Ever have a credit card number stolen???

[stratslinger]

Hey folks... Still waiting to hear from my credit card company about their investigation into the charges, but I wanted to chime in here again.

First off, I just want to be clear: it was not my intent with this chain to implicate anyone - maybe I shouldn't have even mentioned any retailers. For anyone getting into this thread late, yes someone has contacted Forest from AHS, he's posted in this thread, and it seems he's doing all his due diligence from his side and has found NO sign that the info came from him. Could something have been missed? Possibly. Could the info have come from someplace altogether? Absolutely. So let's not rush to any conclusions. And remember, around here, there are probably only very few people who haven't ordered from AHS.

I was just going to suggest comparing credit card companies as another possible vector, but that could be just as misleading as the AHS conversation.

So for now, it seems those of us in this situation are being taken care of by our banks/credit card company. So let's sit back and see how those banks' investigations go, and see what comes of all that.

 

[MetallHed]

I just had my Paypal hacked into at the beginning of December.

Douchnozzle took 400 dollars from my account which had a zero balance.. that means it comes from the bank account that is linked to the paypal account.

Paypal caught it on their end and returned my balance to zero, but they cannot stop the electronic withdrawl from the bank account.

My bank would not stop the payment from coming out unless I paid them 25 dollars. 25 dollars to stop MY money from getting stolen from THEIR bank. Then they said they couldn't help me anyway because my truck payment was a day late... the money that was stolen was my truck/rent money....

I bitched my way to the top and got my money back without having to pony up anything to the bank.

Paypal is not bulletproof. I also had used them for almost 10 years without problems..

 

[r8rphan]

What bank is that? It's time to switch..

Like I say, I love my bank.. I used to get abused like that by my big bank.. thought it was normal, and no matter where I went it would be the same.. Because in my experience every big bank was the same...

The small community bank I use now is awesome.. They treat me well.. They know my name when I walk into their branches.. The girls are friendly and flirty.. They are quick to 'not' fee me to death... If there is a problem, they 'handle it'... 'Pronto'..

In the big bank, I used to hear.. "Sorry, there's nothing we can do.. It's out of our hands.. It's the bank policy"

In my community bank I hear.. "Wow!.. well lets me see what we can do about that" They actually give a damn, and have the authority to 'make it better' on the spot...

For instance, here's how they're handling 'this' situation... I'm allowed to ring up $500 of overdraft on my debit card during off hours, and as long as I get in there before closing time the next business day, and deposit the money.. all is good.. That's perfect for me, because of some debts and tax liens, I don't want to keep money in my account, or else what little I put in there to pay bills, will possibly be levied... long story how I got here.. casualty of the economy and bad timing..

So, over the weekend, I make a purchase from B3 and Rockler on line... I'm about $250 overdrawn because of this... I go into the bank to deposit $260, and check my balance... I'm $430 overdrawn.. So starts my journey to find out I've been ripped off... The roclker order hadn't been debited yet, so that was another $215 bucks that was to come out... They tried and the card was denied (cuz now it's way over $500) when they tried to ship the order on monday.. So now I don't have the stuff I need for work late this week and early next...

The manager at the bank suggested that I hold onto my deposit, and just let the overdraft ride... They had me call aeromexico where the fraud purchases were made, and then they canceled the debit card and ordered a new one... They cashed my check so I could have some money to live on for the next few days while this got straightened out..

They said that once everything has been reversed and corrected, we can see what has actually gone through and been left, and then I can make my deposit to cover that.. They will waive any and all charges that might acrue as a result of overdrafts during this period...

They promised me that once we get through the period of inconvenience, they will make sure everything is like it never happened..

This bank doesn't make much off of me, yet they treat me like I am the most wealthy , most important customer they have...

Never gonna use the big corporate banks again... I've seen the light...

 

[JRems]

Thank god for this thread. I ordered from ahs In January. It's the only unique transaction. ( all others are automatic debited bills , electric , insurance ect) Looked last night and nothing, this morning all kinds of crap is appearing. Checked with the bank and cancelled the card, but now my rent check is going to bounce, great. I saw someone above mention chicompany, I did buy from them but 2 months ago. Has everyone here that's had their card used bought from ahs? I think we need a poll added. It seems to be the common denominator. I have never had this happen before

edit: I checked again the only other transaction last month was from cvs pharmacy. Bank called and I can't get the money refunded for a couple days. This sucks. The charges on my account were for video games and electronics in Japan and hong kong.

 

[Bedlam]

I ordered from AHS on monday and have had no issues to this point. Still, I called my bank and am having them issue a new card, as well as lowering the allowed amount that can be used per day and per purchase as a precaution. It doesn't hurt to be careful.

Again, I am not blaming ahs for what's been happening to others, but there does seem to be a rash of this crap right now and it makes sense to be cautious. My hunch is that it is likely a nationwide spike right now and the AHS "connection" is merely a sampling error because of our addiction, as a group, to flat shipping rates and excellent customer service.

 

[remilard]

Keep in mind that a large number of users on HBT are customers of AHS so percentage wise it is probable they have made a purchase with AHS in the last couple of weeks...

While I am in the "don't jump to conclusions" boat I am also in the "don't fabricate crap to defend yourself" boat.

Neverminding the fact that you don't have the information required to say that it is probable that a random HBT member has purchased from you in the last couple of weeks, given the number of members and how frequently a typical homebrewer orders online from any source it doesn't satisfy basic common sense and kindergarten level logic. Come on dude.

 

[TXCrash]

Keep in mind that not all security compromises are at the server end. Many times they're at the client end. Common websites visitied (sometimes trojans sneak through...). Common software. It goes on.

Seeing what I've seen, ahs will come clean if the security lapse was on their end. It happens. Who knows though, maybe there's a trojan lurking on *some* website every single one of us visits multiple times a day (and I bet was open during that ahs order...)

*note: I've never ordered from ahs but don't like what's turning into a witch hunt here...

 

[r8rphan]

Who knows though, maybe there's a trojan lurking on *some* website every single one of us visits multiple times a day (and I bet was open during that ahs order...)

While the number of people this happened to after ordering from AHS 'seems' uncanny.. I can't help but also wonder if it's something that came form a pop-up at 'this site'....

And it could be some ******* that just happened to figure out a way to intercept transactions to AHS that has nothing to do with them, their bank, their customers, their servers, or this site...

I'm not wanting to point any fingers.. what I 'do' want to do, is find out what, where, how, and then fix the problem... So I can go back to normal life...

Even if it 'did' turn out that AHS was where the breach occurred, I'm quite convinced that they are a reputable company that means me no harm and wants this problem fixed even more than I do... They will still continue to get my business... Especially since I discovered just last night that they sell cheese making supplies too....

If the breach is through them, they are not the villain, but just as much the victim if not more so...

I just want to know where the problem is, so I don't have to be fearful of 'everything'...

 

[wildwest450]

How bad are your credit card companies? Capital One is spot on with their fraud defense. ANYTHING out of the ordinary and they freeze or cancel your account. Last year someone tried to make 2 fraudulent charges, my card was cancelled by Capital One before I even knew the charges were attempted. Nothing more than a 3 day wait until my new card arrived.

If I even buy gas at a different station than normal, I get a phone call.


_

 

[denmfu]

Well I just got notified that my card number was stolen too, somebody made a $3 transaction in West Virginia then tried to buy a $750 plane ticket in Mexico. I ordered from AHS a few weeks ago and again last night, I love their site and their stuff so I would like to keep ordering from them in the future. I also ordered from Coffeegiant.com also out of Texas so who knows where the breech happened. I just want to know where and what is being done to fix it.


Did anybody else that had a number stolen have one small charge right before they went on a spending spree? The last time this happened to me it was caused by the Circuit City's web site getting hacked and before those people used the card they would order a song off of Itunes to see if it was a good number before they bought more stuff. They also tried to buy plane tickets but in China.

 

[SwampassJ]

I would just like to say I visited their website and I now have herpes and I'm missing my nose hairs. My cards are still good.

 

[r8rphan]

I would just like to say I visited their website and I now have herpes and I'm missing my nose hairs. My cards are still good.

I'm not really sure what you did at their site (pretty sure I don't want to know either), but the rest of us were just ordering home brew supplies..

 

[Hermit]

And it could be some ******* that just happened to figure out a way to intercept transactions to AHS that has nothing to do with them, their bank, their customers, their servers, or this site...

The main problem is that Walker showed that their is a basic security flaw in the way they handle transactions. Now days it is not good practice to store the numbers and run them manually. They need to get shopping cart software that redirects to the card merchant site directly so that they aren't even involved in the process. Security software runs for KNOWN exploits. What happens if you get a guy writing his own custom code? This happens a lot by the true professional computer thieves. They don't rely on well known hacks that can be guarded against and easily detected by known signatures.

 

[r8rphan]

Who is Walker?

 

[SwampassJ]

Who is Walker?

Walker

 

[cricky101]

Got my online order ready to go, but am waiting to hear how this turns out ... Maybe I'll check into the temporary CC number to see if my card offers that.

 

[Flomaster]

Who is Walker?

Walker

here is the post in question
https://www.homebrewtalk.com/f19/ever-have-credit-card-number-stolen-223663/#post2624072

-=Jason=-

 

[SpanishCastleAle]

Did anybody else that had a number stolen have one small charge right before they went on a spending spree? The last time this happened to me it was caused by the Circuit City's web site getting hacked and before those people used the card they would order a song off of Itunes to see if it was a good number before they bought more stuff. They also tried to buy plane tickets but in China.

IIRC, there was an ~$11 charge on mine followed by two charges between $250-$350. They told me to keep an eye on my account for the $11 charge (I assume because it was the first). In a way it makes sense, make sure the card works before trying to make bigger purchases but on the other hand, it just makes it that much more likely the card won't work when they make the bigger purchase.

 

[sudbuster]

As others have said, this thing with AHS is only coincidence. I and others here order from AHS on a regular basis. IMO it's not anythiing to do with AHS. It's the internet, an inherently insecure and loathsome cloud of crooks from everywhere in the world with some of the best and sharpest minds intent on swindling anyone the can. Temporary CC sounds good, but is useless against a keylogger. The best and safest way of buying online is to pay with a money order.

 

[stratslinger]

IIRC, there was an ~$11 charge on mine followed by two charges between $250-$350. They told me to keep an eye on my account for the $11 charge (I assume because it was the first). In a way it makes sense, make sure the card works before trying to make bigger purchases but on the other hand, it just makes it that much more likely the card won't work when they make the bigger purchase.

Same here - there was one charge for just under $2, followed by one for over $500. As I understand it, this is a pretty common M.O. for credit card theft - they test out the numbers with a tiny purchase, then go for the biggies once the tiny one goes through. This exact behavior was what tipped off Capital One in my case. They flagged three items - one was actually me getting diesel at a local gas station (no idea how that got flagged, as I had done so for each of the previous few days, trying to eek by until I can get my oil furnace replaced with a gas one), then the little test charge and lastly the major one.

 

[Walker]

Slow down here folks.

I got on this thread early, and was drawn to it because I had just been contacted by my credit card company a few hours prior about fraudulent charges. The thread was just something applied to my own life on Monday, so I read it.

As I read the first few posts, I noticed that everyone who had been contacted, all on Monday morning, had all also ordered from AHS in the past week or two.

I felt that was enough reason to contact Forrest and inquire about if there was some sort of checking they could do on their end to see if there had been an electronic break-in. I was not (and AM not,) saying it *had* to be AHS, but I felt it appropriate to contact AHS and have them follow up on it.

And, yes, I pointed out that I knew that AHS stored credit card info at least long enough for them to manually ring things up at the store after an order was submitted online.

BUT... if AHS has gone through the process of checking things out and has found nothing amiss on their end, then it seems unfair to blame them, doesn't it?

I never set out to blame AHS for this at all. I just thought that Forrest and Co would want to know and do some checking on their end.

 

[TXCrash]

Ot ramble....

 

[SpanishCastleAle]

And just to clarify/repeat: it just recently happened to me and I haven't ordered from AHS in quite a long time.

 

[Flomaster]

I have built up my shopping cart and gone down to the grocery store "FRYS" and bought a visa giftcard for the exact amount. I suppose this could be done for EVERY transaction you make online.

-=Jason=-

 

[Mischief_Brewing]

I just spent a half hour on the phone with my bank in response to a "suspicious activity" email they sent this afternoon. I now have to go to the bank to pick up a temp card so I'm not stuck cardless for 5-10 business days.

Apparently a single dollar charge from some random vendor name in MS activated the fraud system. I make tons of purchases on that card every week and a single dollar charge triggered it? I'm wondering if there's something about how the transaction is processed that triggers it.

This is the second time this has happened to me in 4 months and while the bank handles everything really quickly and professionally, it's still a major hassle.

F*!K thieves!

 

[JonW]

Apparently a single dollar charge from some random vendor name in MS activated the fraud system. I make tons of purchases on that card every week and a single dollar charge triggered it? I'm wondering if there's something about how the transaction is processed that triggers it.

When a card is swiped on a machine, it sends additional data with the transaction so the bank knows the difference between a "swiped" transaction and a "card not present" transaction. Additionally, if they did not know your CVV code from the back, it triggers it at an even higher level as being "card not present" plus "CVV not present". The $1 charge amount is just icing on the cake to seal the deal for a fraud alert.

 

[Walker]

Apparently a single dollar charge from some random vendor name in MS activated the fraud system. I make tons of purchases on that card every week and a single dollar charge triggered it? I'm wondering if there's something about how the transaction is processed that triggers it.

No. I was literally just the small amount that triggered it.

This is something I learned when the first time I had a card number stolen, about 10 years ago.

The thieves will hit the card with very small charges, usually $1 or $2 to make sure that the card is working. Then they will try another larger charge. Then they will start going crazy with it. So, a very small charge will turn on a warning light for the CC company.

My credit card company had their fraud system triggered on Monday morning because there were two $1.99 charge made to the card. Then there was $120 to pizza hut. Then the charges started coming in at $500 or larger.

The $500+ charges never went through because the CC company had already locked the card down. The $1.99 charges and the Pizza Hut charge went through, but were promptly refunded to me.

edit: One time, I triggered the fraud alert myself by buying a pack of altoids at Walgreens before taking off on a road trip, and then a bottle of soda a hundred or two miles down. Those two little charges triggered a lock down and I had to call the CC Company to get it lifted.

 

[Mischief_Brewing]

That's what I was thinking.

Oh, and to fan the AHS flames, I ordered 6 perlick faucets from them less than 2 weeks ago. I hope it's not a breach on his side, but if it is, I hope he can get it fixed easily and quickly. I love AHS!!

 

[JonW]

Walker thats a lot of pizza those fools got for free.

do, these guys actually transpose your info into a new card that they swipe or just give the card number over the phone?


-=jason=-

The only way to make a new card is to swipe the original card to get all data from tracks 1/2/3 (multiple data tracks on the back of the card). Knowing your name and card number alone is not enough to encode a functional card.

Likely all the transactions are just using manually keyed numbers into a web site.

 

[denmfu]

I don't want to blame AHS, in fact I will more than likely keep ordering from them. I need to look into temp CC number when I online order things since I'm addicted to having brown boxes waiting for me when I get home.