used the credit card they put in my account for anything and I deleted it once I discovered it.

So I doubt that is going to happen. Though I wouldn't put it past NetSol to try to do so after they themselves put the cc details in my account (I never gave them approval to do so though, they forced the card into my account without my consent, isn't it they who are carrying out the cc fraud?). Why should I put myself at risk of suffering due to their mistakes? For me to bring this up with them may bring problems to me personally, including them locking down my account while they look into this.

So I am looking out for my own interest as a wary NetSol customer, but I also tried to help the domain community by alerting people to this issue that may or may not affect other accounts. Everyone is free to take action to protect their CC details.

However, a large portion of the responses here seem to hold me, rather than NetSol, responsible for getting this fixed by them, and consider my actions to be bad practice, and that NetSol apparently is a victim of my irresponsibility in this matter. I fail to understand where people get this notion from, but the sentiment has been noted, and I will keep this view by the domain community in mind and act accordingly next time I encounter such an issue.

 

[tonecas]

Everyone has right to a opinion but you have the right to ignore them. People always love to kill the messenger ...

 

[RobM]

I don't use netsol (who would?!) but does the account also have the cvc code? Do they ask for that when paying? Nowadays any online payment made with my credit card can only be authorised by entering a code texted to me by the bank. A PITA but it would stop this kind of shenanigans. Is this not common outside of Europe?

 

[hookbox]

I have NJ and SN receipts for every name in my NetSol account, so I have proof that everything in my account was paid for by me. It would ultimately be futile for them to attempt to discredit any purchase in my account as "credit card fraud" as I have proof of paying for every single name there. I still don't want to go through a dispute proving this with them though.

I never used the credit card they put in my account for anything and I deleted it once I discovered it.

So I doubt that is going to happen. Though I wouldn't put it past NetSol to try to do so after they themselves put the cc details in my account (I never gave them approval to do so though, they forced the card into my account without my consent, isn't it they who are carrying out the cc fraud?). Why should I put myself at risk of suffering due to their mistakes? For me to bring this up with them may bring problems to me personally, including them locking down my account while they look into this.

So I am looking out for my own interest as a wary NetSol customer, but I also tried to help the domain community by alerting people to this issue that may or may not affect other accounts. Everyone is free to take action to protect their CC details.

However, a large portion of the responses here seem to hold me, rather than NetSol, responsible for getting this fixed by them, and consider my actions to be bad practice, and that NetSol apparently is a victim of my irresponsibility in this matter. I fail to understand where people get this notion from, but the sentiment has been noted, and I will keep this view by the domain community in mind and act accordingly next time I encounter such an issue.

It fucking amazes me when someone gives a thought to try and help someone out that it twsts and turns into this bullshit. Everyone here was just looking out for your best interest. At least I was.

 

[OmarVG]

Thankfully I did not have a NetSol account.

I am going to stick to GoDaddy for long term.

 

[main]

Thanks for the heads up. I don't blame you for not wanting to get involved with NetworkSolutions. Most people here know that you've been a vigilant watch dog to help the domain investing community in a variety of areas.

 

[NoBS]

I had someone elses cc info in my NS account after I won a backorder maybe 15 years ago. I wasn't a domainer I just needed a name for my website. I vaguely recall a receipt sent to me for a service costing $100 or more that was charged to that cc, and I let them know.

I won my first backorder with NS a couple of years ago as a domainer. Again in my new account I saw someone elses cc info. It was there for a while maybe a year before I saw it. I didn't want to change or delete any of the info before letting them know and the cc info was deleted following my second support request, two or three months after my initial ticket.

Just guessing maybe the cc details are carried over from the previous registrant if that domain is being transfered into a new account, or if that was the registrants only domain the details are replaced with the new owners?

 

[Arca]

I had someone elses cc info in my NS account after I won a backorder maybe 15 years ago. I wasn't a domainer I just needed a name for my website. I vaguely recall a receipt sent to me for a service costing $100 or more that was charged to that cc, and I let them know.

I won my first backorder with NS a couple of years ago as a domainer. Again in my new account I saw someone elses cc info. It was there for a while maybe a year before I saw it. I didn't want to change or delete any of the info before letting them know and the cc info was deleted following my second support request, two or three months after my initial ticket.

Just guessing maybe the cc details are carried over from the previous registrant if that domain is being transfered into a new account, or if that was the registrants only domain the details are replaced with the new owners?

Could very well be the case with my account too. Since all the names in my account are backordered domains, it's probable that the CC info was carried over when a certain name was delivered to my account.

I'm surprised to read that it's been going on for 15+ years already though, considering that it still seems to be happening. I guess it's unlikely that they will fix it at all if they've not done so for more than a decade already.

 

[IMEZI]

I'm not going to report it, but I will delete the credit card on file from my account.

if someone cc details stranded on your account how bout the same thing happen with your cc details stranded on other account LOL

 

[Steven McEvoy]

With so many bad stories going around, the real question is; how do i delete my NetSol Account!??

 

[NoBS]

Could very well be the case with my account too. Since all the names in my account are backordered domains, it's probable that the CC info was carried over when a certain name was delivered to my account.

I'm surprised to read that it's been going on for 15+ years already though, considering that it still seems to be happening. I guess it's unlikely that they will fix it at all if they've not done so for more than a decade already.

To be more accurate it was probably between 10 - 16 years ago. It's not only a problem for the card owner, I also didn't need the authorities knocking on my door asking why I was using this persons cc, and I didn't want a previous registrant disputing ownership of a domain or account because their cc was used to renew stuff.

 

[skipper708]

this is the beginning stage of you losing your domain that you just won at a namejet auction. look for the domain that has an extra year or more added on to it. the previous owner just renewed it in their account. so now the domain is in both your account and the previous owners. as soon as the 60 day lock is up you need to move it out! this has happened to me 3 times. lost the domain the first time, got the other 2 out.

 

[carob]

Interesting dilemma about whether to notify NS, especially when we keep reading reports of them taking names out of people's accounts without warning.

Wondered if their ToS touch on this and found in Section 3: Fees Payments and Services
https://www.networksolutions.com/purchase-it/dynamic-service-agreement-popup.jsp

In any event, you are solely responsible for the credit card or payment information you provide to Network Solutions and must promptly inform Network Solutions of any changes thereto (e.g., change of expiration date or account number). You agree that, in any event, Network Solutions may extend the expiration date on your credit on file with us in order to protect against unwanted expiration of your services and to allow for the automatic renewal thereof. In addition, you are solely responsible for ensuring the services are renewed. Network Solutions shall have no liability to you or any third party in connection with the renewal as described herein, including, but not limited to, any failure or errors in renewing the services. In order to process a renewal under our auto-renew service, we may use third-party vendors for the purpose of updating the expiration date and account number of your credit card or payment method on file. Such third-party vendors maintain relationships with various credit card issuers and may be able to provide us with the updated expiration date and account number for your credit card by comparing the information we have on file with the information the third-party has on file. By selecting our auto-renew service, you acknowledge and agree that we may share your credit card or other payment method information with such a third-party vendor for the purpose of obtaining any update to your credit card expiration date, account number, or payment account.