knotquiteawake
Well-Known Member
It only took me 10 minutes in my local Wells Fargo Branch to get a temporary debit card and have it activated. I then drove right over to the grocery store and bought my dinner. Super Easy, no hassle at all.
Ever have a credit card number stolen???
- Thread starter stratslinger
- Start date
Help Support Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum:
- Status
It only took me 10 minutes in my local Wells Fargo Branch to get a temporary debit card and have it activated. I then drove right over to the grocery store and bought my dinner. Super Easy, no hassle at all.
Seven
Well-Known Member
I don't see people here acting like poor, helpless victims. I do see them (me included) as being pro-active and taking steps to protect ourselves. I see people sharing their stories in the hopes that it will alert others about what's going on. And I'm glad they are doing it. It gives me hope that something is working right for a change instead of being buried or ignored.
Part of being pro-active is figuring out what happened in the first place ... and that's what we are waiting to hear back from AHB. What exactly happened???
I want to know if a retailer is mishandling my personal/financial information. I want to know if they are being forthcoming about what happened. I want to know if they've identified the problem and taken corrective measures so I can decide whether or not to shop there in the future.
Cheers.
I am with you but I think we are jumping the gun a little here.
Let's give them some time to sort this out and report back. I'd rather them give a concrete answer than a step by step of what they think that turns out to not be the end result. I don't think this is a problem that is going to be figure out overnight if it is on their end assuming it is not an employee. If it is a problem with a processor, I doubt anyone, including them, will ever hear about it.
I'm sure they are working on it. I am sure it is something that is beyond their technical expertise. I am sure it is in their interest to fix it.
It's nice to have a forum where people can come together to help each other as witnessed in this thread with people that were proactive with watching their accounts due to the publicity this has received. This will also be a great forum for them to clear their name and to truthfully convince everyone that the problem was identified and fixed so that everyone can go back to ordering from them and feeling good about it.
If I was in their shoes, I would have come out and said there is a yet undetermined problem with their credit card orders and we recommend all our customers to use our paypal system until this is sorted out. Assuming that is secure. Then I would report back with the outcome of the credit card fiasco we are witnessing. That seems to be the right thing to do from this perspective.
Let's give them some time to sort this out and report back. I'd rather them give a concrete answer than a step by step of what they think that turns out to not be the end result. I don't think this is a problem that is going to be figure out overnight if it is on their end assuming it is not an employee. If it is a problem with a processor, I doubt anyone, including them, will ever hear about it.
I'm sure they are working on it. I am sure it is something that is beyond their technical expertise. I am sure it is in their interest to fix it.
It's nice to have a forum where people can come together to help each other as witnessed in this thread with people that were proactive with watching their accounts due to the publicity this has received. This will also be a great forum for them to clear their name and to truthfully convince everyone that the problem was identified and fixed so that everyone can go back to ordering from them and feeling good about it.
If I was in their shoes, I would have come out and said there is a yet undetermined problem with their credit card orders and we recommend all our customers to use our paypal system until this is sorted out. Assuming that is secure. Then I would report back with the outcome of the credit card fiasco we are witnessing. That seems to be the right thing to do from this perspective.
Oh I largely agree with this. I don't expect them to publicly speculate precise causes until they've found and solved the issue for certain. But when I'm getting contradictory statements or manipulative half-truths about their practices in order to make people feel safer shopping with them, I don't feel like I can reasonably trust anything being said.
my narrow understanding of the issue is that the breach did not occur on AHS servers or via their site. from their earlier posts, it sounded like they believed it occurred with their payment gateway provider as they referenced they were moving to a new provider... payment gateway providers are necessary for every business that accepts credit cards or plastic. if the breach was indeed with them, then chances are excellent that AHS customers were not the only ones affected, it could be customers from hundreds of other merchants who dont have a homebrew forum.
so before we asll go down the road of convicting AHS of not protecting our info, it might be wise to do what you have to do to protect yourself (change your card) and then wait and see what happens/what the story is after the investigation is complete.
if it is a vendor of AHS that has caused the issue, it will be obviously in the best interest of AHS to let their customers know that, and advise how they have responded (we have rec'd hints of that already), but it is also important to know that they will not be prepared to make a formal statement on the matter until they are absolutely sure that it is not their systems or processes that were compromised or at fault.
does this not make sense to everyone?
people do understand how ecommerce sites can work right? you place the order, the card number gets validated and reserved for the funds through a gateway like authorize.net, if the merchant does not process the transactions through the site, but does so manually, then they can login to authorize.net and review the days transactions, process them from authorized to posting and batch process them to begin the movement of funds from one place to another..in this instance, the numbers and the data pretty much remain on the authorize.net site, there is not necessarily any local typiing of numbers into a keypad, there is not necessarily any record of a number stored in any local system... the merchant gateway is serving the purpose of both authorizing the funds are available and as a remote cloudbased transaction terminal. not im not saying this is how AHS is doing it, just that, it could be doing it this way... again, based on my interpretation of their statements made thus far.
in other words, there is not necessarily deception at play here, it may be that consumers just dont have a solid idea of how the transaction is completed when they type their credit numbers into the internet site.
so before we asll go down the road of convicting AHS of not protecting our info, it might be wise to do what you have to do to protect yourself (change your card) and then wait and see what happens/what the story is after the investigation is complete.
if it is a vendor of AHS that has caused the issue, it will be obviously in the best interest of AHS to let their customers know that, and advise how they have responded (we have rec'd hints of that already), but it is also important to know that they will not be prepared to make a formal statement on the matter until they are absolutely sure that it is not their systems or processes that were compromised or at fault.
does this not make sense to everyone?
people do understand how ecommerce sites can work right? you place the order, the card number gets validated and reserved for the funds through a gateway like authorize.net, if the merchant does not process the transactions through the site, but does so manually, then they can login to authorize.net and review the days transactions, process them from authorized to posting and batch process them to begin the movement of funds from one place to another..in this instance, the numbers and the data pretty much remain on the authorize.net site, there is not necessarily any local typiing of numbers into a keypad, there is not necessarily any record of a number stored in any local system... the merchant gateway is serving the purpose of both authorizing the funds are available and as a remote cloudbased transaction terminal. not im not saying this is how AHS is doing it, just that, it could be doing it this way... again, based on my interpretation of their statements made thus far.
in other words, there is not necessarily deception at play here, it may be that consumers just dont have a solid idea of how the transaction is completed when they type their credit numbers into the internet site.
pfeuffer
Member
Just another data point, 'cuz this thread isn't long enough already:
I made an in store purchase at AHS on 1/26, and the card has not been compromised so far.
Keeping my fingers firmly crossed and my eyeballs on the account.
I made an in store purchase at AHS on 1/26, and the card has not been compromised so far.
Keeping my fingers firmly crossed and my eyeballs on the account.
dude, dont cross your yourfingers and watch your account, just get a new card. why is everyone resisting the one thing that will absolutely protect them?
Hermit
fuddle
Yep. Consumers are to blame here. I had a customer on a server that took the info and the cart software emailed the card number to him when an order came in. Truth is YOU have no idea how this vendor processes his accounts at all either. You are taking your limited knowledge probably based on one experience and extrapolating it to this situation.
gritmaster
Well-Known Member
- Joined
- Feb 28, 2008
- Messages
- 69
- Reaction score
- 1
If there is no typing of numbers into a keypad, why do I always get a receipt from them from a CC machine when I get my stuff in the mail? Also, why did the "hacker" also have my email address...is this typically sent to "authorize.net"?
OP
OP
stratslinger
Well-Known Member
If that was the full story, then yes, that would absolutely make sense and I'd agree there's no deception at play here.
However - we've been told one thing publicly (exactly you just described), yet a few people have been given drastically different descriptions of how AHS handled information prior to this breach. By all reports, what you just described is exactly how they're handling transactions now. But people are being told privately that things were handled far differently prior to the breach.
Now, there is a chance that what people are being told privately is simply a case of one or more AHS employees speaking out of turn about issues they don't fully understand. Yet despite the fact that people have been asking for clarification on that count for days, Forrest has been silent in this thread since late last week.
Add to that the fact that they are aware that there is at least a significant chance that there was a breach in their (or their vendors') systems, and they have not done anything to proactively alert their customers. I'd argue that they have an ethical obligation to do so. They have not done so, which at least looks like they're just hoping this all blows over and anyone who wasn't directly impacted will never know the difference.
A little transparency would go an awful long way to helping to calm a lot of suspicions around here.
I made several in-store credit purchases in January and February, nothing out of the ordinary ... yet?
Then again, I watched them swipe my card directly in a Chase Paymentech terminal.
Someone bought a gift certificate to AHS for me recently... I felt really bad when I called them to thank them..... and tell them to get a new credit card.
Then again, I watched them swipe my card directly in a Chase Paymentech terminal.
Someone bought a gift certificate to AHS for me recently... I felt really bad when I called them to thank them..... and tell them to get a new credit card.
rawlus said:
This is not how things are done at AHS, all the orders that i've recieved have come with a print out from one of those hand held card machines. So they are storing our card info and manually typing it in the machine.
pfeuffer
Member
Yeah, you're probably right. I'll give them a call in the morning.
FWIW, I had this same thing happen a couple of years ago. Freaky, low-dollar charges, starting on a Sunday. Figured out something was wrong Tuesday afternoon & canceled the card. The issuer ( USAA ) was great & made everything right.
A few months later, I got a letter from bikenashbar.com. It said they'd been compromised, that I should change my card, and offered $25 off my next order. I thought that was a class way to handle the situation on their part.
This is a homebrewing forum with 66,000 users. There are 750 of them online right at this moment, and another 1250 guests (hey, how about joining?).
I'd think this forum deserves more updates than what they've received. I'm surprised at the lack of response. Forrest should be attending his ridiculously-loyal-but-waning customer base here.
I'd think this forum deserves more updates than what they've received. I'm surprised at the lack of response. Forrest should be attending his ridiculously-loyal-but-waning customer base here.
Austinhomebrew
Well-Known Member
- Joined
- Mar 29, 2007
- Messages
- 2,332
- Reaction score
- 78
Austin Homebrew Supply has received communication from a very limited number of customers that they recently have had fraudulent charges on their credit or debit card. We are conducting a thorough 3rd party forensic investigation and to date have not uncovered a breach on our end, or identified any network infrastructure or website vulnerabilities. We have changed our merchant service credit card processor because we suspect the source of the problem lies in that direction.
If you placed an order with Austin Homebrew Supply from January 7th through February 6th, please check your credit card or bank statements for any charges that you do not recognize. Call your bank to reverse these charges. As an added precaution, we recommend that you have your bank or credit card company issue you a new card.
Sorry for the inconvenience this may have caused you. We really appreciate your business and support.
Forrest Rogness
President
Austin Homebrew Supply, LLC
If you placed an order with Austin Homebrew Supply from January 7th through February 6th, please check your credit card or bank statements for any charges that you do not recognize. Call your bank to reverse these charges. As an added precaution, we recommend that you have your bank or credit card company issue you a new card.
Sorry for the inconvenience this may have caused you. We really appreciate your business and support.
Forrest Rogness
President
Austin Homebrew Supply, LLC
remilard
Well-Known Member
There was this President called Truman and he had a sign on his desk that said "The buck stops here.". Does this make sense or do you not have a solid understanding of common sayings?
Austinhomebrew
Well-Known Member
- Joined
- Mar 29, 2007
- Messages
- 2,332
- Reaction score
- 78
I will have more information as soon as it comes to me. Sorry for this situation. I want to give you as much information as I can. This is a slow and painful process and I am spending a lot of time trying to get to the bottom of this. I realize this is very frustrating for all of us and I profoundly appologize for the major incovenience you have experience.
Forrest
Forrest
What I'm trying to get across to some of you, is that you're reactionary, crying "wolf" at every shadow. My card has been fisted four times in the last 18 mo. I have lost zip, nada. I've had the card since the 80's. Most of the blame here lies with the consumer by not doing their homework by checkng out the banks issuing the card, and seeing what the fraud protection is like. Some of the tales on here are just downright stupid, like running out into the cloud waving a debit card, then crying when they get it from behind. Get smart, folks, Crap happens. No need to run around blindly pointing fingers when there's not a clue or a shred of evidence one way or another, just speculation that casts a shadow on one of the web's finest merchants.
relax jack, i qualified my post that it was one possible way, may not be the way they are doing it, never claimed to know how they are doing it. what i have said consistently is that if you are worried at all about your card if youve done business with them, then just change the card. easiest, best and most reliable way to control risk.
this crap happens all the time, there is an inherent risk in doing business online or digitally with credit cards. it is what it is.
i am trying to offer actual help to people who are concerned, take it for what its worth. i dont know forrest, i dont do business with forrest and i have nothing invested with forrest.
the witch hunt is unnecessary unless it can be demonstrated that AHS acted recklessly and negligently. it would not appear we are ready for grand jury yet.
wait until its all sorted out, then you'll know for sure where to direct your class action suit. (my bet is on the merchant gateway company)
incidentally, if chase paymenttech is the merchant in question, and the breach occurred on their end, youd be interested to know they process probably 50% of the entire worlds transactions.
gritmaster
Well-Known Member
- Joined
- Feb 28, 2008
- Messages
- 69
- Reaction score
- 1
Why do you suspect the CC processor over your website?
- Joined
- Jun 2, 2008
- Messages
- 64,951
- Reaction score
- 16,517
Forrest - I know this may be difficult to do - but is there anyway to approximate what your % of sales are for HBT members? My point is that many people seem to think that because HBT is one of, if not the biggest, homebrew web boards that we must make up the vast majority of your business and that you're not being "fair" to us...
If I had to guess, based on my experience with other boards; HBT members and lurkers probably represent at most 30% of AHS' business....
So - cut the place some slack. I really doubt Forrest is trying to rip off people's CC #'s.
And, if you don't want to order from them, good. Quicker shipping for me (and free shipping for orders over $100).
If I had to guess, based on my experience with other boards; HBT members and lurkers probably represent at most 30% of AHS' business....
So - cut the place some slack. I really doubt Forrest is trying to rip off people's CC #'s.
And, if you don't want to order from them, good. Quicker shipping for me (and free shipping for orders over $100
).
re: gritmasters reply: is that part not obvious? 3rd party forensic investigation discovered no breach or vulnerabilities on AHS systems, the logical next step would be to look AT THE COMPANY THAT PROCESSES THE CREDIT CARD NUMBERS.
gritmaster
Well-Known Member
- Joined
- Feb 28, 2008
- Messages
- 69
- Reaction score
- 1
Why? Just because a breach was not discovered, it does not mean it did not exist at one time!!!
I would hope that the initial CC processor AHS chose, and trusted all of our info with, was a reputable company. Given that, I would assume that they have a fairly secure processing system - much more so than the AHS website, which prompted my question - why do you think a company whose business it is to protect data (CC processor), day-in and day-out for multiple companies, would be more penetrable to hackers than a website that appears to be custom made????
The situation AHS is going through happens all the time - group of intelligent, but misguided, hackers identify a vulnerability in a commercial website, exploit it whilst collecting CC #s, then cover their tracks...
I'm not trying to be an a**hole, but the lack of information from AHS has been very disconcerting....To be frank, I think they are trying to cover themselves from a legal standpoint (would't you if your income and livelihood depended on your own small business?)
r8rphan
Well-Known Member
All I know, is that until the exact cause of all this is pinpointed, I have to be more careful.. My margin for error is probably a lot slimmer than most here...
I'm not in the camp of "I will not order from AHS again".. But until I know for certain that this will not happen again with them, I have to be 'extra careful' when ordering from them..
So for now, to order from them I need to do it in a way where my checking acct 'can not' be compromised.. At the moment, short of setting up a separate protected account for this purpose, that means I'll have to go and buy a mastercard or visa gift card to do any purchases.. either that or send them a money order...
That's a big PITA, so the deal they're offering me would have to be worth the extra hassle..
The perlicks I bought from them are the kind of deal that are worth this extra hassle... at least when buying three of them along with shanks and fittings like I just did...
Each person has to decide for themselves what risk they are willing to take, and how much effort they are willing to go through for 'the deal'... I can only decide for 'me'...
Eventually, this will all be resolved and become water under the bridge.. but for the moment, it's a bit of an open wound... more so for some than others...
I'm not in the camp of "I will not order from AHS again".. But until I know for certain that this will not happen again with them, I have to be 'extra careful' when ordering from them..
So for now, to order from them I need to do it in a way where my checking acct 'can not' be compromised.. At the moment, short of setting up a separate protected account for this purpose, that means I'll have to go and buy a mastercard or visa gift card to do any purchases.. either that or send them a money order...
That's a big PITA, so the deal they're offering me would have to be worth the extra hassle..
The perlicks I bought from them are the kind of deal that are worth this extra hassle... at least when buying three of them along with shanks and fittings like I just did...
Each person has to decide for themselves what risk they are willing to take, and how much effort they are willing to go through for 'the deal'... I can only decide for 'me'...
Eventually, this will all be resolved and become water under the bridge.. but for the moment, it's a bit of an open wound... more so for some than others...
Sacdan
Well-Known Member
Wow! There are a lot of people defending AHS. It doesn't matter where the breach was, Forest is culpable. For those who say that this is normal and happens all the time, No it doesn't! I have been using my CC online for over 16 years and have NEVER had anything like this happen. I have thousands of transactions. If you take credit cards, you should be PCI Compliant. If he isn't, I am not doing business with him. Until he gets this figured out and finds the thief, I won't do business with him. For those who didn't have to go through the BS of getting a new card, you don't have a clue. I was in Tahoe at a casino and had to go out of my way to take care of it. Total PITA!
- Joined
- Jun 2, 2008
- Messages
- 64,951
- Reaction score
- 16,517
good post r8.....
words for all to live buy for all of our "credit" purchases....
words for all to live buy for all of our "credit" purchases....
Really? Maybe the criminals stealing card numbers, then illicitly using them to buy pizza and airline flights should shoulder some of the blame. Your lack of sympathy isn't unique to the callous interwebz, but is unexpected on this forum from one of its members.
Hermit
fuddle
My name isn't Jack but that is just one more way to condescend to us less qualified folks I guess.
bovineblitz
Well-Known Member
IMO, Forrest has completely stopped checking (and obviously responding to points of) this thread and just is going by official statements given his post yesterday... possibly at the advice of a lawyer.
mhochman
Well-Known Member
462studio said:
Just stumbled on this thread and, yes, me too to recent AHS order and to fraud activity last week. As everyone else says, not pointing fingers and WILL order from ahs again, but add me to the list.
Sent from my iPad using HB Talk
Sacdan said:
That is the point I made earlier, if he's taking cards he needs to be PCI compliant. He needs to prove this before I will feel comfortable ordering from him again. Looks like hes not going to respond to this question, probably on the advice of a lawyer.
DaBiggin
Active Member
DITTO
There appear to be people on this forum who have blind allegiance to or some financial interest in cheerleading for AHS.
DaBiggin
Active Member
Yes, molson did point out the PCI aspect of this issue earlier and posted 2 links on the subject. Interesting, are some of the common sense measures necessary to be compliant.
That's what I thought, post #696 sure sounds like it was written by a lawyer, not by Forrest.
Have to say, though, this is annoying:
"very limited number of customers"
Anyone done a tally of people who've had their info stolen, just in this thread? It's got to be upwards of fifty people at this point, isn't it? It sure ain't "limited."
sudsmcgee
Well-Known Member
Well, this just gives me a chance to be more loyal to my LHBS if nothing else (Brew and Grow). Their prices are a little high, but they have a great selection and I walked in this past weekend and they had everything I needed to make my milk stout. No wait, no shipping, no stolen CC#.
Austinhomebrew
Well-Known Member
- Joined
- Mar 29, 2007
- Messages
- 2,332
- Reaction score
- 78
knotquiteawake
Well-Known Member
The week I ordered they didn't ship for over 4 days, I sent Forest a PM and he told me they were backed up because over the weekend of the 15th/16th of January they had over 300 online orders. If that is a single weekend then over the course of a month they must have well over a thousand plus online orders. 50 out of a 1000 is not a "small" number but I could see it being labeled a "limited" number.
However, saying that here, seems to marginalize us in a way that has pushed me from the "oh come on give them a break" camp to the "going to not order from them until this is sorted out" camp.
... but you've also got to consider the thousands of homebrewers that shop at AHS that are not a member of our forum (or that haven't seen this thread, or that are lurking). It's not that hard to extrapolate our the numbers we have seen here into several hundred people that have had their cards compromised.
EDIT: I should say, I don't doubt that Forrest is taking this seriously, I don't doubt that they are working on the problem. But, calling it a "limited number of complaints" is an insult to my intelligence.
EDIT: I should say, I don't doubt that Forrest is taking this seriously, I don't doubt that they are working on the problem. But, calling it a "limited number of complaints" is an insult to my intelligence.
Indyking
Well-Known Member
I have to say... I like AHS but I have been victim of cc fraude before and it was not fun at all... Forrest or someone from AHS will have to make absolutely sure they identified and fixed the issue and it is safe before I can order from them again.
Austinhomebrew
Well-Known Member
- Joined
- Mar 29, 2007
- Messages
- 2,332
- Reaction score
- 78
- Status
