don't worry.  precedent has already been set and you get to keep the money and all the RCs.   

I don't think they get to keep the money. I think iStock keeps the money.

Quote from: caspixel on January 10, 2011, 10:40

Quote from: jamirae on January 09, 2011, 21:55

don't worry.  precedent has already been set and you get to keep the money and all the RCs.   

I don't think they get to keep the money. I think iStock keeps the money.

Last I read they were "thinking about" who got to keep the money. I took that to mean istock was keeping the money. 

oh, so as it stands right now, contributors get to keep the RCs and double those for all the Vetta images since it was during the "double RC promo" (right?)  BUT.. the royalties have yet to be determined?  Does iStock really think that people will be happy as long as they get to keep their RCs and that the contributors dont care about the (potential) loss of the royalty they got from the fraud? 

Quote from: jamirae on January 10, 2011, 11:57

Quote from: cclapper on January 10, 2011, 11:46

Quote from: caspixel on January 10, 2011, 10:40

Quote from: jamirae on January 09, 2011, 21:55

don't worry.  precedent has already been set and you get to keep the money and all the RCs.   

I don't think they get to keep the money. I think iStock keeps the money.

Last I read they were "thinking about" who got to keep the money. I took that to mean istock was keeping the money. 

oh, so as it stands right now, contributors get to keep the RCs and double those for all the Vetta images since it was during the "double RC promo" (right?)  BUT.. the royalties have yet to be determined?  Does iStock really think that people will be happy as long as they get to keep their RCs and that the contributors dont care about the (potential) loss of the royalty they got from the fraud? 

That's what I understand. I could be wrong, haven't been keeping up too much.

That is my understanding as well. From what RogerMexico said, they get to keep the RCs, but the money was "another story", if I am remembering correctly.

I'm really upset about this!  It is 2pm on Monday and still no word about how HQ is handling this situation.  Just checking my sales for Saturday, I made as much as a weekday, and nearly all are fraudulent purchases.

Like Joanne and Sean, my stolen images were construction related too.  Looks like someone is putting together a CD of building themed images.  If Istock doesn't manage to stop this from happening soon, they will most likely choose another subject next. 

Gostwyck makes a great point - this happened for only a brief time at BigStock and was handled quickly and effectively, while we were kept informed.  I am troubled that thieves seem to feel Istock is such an open and unprotected target.  Also very troubling is that there has been no response to contributors concerning this massive theft of our property! 

Yet another iStock epic fail.

There are so many outstanding issues - site bugs and various other things that have come up - that admin just doesn't seem to be staying on top of. I don't know if they're there in the office and looking at the forum traffic and just ignoring it; or so busy with some hair-on-fire other work that they aren't looking; or they've looked and don't see there's any issue  but choose not even to say that in the forums.

It's pathetic that they can't even respond.

And as far as filling out support tickets, their recent tactic has been to close them as dealt with as long as they've said in some forum post that they will deal with it at some future (unspecified time).

The only announcement they seem to be on top of is that the new royalties will get implemented this week. Oh woopee!!

Pathetic indeed.  I am sure you are right that they are still sorting through the myriad disasters happening all at once.  

As contributors, we all put the highest priority on the theft of our work, but from a management standpoint, I guess Istock just isn't that concerned about it.  In which case, it will continue because the thieves know they have found an easy mark.  

Even more than the 5% royalty drop, this lack of security makes me hesitant to continue uploading there. 

I'm really upset about this!  It is 2pm on Monday and still no word about how HQ is handling this situation.  Just checking my sales for Saturday, I made as much as a weekday, and nearly all are fraudulent purchases.

Like Joanne and Sean, my stolen images were construction related too.  Looks like someone is putting together a CD of building themed images.  If Istock doesn't manage to stop this from happening soon, they will most likely choose another subject next. 

Gostwyck makes a great point - this happened for only a brief time at BigStock and was handled quickly and effectively, while we were kept informed.  I am troubled that thieves seem to feel Istock is such an open and unprotected target.  Also very troubling is that there has been no response to contributors concerning this massive theft of our property! 

Maybe IS has been "asking for it" by pushing their expensive imagery on their website as a kind of tempting bait for anyone who has a fraudulent credit card and a sales outlet where they can unload DVDs of pirated stuff for $1 per.  This sales policy has evidently been a discouragement to their legitimate customers and an encouragement for thieves.

Long ago when I was in a developing country's capital city I visited the area which was notorious for selling pirated warez, just for chuckles.  It was the extremely expensive software packages created by Microsoft, Adobe, Oracle, etc. that were being pushed on the street, not the modestly priced stuff.  Likewise, it's the outrageously priced Gucci stuff that's a magnet for knock-off competitors, not the stuff they sell in Walmart and Sears.

As for detecting fraudulent purchases ... you'd think that it would be easy to let any through anything by an established customer, optionally tagging it for later attention if it's at a suspiciously high volume or price tag.  But anything high-volume or very expensive purchased by a NEW customer should get stalled, e.g. with an innocuous response, like, "we're sorry but this purchase has been momentarily delayed, you will be notified as soon as your file(s) are available for download."  Also, you'd think by now that there would be some kind of pattern in location of the IP addresses from which fraudulent purchases are being made.  If the IP address is from an out-of-the-way country but the billing address corresponding to the credit card is somewhere else then that should be another red flag.  I don't see any reason why really simple scripts like this cannot be written in a few minutes, then the IT people work shifts to monitor the buying activity and jump all over any alarms that are triggered by their scripts.  After all its only their livelihood that's at stake here, LOL.

As for detecting fraudulent purchases ... you'd think that it would be easy to let any through anything by an established customer, optionally tagging it for later attention if it's at a suspiciously high volume or price tag.  But anything high-volume or very expensive purchased by a NEW customer should get stalled, e.g. with an innocuous response, like, "we're sorry but this purchase has been momentarily delayed, you will be notified as soon as your file(s) are available for download."  Also, you'd think by now that there would be some kind of pattern in location of the IP addresses from which fraudulent purchases are being made.  If the IP address is from an out-of-the-way country but the billing address corresponding to the credit card is somewhere else then that should be another red flag.  I don't see any reason why really simple scripts like this cannot be written in a few minutes, then the IT people work shifts to monitor the buying activity and jump all over any alarms that are triggered by their scripts.  After all its only their livelihood that's at stake here, LOL.

^^That all makes perfect sense Pet Chia.  The above steps should have already been implemented.  But unfortunately that would require that TPTB at Istockphoto give a sh&t. 

Don't underestimate the difficulties a web seller like IS might face if they're being systematically attacked by crooks with technical skills and unlimited time.   

But how come it is only IS that still appears to have this issue?

As a policeman once advised me (after a burglary) crooks are essentially lazy people, which is why they're not working properly like most of us, and will always go for the easiest target. He told me I just needed to make sure that my house had visibly more protection than my neighbours and the the thieves would choose theirs over mine.

Lots of things sound simple until you consider the volume of transactions that can be generated by scammers running mindless scripts and programs.  These guys can overwhelm a defense by simply generating more questionable transactions than IS, or any web company, could possibly review individually, leaving the agency with a choice of shutting down or letting all transactions complete. 

Don't underestimate the difficulties a web seller like IS might face if they're being systematically attacked by crooks with technical skills and unlimited time.   

Somehow amazon (and other big web businesses) keep their doors open. There has to be someone they can hire or a consultant with whom they can consult. This isn't a problem unique to them, so they should be able to develop industry best practices in fraud prevention and detection.

Just like their best practices in software development, testing and deployment.... oh, they're still working on that....it'll be fixed  - soon.

Quote from: jsnover on January 10, 2011, 18:45

Somehow amazon (and other big web businesses) keep their doors open. There has to be someone they can hire or a consultant with whom they can consult. This isn't a problem unique to them, so they should be able to develop industry best practices in fraud prevention and detection.

That's a fair question.    Amazon is a technological giant, and an industry leader.  But I'll bet even Amazon gets scammed out of a TV or IPhone now and then.  The difference is, when you scam a TV you get one TV, not some sort of master mold from which you can then make 1,000 TVs for resale.  

I can buy music from Amazon as unprotected MP3s and re-sell it tomorrow on a black market.   I could buy books and sell cheaply printed copies in Hong Kong.  The musicians and authors would be unhappy, but would have little recourse against Amazon, even if I'd bought these things with a stolen credit card.

You are correct in what you are saying, but I am not willing to defend IS. I have been selling at IS since 2006 and as far as I know, nothing like this, on this grand scale, had happened. It seems to have come about, along with all the other deficiencies, with F5. That leads me to believe that there is a big hole somewhere in F5 regarding security. Nothing seems to have been tested before it got rolled out. To me, that is inexcusable.

IS didn't get scammed out of a few images now and then. It happened on a much grander scale, while everyone was off on vacation, and continues to happen.

"smarmy uber-coolness" - What a great turn of phrase!