Ever have a credit card number stolen???

[kellynm]

One thing I'd like to say...

The last thing any of us want to do is to see our friend, AHS, lose our business. I understand the desire to temporarily suspend doing business with them until this gets resolved (and maybe it is already). Whatever the case may be, when it does get resolved and their site is secured, let's not crucify them by shopping elsewhere. I've only placed 2 orders with them, but both were professionally handled and I like them. I'm not happy about the fraud (as many of you are feeling too), but I am able to look beyond this and do business with them again. I'd really like to see someone from AHS get in here and let us know when they are secure again... the sooner the better. Cheers.

 

[KurtB]

It amazes me that they purchase stuff they have to show up for to use, like tickets??? Guess these are dumb ones huh? Hope they get busted.

Full fare airline tickets are nearly as good as cash. Easily transfered & changed to other flyers.


As for stolen CC's, I worked as a billing disput rep for one of the major cred card companies for many years. Fraud is an easy, though inconvient, fix for the card holder. At most it should be a phone call and a form letter. Of course you are stuck waiting for a replacement card as well. Debit card purchases can be more of a problem.

Finally, you can add me to the list of people with stolen CC #'s. I ordered from AHS on 2/1, and got the phone call this afternoon from my credit card company. 2 charges yesterday flagged the account. 1 was a $3.03 internet purchase, and the other was $500 on Ethiopian Airlines (I did not even know that airline existed).

Only other purchase with that card in the past 3 months was an in store purchase @ a maned register in a Home Depot a few days before the online purchase.

Hope it gets cleared up soon.

Kurt

 

[riverfrontbrewer]

One thing I'd like to say...

The last thing any of us want to do is to see our friend, AHS, lose our business. I understand the desire to temporarily suspend doing business with them until this gets resolved (and maybe it is already). Whatever the case may be, when it does get resolved and their site is secured, let's not crucify them by shopping elsewhere. I've only placed 2 orders with them, but both were professionally handled and I like them. I'm not happy about the fraud (as many of you are feeling too), but I am able to look beyond this and do business with them again. I'd really like to see someone from AHS get in here and let us know when they are secure again... the sooner the better. Cheers.

Unsafe websites should not be used.

 

[crackhead7]

I figure for entertainment purpose I would ignore the fear and place and order w/ AHB last night that I had been planning anyways. I used a credit card that I dont mind having to close. I had my debit card hit from my "play" money account monday after a use to an unreleated site to the one in this thread. We will see if there is a problem soon I suppose. LOL (yes I know it seems a litlle crazy, but I am sane.)

 

[maxamuus]

Full fare airline tickets are nearly as good as cash. Easily transfered & changed to other flyers.

That was true in 1980. Now days all airline tickets are e-tickets and are nontransferable.

 

[Fat_Bastard]

an update would be nice.The silence is deafening

 

[stratslinger]

an update would be nice.The silence is deafening

Really? Have you read all of the thread (I know, it's pretty damn big now that the three were merged)? Because Forrest has been providing updates as he can - in fact, his last was about this time yesterday, which was impressive considering in Texas right now it's around 5AM.

I'm not saying necessarily that you're doing this, but there have been a lot of folks who've gotten in, read the last page or two of the thread, then complained that Forrest wasn't doing anything - when just a little more scanning of the thread would have shown the opposite.

The kind of stuff he has to investigate takes time - it's not going to be done in a day or two. I'm personally happier knowing that he's working the problem, rather than spending all his time here talking about it instead.

Forrest is indeed on the problem, and I trust he'll update us once he has something to update us with. I wouldn't be surprised to see a similar update message this morning to the one he posted yesterday, but I also wouldn't blame him for focusing on the problem, particularly if he's close to either finding it or exonerating his company and his business partners.

 

[wildwest450]

Has ANYONE been compromised that went through paypal at checkout from AHS? That's how I did mine. I only do paypal through my credit cards on the internet if possible.



_

 

[Navy_Chief]

Has ANYONE been compromised that went through paypal at checkout from AHS? That's how I did mine. I only do paypal through my credit cards on the internet if possible.



_

I would be extremely surprised if PayPal transactions were compromised, the retailer never sees the actual transaction, all they see is a deposit in their PayPal account. Having you PayPal account hacked through Phishing is another thing entirely.

Heres to hoping that this gets sorted out soon with a satisfactory result for all involved.

 

[bschoenb]

Just had it happen yesterday; apparently someone bought two transactions online with Apple w/my DiscoverCard. Got a call on my cell from their Fraud Center.

I made a transaction to AHS a week earlier onlne ?

 

[Austinhomebrew]

At this point, no bank has contacted us and our hosting company has not been able to find anything.

Rest assured, that no credit cards are stored on our website. And for good measure, I have switched credit card processors. We are trying to eliminate as many variables as possible.

Thanks for all of your support.
Forrest

 

[ColoradoJon]

I'll chime in... I too received a call from my CC company. Two fraudulent charges. One on Feb 7th for just over $2 to some dental company, and another to Microsoft that was declined. CC company closed the account.

This card was used several times in January at AHS and Kegconnection.com, but previously used in December at Amazon.

CJ

EDIT: wrong date on fraudulent charge. I had originally said Feb 2nd, when it was actually Feb 7th.

 

[crackhead7]

+1 on thinking that people need to read ALL of the thread before commenting to ensure that they don't sound illiterate.

 

[KurtB]

That was true in 1980. Now days all airline tickets are e-tickets and are nontransferable.

You are right. Must have had too many beers last night before posting and it made me remember the "good old days" of high school. More likely, the airline ticket fraud is more closely related to the same scam that was revealed in this article from last year. http://travel.usatoday.com/hotels/p...-airline-ticket-fraud-prosecutors-say/99489/1 Though I would have to look into it further, but I still think there is a way to run the scam by seling cancelled filght credits and stuff like that.

Like I said, I worked the billing disputes side of the equation. I may have to reach out to some of my CC fraud investigator friends to get the background on the more current scams that are running.

Either way, let's hope Forrest can get to the bottom of this, let us know what happened, and put it to rest once and for all.

 

[jsb]

At this point, no bank has contacted us and our hosting company has not been able to find anything.

Rest assured, that no credit cards are stored on our website. And for good measure, I have switched credit card processors. We are trying to eliminate as many variables as possible.

Thanks for all of your support.
Forrest

Yeah I shopped with you. Yeah, I got a $3.93 probe charge that was rejected by my CC company. No, I will not hesitate to shop with you again. Your CC processing tools, techniques, and providers have undergone a lot of scrutiny lately, and should be pretty dang solid now; as solid as could be reasonably expected.

It sucks for your business to be victimized this way, and I refuse to be part of the pile-on mentality. I think I will go brew the Fat Tire kit you sent me, and start thinking about my next AHS order.

Chin up!

 

[wildwest450]

I certainly won't stop ordering from Forrest either. I have had my info stolen once before (not related to this), and I haven't stopped internet shopping. That's like saying you're not going to the grocery store because you got robbed in the parking lot.

Why anyone would use a debit card is still beyond me. Let the credit card people take the loss.

 

[DrawTap88]

Forrest, thanks again for the update. It is very much appreciated. FYI-I don't think anyone will, myself included, will stop shopping at AHS because of this.

 

[PorterIdontknowher]

At this point, no bank has contacted us and our hosting company has not been able to find anything.

Rest assured, that no credit cards are stored on our website. And for good measure, I have switched credit card processors. We are trying to eliminate as many variables as possible.

Thanks for all of your support.
Forrest

Add me to the AHS purchasers that have had fraudulent charges.

It is a card that I use all the time and I had probably 25 transactions on it this month, so obviously I can't be certain, but it is a data point.

I bought from AHS on 1/22... fraud occurred 2/8... not a huge effect on me since it never posted... just getting a new card in the mail and I needed to change one automatic payment. I'll use the other card I regularly use until the new card arrives.

I'm guessing the processor got hacked and is not willing to admit it or hasn't found it yet...

I won't fault Forrest... but I don't need to order anything right now anyway... I'm just waiting patiently for my Barleycrusher...

 

[knotquiteawake]

I for one am going to order an Anchor Steam Clone because SWMBO demands it, I'll have to use her card though since mine is deactivated :cross:

 

[Mischief_Brewing]

Just placed an order for some specialty grains to brew my Irish Red through AHS. I needed one more stainless tap flange for my liquor cabinet build too Had to go Paypal since my card is still in transit from BofA...

I hope somebody get's caught in this fraud...

 

[weirdboy]

Could be someone who works at the hosting company...

 

[Ciliorozo]

At this point, no bank has contacted us and our hosting company has not been able to find anything.

Rest assured, that no credit cards are stored on our website. And for good measure, I have switched credit card processors. We are trying to eliminate as many variables as possible.

Thanks for all of your support.
Forrest

Thanks for the update Forrest. I, like most on here, won't quit using you guys! At least you have payment options, such as PayPal, that could help people purchase from you during this time of CC uncertainty. I just bought a wine kit from you for the SWMBO .

I hope its nothing on your end, but at least your being proactive and taking steps to help eliminate any doubt and get this taken care of. And to me whether or not it did happen on your end, that's a sign of good service and taking care of your customers. Good luck getting this all ironed out. Thanks and Cheers!

 

[Fat_Bastard]

Thanks for the update it is greatly appreciated.

 

[DaBiggin]

I ordered from AHS on 1/17 and after being notified by a fellow Brewer about potential problems with AHS CC processing, I checked my CC account to find a fraudulent charge on 2/8 to a web site named "Reg-repair.com". ***** DO NOT ***** navigate to that site as it is flagged as a malicious web site.

Anyway, I view AHS as much of a victim in this (or more so) as me.

 

[c0bra]

I ordered from AHS on 1/17 and after being notified by a fellow Brewer about potential problems with AHS CC processing, I checked my CC account to find a fraudulent charge on 2/8 to a web site named "Reg-repair.com". ***** DO NOT ***** navigate to that site as it is flagged as a malicious web site.

Anyway, I view AHS as much of a victim in this (or more so) as me.

My charge was also to reg-repair dot com.

 

[MikeG]

I notified a co-worker yesterday (Thursday) who shops with AHS to watch for possible fraudulent charges, he just informed me he his bank called regarding two fraudulent charges for $50 each. He has to fill out some paperwork but he should be covered.

He ordered from AHS around Wed (2/1). He will also continue to shop with AHS.

 

[Ralelen]

I bought from AHS on 1/18 and 2/9 and have had no such problems. Just a shot in the dark; are the malicious reports coming from one area of the country (East/West of the Missisippi)? Maybe a certain bank?

 

[r8rphan]

And for good measure, I have switched credit card processors. We are trying to eliminate as many variables as possible.

That's what I wanted to hear...

 

[gritmaster]

Yet another individual hit

Chase Visa Debit Card:
AHS online purchase 1/6/2011 then on 2/9/2011:

42ND PHOTO.COM NEW YORK NY $1,433.28

M CONSTRUCTION INC REDINGTON SH ME $1.16

Was actually the retailer (42nd St Photo) that caught it - Overdrew my bank account, and so I now have $0 balance for a few days because Chase's system is so slow

 

[r8rphan]

Just checked my account on line.. Fraudulent charges are gone now.. Three days from reporting.. Not bad.. I love my community bank... There's a two dollar overdraft charge on there, but when I go in and make a deposit today, I'm sure that will go away...

Now if my new card just shows up today or tomorrow, I'm back in business in time to pay the bills...

 

[Seven]

At this point, no bank has contacted us and our hosting company has not been able to find anything.

Rest assured, that no credit cards are stored on our website. And for good measure, I have switched credit card processors. We are trying to eliminate as many variables as possible.

Thanks for all of your support.
Forrest

Hi Forrest,

I read a post earlier that said online credit card transactions to AHB were all processed "by hand." Can you please elaborate on exactly what this means?

Does it mean a customer's credit card information is somehow passed to an employee who then punches the credit card info. into a terminal (or whatever) and therefore these employees have direct access to the customer's credit card information?

Hearing more about this will help with my comfort level about future purchases.

Thank you.

 

[gritmaster]

Yet another individual hit

Chase Visa Debit Card:
AHS online purchase 1/6/2011 then on 2/9/2011:

42ND PHOTO.COM NEW YORK NY $1,433.28

M CONSTRUCTION INC REDINGTON SH ME $1.16

Was actually the retailer (42nd St Photo) that caught it - Overdrew my bank account, and so I now have $0 balance for a few days because Chase's system is so slow

One other thing I should mention, and I know this because of the sales rep at the photo store - the person that tried to use my debit card also had my home address, home phone, and my email address, too - they had the same email I used on my AHS account. The only reason 42nd Photo called me was because the idiot forgot to put a zip code in the "Ship-To" form on their website (of course, I was the person they tried to "Bill-To"!!)

So I guess what I am trying to say is, if in fact AHS was compromised, the hacker was able to glean information that is stored on your website (addresses and phone #s) in addition to CC#s.

Forrest: I am sure phone # / address is passed on to your Credit Card Processor for each transaction, but what about email address? If not, it is more and more likely the data was obtained from your website as opposed to credit card machine receipts in the trash or a CC processor.

 

[JonW]

One other thing I should mention, and I know this because of the sales rep at the photo store - the person that tried to use my debit card also had my home address, home phone, and my email address, too - they had the same email I used on my AHS account. The only reason 42nd Photo called me was because the idiot forgot to put a zip code in the "Ship-To" form on their website (of course, I was the person they tried to "Bill-To"!!)

So I guess what I am trying to say is, if in fact AHS was compromised, the hacker was able to glean information that is stored on your website (addresses and phone #s) in addition to CC#s

That is good info to add for AHS to research. While most CC processors and gateways also get sent your address & phone, very few would get sent your e-mail address. If AHS can confirm that their gateway/processor does not get sent the e-mail address, then that will help them narrow down where the leak is coming from.

 

[ChshreCat]

Hi Forrest,

I read a post earlier that said online credit card transactions to AHB were all processed "by hand." Can you please elaborate on exactly what this means?

I'd be curious if this information is printed out on paper for the person to enter in by hand. And if so, what happens to those papers? I could imagine someone dumpster diving for these or for an unscrupulous employee walking out with a stack at the end of the day. If someone was getting a hold of order forms, that would explain the crooks having not just the card number but addresses, phone numbers, etc.

 

[jsb]

One other thing I should mention, and I know this because of the sales rep at the photo store - the person that tried to use my debit card also had my home address, home phone, and my email address, too - they had the same email I used on my AHS account. The only reason 42nd Photo called me was because the idiot forgot to put a zip code in the "Ship-To" form on their website (of course, I was the person they tried to "Bill-To"!!)

So I guess what I am trying to say is, if in fact AHS was compromised, the hacker was able to glean information that is stored on your website (addresses and phone #s) in addition to CC#s.

I was just told by Mastercard (HSBC Bank) that some Vancouver Bank, LLC or some such called them in an attempt to verify my address, gave them a wrong address and phone, and wanted them to provide the correct one (which they did not). My new card is on the way.

Just a note that this seems pretty well organized and thorough, as it has both physical and social hacking components to it.

 

[Seven]

I'd be curious if this information is printed out on paper for the person to enter in by hand. And if so, what happens to those papers? I could imagine someone dumpster diving for these or for an unscrupulous employee walking out with a stack at the end of the day. If someone was getting a hold of order forms, that would explain the crooks having not just the card number but addresses, phone numbers, etc.

Agreed. Or is customer credit card data stored on a personal computer or email program?

I'm not trying to create any anti-AHB sentiment... I'm just hoping the problem can be identified and fixed so we can learn from it and move on. I like AHB very much and I want to keep shopping there in the future.

 

[baldnate]

I just got hit as well. $150.00 from PayPal. About to cancel my card.

Also, I have recently done business with AHB (if anyone is still keeping track of that stuff). Not blaming or hating... just a data point.

Finally... props to the people that have been posting on the stolen CC threads. Seeing the post and reading about the AHS rumblings were the only reasons I checked my recent CC activity online, and I managed to catch the bogus transaction the day it posted. PROST!

 

[snevey]

All we need is another guy posting on this thread, but I'm curious what software you guys use for your anti-virus/anti-malware? Reason I ask is, as an IT Professional, I see people being infected with those fake anti-virus programs ALL the time, and Norton, Kaspersky, Symantec, Free AVG, etc never catch those malicious programs. Of course the user doesn't install those fake programs, they just pop up, usually installed through some banner script on a web page. I run Webroot, as it doesn't let anything get past it.

The reason I ask is because as easy as it was for these people to get the fake anti-virus programs installed on their PC's without their permission, who is to say that a keyboard logger, or other sophisticated script/program couldn't be installed? Check your HOSTS file too. usually located in C:\Windows\Sytem32\drivers\etc. Look for any websites in there. Your PC checks for DNS name resolution in a local hosts file first. IE, if you go to www.homebrewtalk.com, your computer checks this hosts file to translate it into an internet IP address, if it exists in your hosts file, it goes to that web page. It would be ALOT of work, but who is to say that someone didn't "clone" Austin Homebrew's webpage and then use a DNS or HOSTS file exploit, redirect customers to their cloned site?

Be kind to Austin Homebrew. They don't want this exposure any more than you do...

 

[jhobson]

Jumping in on this thread as well. Purchased from AHS on 1/19 and had fraudulent activity on that card on 2/8. It's a card that's rarely used. Card was used to purchase airfare from a South African airline.

 

[DrawTap88]

Check your HOSTS file too. usually located in C:\Windows\Sytem32\drivers\etc.

Didn't see any websites, but the two most recent "additions" were from 1/26/11 and are called "dxgkrnl.sys" and "dxgmms1.sys." Also, besides all the .sys files there were two .dll files. Not sure what they are.