SwampassJ
Well-Known Member
I would just like to say I visited their website and I now have herpes and I'm missing my nose hairs. My cards are still good.
Ever have a credit card number stolen???
- Thread starter stratslinger
- Start date
Help Support Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum:
- Status
r8rphan
Well-Known Member
I'm not really sure what you did at their site (pretty sure I don't want to know either), but the rest of us were just ordering home brew supplies..
Hermit
fuddle
The main problem is that Walker showed that their is a basic security flaw in the way they handle transactions. Now days it is not good practice to store the numbers and run them manually. They need to get shopping cart software that redirects to the card merchant site directly so that they aren't even involved in the process. Security software runs for KNOWN exploits. What happens if you get a guy writing his own custom code? This happens a lot by the true professional computer thieves. They don't rely on well known hacks that can be guarded against and easily detected by known signatures.
r8rphan
Well-Known Member
Who is Walker?
SwampassJ
Well-Known Member
here is the post in question
https://www.homebrewtalk.com/f19/ever-have-credit-card-number-stolen-223663/#post2624072
-=Jason=-
SpanishCastleAle
Well-Known Member
IIRC, there was an ~$11 charge on mine followed by two charges between $250-$350. They told me to keep an eye on my account for the $11 charge (I assume because it was the first). In a way it makes sense, make sure the card works before trying to make bigger purchases but on the other hand, it just makes it that much more likely the card won't work when they make the bigger purchase.
As others have said, this thing with AHS is only coincidence. I and others here order from AHS on a regular basis. IMO it's not anythiing to do with AHS. It's the internet, an inherently insecure and loathsome cloud of crooks from everywhere in the world with some of the best and sharpest minds intent on swindling anyone the can. Temporary CC sounds good, but is useless against a keylogger. The best and safest way of buying online is to pay with a money order.
OP
OP
stratslinger
Well-Known Member
Same here - there was one charge for just under $2, followed by one for over $500. As I understand it, this is a pretty common M.O. for credit card theft - they test out the numbers with a tiny purchase, then go for the biggies once the tiny one goes through. This exact behavior was what tipped off Capital One in my case. They flagged three items - one was actually me getting diesel at a local gas station (no idea how that got flagged, as I had done so for each of the previous few days, trying to eek by until I can get my oil furnace replaced with a gas one), then the little test charge and lastly the major one.
Slow down here folks.
I got on this thread early, and was drawn to it because I had just been contacted by my credit card company a few hours prior about fraudulent charges. The thread was just something applied to my own life on Monday, so I read it.
As I read the first few posts, I noticed that everyone who had been contacted, all on Monday morning, had all also ordered from AHS in the past week or two.
I felt that was enough reason to contact Forrest and inquire about if there was some sort of checking they could do on their end to see if there had been an electronic break-in. I was not (and AM not,) saying it *had* to be AHS, but I felt it appropriate to contact AHS and have them follow up on it.
And, yes, I pointed out that I knew that AHS stored credit card info at least long enough for them to manually ring things up at the store after an order was submitted online.
BUT... if AHS has gone through the process of checking things out and has found nothing amiss on their end, then it seems unfair to blame them, doesn't it?
I never set out to blame AHS for this at all. I just thought that Forrest and Co would want to know and do some checking on their end.
I got on this thread early, and was drawn to it because I had just been contacted by my credit card company a few hours prior about fraudulent charges. The thread was just something applied to my own life on Monday, so I read it.
As I read the first few posts, I noticed that everyone who had been contacted, all on Monday morning, had all also ordered from AHS in the past week or two.
I felt that was enough reason to contact Forrest and inquire about if there was some sort of checking they could do on their end to see if there had been an electronic break-in. I was not (and AM not,) saying it *had* to be AHS, but I felt it appropriate to contact AHS and have them follow up on it.
And, yes, I pointed out that I knew that AHS stored credit card info at least long enough for them to manually ring things up at the store after an order was submitted online.
BUT... if AHS has gone through the process of checking things out and has found nothing amiss on their end, then it seems unfair to blame them, doesn't it?
I never set out to blame AHS for this at all. I just thought that Forrest and Co would want to know and do some checking on their end.
SpanishCastleAle
Well-Known Member
And just to clarify/repeat: it just recently happened to me and I haven't ordered from AHS in quite a long time.
I have built up my shopping cart and gone down to the grocery store "FRYS" and bought a visa giftcard for the exact amount. I suppose this could be done for EVERY transaction you make online.
-=Jason=-
-=Jason=-
Mischief_Brewing
Well-Known Member
I just spent a half hour on the phone with my bank in response to a "suspicious activity" email they sent this afternoon. I now have to go to the bank to pick up a temp card so I'm not stuck cardless for 5-10 business days.
Apparently a single dollar charge from some random vendor name in MS activated the fraud system. I make tons of purchases on that card every week and a single dollar charge triggered it? I'm wondering if there's something about how the transaction is processed that triggers it.
This is the second time this has happened to me in 4 months and while the bank handles everything really quickly and professionally, it's still a major hassle.
F*!K thieves!
Apparently a single dollar charge from some random vendor name in MS activated the fraud system. I make tons of purchases on that card every week and a single dollar charge triggered it? I'm wondering if there's something about how the transaction is processed that triggers it.
This is the second time this has happened to me in 4 months and while the bank handles everything really quickly and professionally, it's still a major hassle.
F*!K thieves!
When a card is swiped on a machine, it sends additional data with the transaction so the bank knows the difference between a "swiped" transaction and a "card not present" transaction. Additionally, if they did not know your CVV code from the back, it triggers it at an even higher level as being "card not present" plus "CVV not present". The $1 charge amount is just icing on the cake to seal the deal for a fraud alert.
No. I was literally just the small amount that triggered it.
This is something I learned when the first time I had a card number stolen, about 10 years ago.
The thieves will hit the card with very small charges, usually $1 or $2 to make sure that the card is working. Then they will try another larger charge. Then they will start going crazy with it. So, a very small charge will turn on a warning light for the CC company.
My credit card company had their fraud system triggered on Monday morning because there were two $1.99 charge made to the card. Then there was $120 to pizza hut. Then the charges started coming in at $500 or larger.
The $500+ charges never went through because the CC company had already locked the card down. The $1.99 charges and the Pizza Hut charge went through, but were promptly refunded to me.
edit: One time, I triggered the fraud alert myself by buying a pack of altoids at Walgreens before taking off on a road trip, and then a bottle of soda a hundred or two miles down. Those two little charges triggered a lock down and I had to call the CC Company to get it lifted.
Mischief_Brewing
Well-Known Member
That's what I was thinking.
Oh, and to fan the AHS flames, I ordered 6 perlick faucets from them less than 2 weeks ago. I hope it's not a breach on his side, but if it is, I hope he can get it fixed easily and quickly. I love AHS!!
Oh, and to fan the AHS flames, I ordered 6 perlick faucets from them less than 2 weeks ago. I hope it's not a breach on his side, but if it is, I hope he can get it fixed easily and quickly. I love AHS!!
The only way to make a new card is to swipe the original card to get all data from tracks 1/2/3 (multiple data tracks on the back of the card). Knowing your name and card number alone is not enough to encode a functional card.
Likely all the transactions are just using manually keyed numbers into a web site.
I don't want to blame AHS, in fact I will more than likely keep ordering from them. I need to look into temp CC number when I online order things since I'm addicted to having brown boxes waiting for me when I get home.
Sacdan
Well-Known Member
Sept 17th 2010 someone used my Card to purchase $400 worth of stuff online. I am sure it was one of the Beer related businesses I deal with. I thought it might have been my LHBS, so I notified them. Later, I heard that someone else here had an issue with CHI. I am not sure who is at fault for mine, but I hope that the person gets caught. It was a major PITA to deal with. My wife and I were in Tahoe at the time.
c0bra
Well-Known Member
Count me in. $80 fraudulent charge just went through today.
ChshreCat
Well-Known Member
Curious. Has anyone on here who had their card number used in the last few days NOT shopped at AHS within the last month?
Also... people keep saying "a couple weeks ago" or something similar. What day did all of you shop there? I'd be curious if it turned out it was all people who shopped on the site the same day. Maybe someone walked in and made off with a handful of receipts one day last month?
I understand people not wanting to point fingers at AHS. They're a great business and the last thing I'd want to do is have them seen in a bad light, especially for something that's way out of their control. But... it does seem like there's a connection there. I don't know anyone outside the brew community here that's having this problem right now. I do a ton of online shopping, but haven't bought from AHS in quite a while and I'm not having an issue.
It really does seem like someone's got the numbers from AHS or their credit card processing company or something, somehow related to them.
Also... people keep saying "a couple weeks ago" or something similar. What day did all of you shop there? I'd be curious if it turned out it was all people who shopped on the site the same day. Maybe someone walked in and made off with a handful of receipts one day last month?
I understand people not wanting to point fingers at AHS. They're a great business and the last thing I'd want to do is have them seen in a bad light, especially for something that's way out of their control. But... it does seem like there's a connection there. I don't know anyone outside the brew community here that's having this problem right now. I do a ton of online shopping, but haven't bought from AHS in quite a while and I'm not having an issue.
It really does seem like someone's got the numbers from AHS or their credit card processing company or something, somehow related to them.
In response to what day I purchased from ahs , 1/14/11. I beleive I ordered the day before on the 13th but the transaction didn't process until the 14th. What day did everyone else purchase that has had fraud ?
Now that I think about it I think during the checkout there was a popup from McAfee that said the Sites certificate was expired do I want to continue. I had no idea what that meant so I hit yes. Does that have anything to do with it
Now that I think about it I think during the checkout there was a popup from McAfee that said the Sites certificate was expired do I want to continue. I had no idea what that meant so I hit yes. Does that have anything to do with it
dabeers
Well-Known Member
Randomly stumbled on to the thread, read the 13 pages...add me to the list. I ordered from AHS Jan 31st, got an early email alert from Chase on Feb 8th about suspicious charges (Reg-Repair. com??). Like everyone else has said, I'm not blaming AHS and will still order from them, but this does seem like a lot of people over the same period of time. Card is cancelled, no biggie, but interested to see what happens...Anyway back to brewing my AHS sweet stout...
Mischief_Brewing
Well-Known Member
Bought from them on Jan 28th. Also bought from Chicompany that same day.
diverpat
Well-Known Member
My card was compromised about a week ago. I made an order from Midwest Supplies, PayPal (brewing related vendors x2), and Drs Foster and Smith, just prior to the nefarious charges. No AHS. Bank of America alerted me of some activity that originated in Zimbabwe to the Fitzgerald hotel or motel or something close to that.
ChshreCat
Well-Known Member
Ok. So there's one person who's been hit who didn't order from AHS. As someone said, it could be something else and people on here just shop at AHS a lot. Asking how many people here shop for brew stuff online is like asking how many people on an island eat seafood...
Anyone else get hit who did NOT shop at AHS recently?
Anyone else get hit who did NOT shop at AHS recently?
Me. I got hit around Christmas. I've never shopped at AHS.
funkadelicturkey
Well-Known Member
the fraudulent charges to my card were to reg-repair.com, as well. Purchased from AHS 1/20 and 2/6, not blaming anybody either.
I ordered on 1/28.
Fraudulent charges started showing up on the morning of 2/7.
Fraudulent charges started showing up on the morning of 2/7.
angolajones
Member
Thought I would pass this information along. I recently had my credit card number stolen. Not the cards just the numbers. It could have happened anywhere but I recently bought some things online. Hope it didn't happen there. The two places I bought were Austin Homebrewing and Kegconnection. I've had to cancel that card and now have to do some paperwork. Hopefully they catch the person(s). I'm letting you guys know I bought from these two places because someone may have hacked their websites according to some people I have talked to.
I'm not placing blame to either of these companies. Heck I got everything I ordered and very quickly. I'm very satisfied.
Hope this doesn't happen to anyone else.
Jonesy
I'm not placing blame to either of these companies. Heck I got everything I ordered and very quickly. I'm very satisfied.
Hope this doesn't happen to anyone else.
Jonesy
there are two other threads on this right now.
https://www.homebrewtalk.com/f19/ever-have-credit-card-number-stolen-223663/
https://www.homebrewtalk.com/f19/bastiges-223802/
https://www.homebrewtalk.com/f19/ever-have-credit-card-number-stolen-223663/
https://www.homebrewtalk.com/f19/bastiges-223802/
cimirie
Well-Known Member
Funny thing is, this exact same thread started yesterday. AHS was a common thread there as well. Then again, this is a brewer's forum and the best place to buy online is AHS, so I'm not surprised it was a common thread. But it is interesting. Hope all works out for you.
Yukon_Skiers
Well-Known Member
Add me to the AHS list as well.
Placed my order on Jan 26th, my bank declined a charge yestreday that someone tried to put through to the apple store online.
Had to cancel the card. My new card already came today.
Placed my order on Jan 26th, my bank declined a charge yestreday that someone tried to put through to the apple store online.
Had to cancel the card. My new card already came today.
PM Forrest so he has another incident to check into...
Hang Glider
Beer Drinker
This has happened to me as well. Frustrating when I'm hitting someplace and buy a pack of gum, just to get a little cash for the road (debit) then hit the road to see my kids 500 miles away and the next use is declined...(too far away)...
Question, though -
How do you know if you've been hacked? With AHS being a somewhat common link among several here, (and I certainly don't blame Forrest in any way) - and his system may be clean of virus/malware activity - but what if someone actually hacked in and got data? How would you know? I'm just curious - I have no way of answering this myself -
I was just thinking the same thing about them being connected. Strange that this has come up so much recently. Maybe his system was hacked or a new employee...
- Status
