Ever have a credit card number stolen???

[motobrewer]

Wow. Been keeping up on these threads, and something just occurred to me. I recently had one of my CCs reissue me a new card. About a year and a half before it expires. They mentioned something in the letter about how they detected a potential security breach so they are pre-emptively issuing new cards with the same number but different security sequence. It has nothing to do with anything I did, just making sure my assets are secure. Which is fine, I don't carry a balance on the card, so I would be able to figure it out quickly if anything came up. All this explains a lot.

Any chance any of these events are on a Discover card?

i've gotten this exact thing about a month ago, but with my bank debit cards. i've never shopped at ahs.

 

[stratslinger]

Just a quick note to all concerned parties:

Forrest posted this morning in one of the three threads running on this subject. He is actively investigating it, as he has been since the morning after I started the first of these 3 threads.

Let's give the guy the chance to dig in thoroughly and either find the problem or prove his non-involvement. These things do take some time, if you're trying to be thorough about it

 

[strat_thru_marshall]

After reading through this entire thread, I still think that there is nowhere enough significant evidence to draw a link to AHS.

I would be interested to go back in time and start a thread about stolen credit cards (not linked to anywhere) and see how many people have experienced it outside of this instance, linked to AHS or not. Just because these threads popped up recently doesnt mean that people on here have not been experiencing CC theft until now...it just means that nobody has brought it up on here.

I'd be willing to bet that if you picked just about anything and asked "do you post on HBT, shop at AHS, and do X" you'd get a big thread of people who did it...be it "went bowling", "ate a hamburger last week", "crashed their car", etc.

That being said, I only shop online with American Express. They are the best when it comes to looking out for you and your money.

 

[DrawTap88]

Add me to the list of fraud victims. Two charges made:

Apple store for around $800 and (directly off the statement: Pending Misc. Debit POS DEBIT OREGON RSA 3 INC SPRING VALLE IL) for $2.38. I also ordered from AHS, which was on 1/14/11.

AHS was not my only purchase to online retailers (only other purchase was my train ticket to go to and from work on line). This will not stop me from purchasing from AHS, since they provided great service to me when filling my order, and I'm sure they too are a victim in all of this.

From the sound of everything, it sounds like someone farmed all the numbers and sold them off.

 

[Rev2010]

Had he used a credit card, his bank account would still have the $500, the issuing bank would be out $500, and he'd be getting a new card in the mail.

100% agreed (though I personally would've refrained from calling people idiots ). I too have worked with people that refused to get a credit card, fact is today to live that way does indeed have negative effects with modern society and the way we do business. As for the debit card... they are evil lol. Really, when fraud hits your bank account via your debit card it is WAY harder to get your money back! Sometimes the bank will only reimburse you up to $500 and sometimes not at all, I've seen it happen to my best friend who refuses to use credit cards. He's also complained to me about the banks ordering of cards and how they process the big charges first and then hit you with $30 overdraft fees for buying a $3 burger at McDonalds. I stay far away from debit cards.


Rev.

 

[bknifefight]

I got hit for over 600 dollars in 6 transactions on 2-7.YES I did recently order from austin home brew supply.

I am in the exact same boat but all of my charges were on 2-8. "No bank, I did not buy a bus ticket in Argentina."

 

[HollidaySlim]

Sorry for the wall of text that follows......

I have never ordered from AHBS so I have no dog in this fight, but I do deal with merchant account & credit card processor security in my job, and it is possible that AHBS did not get hacked but the credit card processor they use got hacked instead.

This happened to one of my clients who run a restaurant. They were receiving calls from customers that said after they dined with them they started receiving fraudulent charges to their credit cards and debit cards. The restaurant uses a POS system that processes all CC's through a program called PCCharge. PCCharge settles all the CC transactions nightly (called batching) and then deletes the CC numbers after a successful batch.

The restaurant contacted the software company after this happened thinking they had a security breech, after a security audit from the software developer they confirmed the restaurants system was clean and no malicious activity occurred in house.

The software developer then told them to contact the processor to report the problem. They reported it and were told from the processor that they had no breeches on their (the processor) end. Fast forward 3 weeks, the restaurant gets a call from they processor who said after a thorough investigation they actually HAD indeed been hacked and were sorry for the troubles. So AHBS itself might not have been compromised but a vendor they use is.

 

[Walker]

So you're pretty much limited to the.. three? purchases you had made since receiving the card. I thought that might have been an unlikely possibility, but it was worth a check for any other commonalities between cards.

No. i had made more than three purchases on the card since receiving it. It's the card I use locally to buy gas and groceries and stuff.

 

[Airborneguy]

After reading through this entire thread, I still think that there is nowhere enough significant evidence to draw a link to AHS.

I can confirm 100%, that if what everyone is posting here was actually known to be true (meaning not just posted on the internet by annonymous posters), there is plenty of evidence to initiate an investigation.

 

[Rev2010]

I can confirm 100%, that if what everyone is posting here was actually known to be true (meaning not just posted on the internet by annonymous posters), there is plenty of evidence to initiate an investigation.

I can understand the desire to avoid a "Let's blame AHS" influx but I too think it is more than likely the source of this. I've purchased from Midwest and Nothern a number of times the past month and checked my card to be on the safe side when seeing this thread - all clear here. I've never ordered from AHS, but I would not avoid them because of this. I would figure AHS will investigate as will the card companies. If AHS thinks they've found a possible breach I think they'd make sure to correct it and do their best for it to never happen again. It's not their fault really, it can happen to any company. As mentioned earlier in the thread, bartenders and waitstaff have stolen numbers before, can't blame the business for one dubious persons actions.


Rev.

 

[Zamial]

I ordered from AHS on 1/10 and have had no "activity". I also used Pay Pal...

 

[oteixeira]

I ordered from AHS on 1/10 and have had no "activity". I also used Pay Pal...

Paypal is secure and does not pass a card number, by ordering that way you used Paypal security, not AHS.

Orlando

 

[Hermit]

but I do deal with merchant account & credit card processor security in my job,

Well, the weakness in the Austin system is they run the cards manually. If they aren't using a secure connection to access that data once it hits the server it could be intercepted in a number of places. I had a customer that took credit cards on our server. No certificate. He didn't want to pay for one. He then had the info emailed to him as it arrived. AHB could be using a similar system. No way to know but Walker did post the info they sent him about running the cards manually so they could be using a similar system.

 

[Sujeto]

I ordered from AHS on 1/27. The only place I've bought anything online since before Christmas. I had an unauthorized transaction go through on 2/07 post on 2/08 of $186 from a 'Damm In' via PayPal. I just got off the phone with my bank, filing a claim.
Although I do thank the HBT community for informing me of a situation! It reminds me of those PSA commercials, "The more you know...."

 

[riverfrontbrewer]

So the problem did come from your site/cc processor/system?

Thanks to all of the supporters. I have been working hard on this issue since Sunday at 5pm. I have meetings all day today to work on finding out what happened and how to fix it.

Rest assured we are doing everything we can to assure that the website is safe.

We have been addressing the issue and please don't assume I am doing nothing. My time is focused on fixing the problem and I won't be able to come on this forum on the half hour like I usually do.

Sorry for any problems this attack on all of us has caused. I am sure your bank and credit card companies are taking care of you. Check your statements and call them right away if they havent called you.

Thanks again for your support.

Forrest
Austin Homebrew Supply

 

[metaltim]

My bank just last week canceled my CC and had to send me a new one saying the system was compromised. I don't think this has anything to do with AHS specifically, rather, whatever system or company they use.

I personally didn't have any unauthorized transactions, but it's the 2nd time in about 2 years that USAA has done this to my card. And they are great about it, they don't call me (which is not a safe way as this is how a scammer would do it.), and they don't email me (same thing here).. I only find out cause I'll log in (like I do almost everyday) to check my account, and there's a red flag by the credit card.

that is an excellent way of letting you IMO.

 

[HollidaySlim]

Well, the weakness in the Austin system is they run the cards manually. If they aren't using a secure connection to access that data once it hits the server it could be intercepted in a number of places. I had a customer that took credit cards on our server. No certificate. He didn't want to pay for one. He then had the info emailed to him as it arrived. AHB could be using a similar system. No way to know but Walker did post the info they sent him about running the cards manually so they could be using a similar system.

Whoops I guess I missed that post. Aside from it being a security flaw I would think you would want to reduce labor in the whole process by letting the software processes the CC. I'm sure they have a valid reason for doing CC processing this way though, just seems like a waste of time and resources IMO......which is worth absolutely nothing.

Looking at the AHBS site they do use a SSL certificate, so thats good. But there are to many variables to know what type of encryption the shopping cart software itself uses.

 

[pd230soi]

Let me be clear, I do not blame AHS.

I do think that the information provided here is enough for AHS to look into the matter - and they are.

I am not in retail, but I think its safe to judge that many companies are involved in a single credit card transaction and the theft of the numbers could have occured anywhere. However its does seem that the AHS is a common thread and it is wise of them to look into it.

They are a good company and I will shop with them again.

I will also have a long talk with my credit card company about why they stop my legit purchases and yet let fraud slip by.

 

[Walker]

If you guys want to keep up with anything coming directly from AHS, Forrest and another employee are using this thread:
https://www.homebrewtalk.com/f19/ever-have-credit-card-number-stolen-223663/

 

[pd230soi]

USAA has been outstanding. They replaced my expensive mountain bike at cost. Not some reduced assessed value, but what it would cost to replace a Trek 8500.

 

[mrpiper]

I think I've likely tracked down the source of my problem.

I had to cancel my CC due to fraudulent charges on 2/7. I ordered from AHS for the first time on 1/18. Other than Amazon, I believe this was the only online purchase I've made in 2011.

I'm not upset with and I don't blame AHS, but as others have said this seems to be a common theme.

 

[gomb]

The timeframes and fraud dates lead me to believe that the numbers were farmed and 2/7 was the day that they were sold since all the fraudulent charges appear to have ocurred 2/7-2/9. It also leads me to believe if AHS had any impact, it would have been offline, a disgruntled employee as someone said previously. These things can and will happen. This is why i use Paypal if at all possible for online transactions.

 

[finley]

Sorry for the wall of text that follows......

I have never ordered from AHBS so I have no dog in this fight, but I do deal with merchant account & credit card processor security in my job, and it is possible that AHBS did not get hacked but the credit card processor they use got hacked instead.

This was my first assumption as well. I work in the financial IT Security field as well, but not in the Credit Card arena. It is why my wife's business uses a separate processor for online purchases, and it isn't handled through her website. It costs a touch more, but I know how much time and effort go into tracking down and resolving issues like this. One event would cost more in my time, and lost revenue, than the difference in charges.

I have to give a hand to AHB though, they seem to be dealing with it quickly and responsibly, which is alot more than I can say for some places I have dealt with.

 

[DrawTap88]

If you guys want to keep up with anything coming directly from AHS, Forrest and another employee are using this thread:
https://www.homebrewtalk.com/f19/ever-have-credit-card-number-stolen-223663/

Thanks, Walker.

 

[RosewaterFoundation]

Add me to the list. Ordered from AHS. Out $2.95. Bastards.

 

[r8rphan]

Thanks to all of the supporters. I have been working hard on this issue since Sunday at 5pm. I have meetings all day today to work on finding out what happened and how to fix it.

Rest assured we are doing everything we can to assure that the website is safe.

We have been addressing the issue and please don't assume I am doing nothing. My time is focused on fixing the problem and I won't be able to come on this forum on the half hour like I usually do.

Sorry for any problems this attack on all of us has caused. I am sure your bank and credit card companies are taking care of you. Check your statements and call them right away if they havent called you.

Thanks again for your support.

Forrest
Austin Homebrew Supply

Forrest,

Thanks for at least admitting that there are too many of these instances to deny involvement in the fraud... Not intentional involvement but as a co-victim with the rest of us)...

I was uncomfortable with the earlier posts by your employee saying that he had done an investigation and there was absolutely no compromise on your end..

Reminded me of Baghdad Bob...

At least when you admit there is a problem that you too are involved in, I 'know' you will make this number 1 priority.. because your reputation is everything in this sort of business... I pray you don't suffer any significant losses to your reputation or business from this, especially long term...

Please share with us what you find out when you do.. Knowledge is power... And we all need all the power we can to protect ourselves in a rapidly evolving financial world...

This might be a good time to make sure you are dealing with a company who handles your transactions has given you the very best security available.. or changing to a company that will.. but at this point, I'm sure you are at least planning to do this if not already in process...

 

[CyclingCraig]

Yup

Order from AHS on 1/24... got a call yesterday CC Compromised !!

So, not sure by his post, but did AHS say the problem was from their site / CC processor?

-Craig

 

[pvtschultz]

Add me to the list. Ordered from AHS. Out $2.95. Bastards.

That's the "check" charge the thief makes to make sure the card is valid. He'll then sell it to some smuck for a few bucks with proof that it worked.

 

[r8rphan]

So AHBS itself might not have been compromised but a vendor they use is.

In my mind, this is more and more the likely case... I see an obvious connection to AHS, but I doubt that anything they did within the context of their daily business dealings was the root cause..

So many layers to this stuff these days.. Which is exactly what allows the criminals to execute and get away with this crime..

It was much harder to get away with theft when I was a kid, and you handed the vendor cash in his store, and walked out with your product... Now you can sit behind a computer monitor in some other (likely lawless) country and siphon off money from any of a couple dozen steps it goes through on it's way form your hand to the vendor...

OTOH, it sure is nice to be able to shop on line at home in your underwear, and then have the product 'delivered' to your door by a guy in a big brown box with wheels...

I guess it comes down to asking ourselves if we're willing to pay the price for the convenience...

 

[knotquiteawake]

I just found a pending charge on my account that says the following and I don't recognize it at all:
MDR Sylvester 01 for $2.90

Anyone seen anything similar? What kind of charge was that initial small amount?