Ever have a credit card number stolen???

[bovineblitz]

Notice that the perlicks are "Silver and Black"...

just sayin'

Oh nice, you're a Spurs fan?

 

[weirdboy]

Oh nice, you're a Spurs fan?

Given the choice of glassware I'm pretty sure it's the Raiders.

 

[bob1852]

Since this thread has slightly turned off topic - maybe Forrest should hire this guy to get to the bottom of it....

 

[r8rphan]

Oh nice, you're a Spurs fan?

Ummm.. I think not.... the 'original' Silver and Black...

 

[bovineblitz]

Given the choice of glassware I'm pretty sure it's the Raiders.

aww, you missed the humor

 

[meangreen83]

Since my card information was stolen two weeks ago they have tried to spent over $5K on my card. The only one that got through was at a Pizza Hut in the UK. They keep trying to use it at the same Pizza Hut everyday, including two $62.00 charges yesterday. How can they not catch these people if they keep trying at the SAME PLACE EVERY DAY!

Of course, I use a bank from a small town(~1300 people) in Oklahoma. Frankly, I was shocked they caught it in the first place!

 

[stratslinger]

meangreen83 - have you cancelled that card and had a new one re-issued? It doesn't sound like it, if you're still able to track what the crooks are trying to do with the card. The bank will block most of them, but sooner or later one or two is bound to get by...

And I've gotten some clarification from a couple folks on what Walker and riverfrontbrewer have been posting about. Seeing that, I'm leaning more and more towards avoiding AHS outright until and unless AHS starts providing some transparency into what's going on here. It sounds as if Forrest is trying to reassure people on this thread, where everyone can see it, that he's handling information correctly and that his security and procedures are sufficient to protect that info, but then in private messages to at least some concerned parties he's being a little more forthright that his policies were not at all sufficiently secure before this mess started.

In that light, I'm no longer confident he's been upfront with us regarding his new policies. Considering that, though an awful lot of his kits look mighty tasty to try out, I think I'll be shopping elsewhere for the foreseeable future.

 

[r8rphan]

I don't really care if his 'previous' policy was risky.. I mean, by now, we're all pretty well aware that there was a problem, so he might as well put it all out there... At this point it will do more good than harm..

What I want to see is:

1) Total Honesty and transparency (describe exactly what happened)

2) A change in the way he does things...

I think that's all the vast majority here want to see...

You can't even begin to fix a problem until you first admit you have one...

 

[Navy_Chief]

I don't really care if his 'previous' policy was risky.. I mean, by now, we're all pretty well aware that there was a problem, so he might as well put it all out there... At this point it will do more good than harm..

What I want to see is:

1) Total Honesty and transparency (describe exactly what happened)

2) A change in the way he does things...

I think that's all the vast majority here want to see...

You can't even begin to fix a problem until you first admit you have one...

Exactly...

The repeated statements of I have looked into this and the problem is not with AHS are not reassuring at all. Nothing against Forrest, but what are his qualifications to conduct a investigation? Much less a computer forensic investigation if the leak is related to the handling of information on computer systems? It comes across as empty sentiments to ensure that we continue to order.

I know that the majority of people who have been effected by this are not out actual money, although there are a few who had their debit card stolen which is much more serious. The point is that nobody should have to go through this because of sloppy handling by a retailer. And while they have not lost any money in the process their time and inconvenience does have a very real value.

 

[Tu13es]

I ordered from AHS on 1/15. I got something in the mail today saying there was fraudulent activity from Bank of America. Called them and they said somebody overseas had called them trying to get info about my account but were unsuccessful. They're mailing me a new card with a different account number.

Grr.

 

[gx1340]

My friend and I recently had cards compromised. He had two and I had one. The only place that we had both used these cards recently was Austin Home Brew.

 

[riverfrontbrewer]

Your inbox is full......please clear

meangreen83 - have you cancelled that card and had a new one re-issued? It doesn't sound like it, if you're still able to track what the crooks are trying to do with the card. The bank will block most of them, but sooner or later one or two is bound to get by...

And I've gotten some clarification from a couple folks on what Walker and riverfrontbrewer have been posting about. Seeing that, I'm leaning more and more towards avoiding AHS outright until and unless AHS starts providing some transparency into what's going on here. It sounds as if Forrest is trying to reassure people on this thread, where everyone can see it, that he's handling information correctly and that his security and procedures are sufficient to protect that info, but then in private messages to at least some concerned parties he's being a little more forthright that his policies were not at all sufficiently secure before this mess started.

In that light, I'm no longer confident he's been upfront with us regarding his new policies. Considering that, though an awful lot of his kits look mighty tasty to try out, I think I'll be shopping elsewhere for the foreseeable future.

 

[stratslinger]

Cleared... 5 messages in in/out box is more restrictive than I expected. Maybe I oughtta upgrade at some point soon.

 

[remilard]

Your inbox is full......please clear

Would you mind sending me a PM as well?

 

[jr82]

I'm typically only a lurker but feel the need to throw my hat in the ring. I'm by no means pointing fingers but last week I placed my first order with AHS after all the good reviews on here. Just got a call from Chase, $6k in fraudulent charges=account closed. I have nothing bad to say about the product or service, but at this point its beyond coincidence. Until I hear of some sort of resolution, I'm going back to Midwest based on years of problem free ordering. I hope they can resolve this issue.

 

[WhiskeySix]

This eternal thread has done several things for me. I ordered hops rizomes from AHS on 2/9 using a debit card. Hopefully that was two days after they were aware of a problem. I ordered on 2/9 but my card wasn't run until 2/11. Where was my card info for two days? I called them after reading the OP and was assured that I would be OK.

Not sure I will continue to use AHS. It "appears" that they are denying any culpability in this. Yet dozens of posters here have been victims. All with one thing in common. Time for AHS to make a definitive statement about what may have happened and what steps have been taken to prevent another occurrence. That or face a probable exodus of customers. Keep in mind that we are only hearing about HBT members. How many total customers have been effected?

I have used my debit card for years for countless online purchases. So far I have never had a problem. I will change that practice.

I have added the first person to my ignore list. Can't stand whiners or post queens.

So now I check my bank balance several times a day. Waiting for all this to clear.

 

[Hermit]

This eternal thread has done several things for me. I ordered hops rizomes from AHS on 2/9 using a debit card. Hopefully that was two days after they were aware of a problem. I ordered on 2/9 but my card wasn't run until 2/11. Where was my card info for two days? I called them after reading the OP and was assured that I would be OK.

Not sure I will continue to use AHS. It "appears" that they are denying any culpability in this. Yet dozens of posters here have been victims. All with one thing in common. Time for AHS to make a definitive statement about what may have happened and what steps have been taken to prevent another occurrence. That or face a probable exodus of customers. Keep in mind that we are only hearing about HBT members. How many total customers have been effected?

I have used my debit card for years for countless online purchases. So far I have never had a problem. I will change that practice.

I have added the first person to my ignore list. Can't stand whiners or post queens.

So now I check my bank balance several times a day. Waiting for all this to clear.

Maybe wouldn't hurt to call the card company and have them flag the card as 'possibly' compromised just to be safe.

 

[BigHefty]

Maybe wouldn't hurt to call the card company and have them flag the card as 'possibly' compromised just to be safe.

I don't know if you can do that. As soon as you say it's "possibly" been compromised they will cancel and reissue to protect themselves. It's probably a good idea for anyone that's dealt with AHS in the past month or so to get a new number just to be safe. It's surely a pain but would give a little peace of mind.

 

[Hermit]

I don't know if you can do that. As soon as you say it's "possibly" been compromised they will cancel and reissue to protect themselves. It's probably a good idea for anyone that's dealt with AHS in the past month or so to get a new number just to be safe. It's surely a pain but would give a little peace of mind.

Well, since the card is a debit card I would tend to take the proactive route instead of just hope nothing hits it. According to things in this thread a debit card is at greater risk of not being reimbursed.

 

[rawlus]

people. rather than go through the effort and time of checking your balance daily to see if something is amis, just go to your bank and get a new card. its really not that difficult... cards are compriomised all the time, and it happens to national retailers as well.. remeber TJMAXX a few years ago? stop&shop has had it happen as well. ive shopped at both over the years, so just to be safe, when i heard the news, i just went to the bank and requested a new card, no cost, no worry, no inconvenience. some banks will even give you a temporary card to use until the new one is issued.

if your bank wont do this, switch banks.

i cannot believe what a big deal people are making of this.

dont assume its "possibly" compromised, if you have any concern at all just get a new card issued. problem 100% solved. anyone who's shopped at AHS in the past few months should just get new cards issued, then they wont have to react when and if their bank account is drained or their CC is dinged for whatever and we wont have the daily drama of victim stories be posted. stop being victims, be proactive and make a call or visit and cancel/reissue whatever cards you used.

easy. done.

 

[knotquiteawake]

some banks will even give you a temporary card to use until the new one is issued.

if your bank wont do this, switch banks.

It only took me 10 minutes in my local Wells Fargo Branch to get a temporary debit card and have it activated. I then drove right over to the grocery store and bought my dinner. Super Easy, no hassle at all.

 

[Seven]

people. rather than go through the effort and time of checking your balance daily to see if something is amis, just go to your bank and get a new card. its really not that difficult... cards are compriomised all the time, and it happens to national retailers as well.. remeber TJMAXX a few years ago? stop&shop has had it happen as well. ive shopped at both over the years, so just to be safe, when i heard the news, i just went to the bank and requested a new card, no cost, no worry, no inconvenience. some banks will even give you a temporary card to use until the new one is issued.

if your bank wont do this, switch banks.

i cannot believe what a big deal people are making of this.

dont assume its "possibly" compromised, if you have any concern at all just get a new card issued. problem 100% solved. anyone who's shopped at AHS in the past few months should just get new cards issued, then they wont have to react when and if their bank account is drained or their CC is dinged for whatever and we wont have the daily drama of victim stories be posted. stop being victims, be proactive and make a call or visit and cancel/reissue whatever cards you used.

easy. done.

I don't see people here acting like poor, helpless victims. I do see them (me included) as being pro-active and taking steps to protect ourselves. I see people sharing their stories in the hopes that it will alert others about what's going on. And I'm glad they are doing it. It gives me hope that something is working right for a change instead of being buried or ignored.

Part of being pro-active is figuring out what happened in the first place ... and that's what we are waiting to hear back from AHB. What exactly happened???

I want to know if a retailer is mishandling my personal/financial information. I want to know if they are being forthcoming about what happened. I want to know if they've identified the problem and taken corrective measures so I can decide whether or not to shop there in the future.

Cheers.

 

[lazytaper]

I am with you but I think we are jumping the gun a little here.

Let's give them some time to sort this out and report back. I'd rather them give a concrete answer than a step by step of what they think that turns out to not be the end result. I don't think this is a problem that is going to be figure out overnight if it is on their end assuming it is not an employee. If it is a problem with a processor, I doubt anyone, including them, will ever hear about it.

I'm sure they are working on it. I am sure it is something that is beyond their technical expertise. I am sure it is in their interest to fix it.

It's nice to have a forum where people can come together to help each other as witnessed in this thread with people that were proactive with watching their accounts due to the publicity this has received. This will also be a great forum for them to clear their name and to truthfully convince everyone that the problem was identified and fixed so that everyone can go back to ordering from them and feeling good about it.

If I was in their shoes, I would have come out and said there is a yet undetermined problem with their credit card orders and we recommend all our customers to use our paypal system until this is sorted out. Assuming that is secure. Then I would report back with the outcome of the credit card fiasco we are witnessing. That seems to be the right thing to do from this perspective.

 

[emjay]

I am with you but I think we are jumping the gun a little here.

Let's give them some time to sort this out and report back. I'd rather them give a concrete answer than a step by step of what they think that turns out to not be the end result. I don't think this is a problem that is going to be figure out overnight if it is on their end assuming it is not an employee. If it is a problem with a processor, I doubt anyone, including them, will ever hear about it.

I'm sure they are working on it. I am sure it is something that is beyond their technical expertise. I am sure it is in their interest to fix it.

It's nice to have a forum where people can come together to help each other as witnessed in this thread with people that were proactive with watching their accounts due to the publicity this has received. This will also be a great forum for them to clear their name and to truthfully convince everyone that the problem was identified and fixed so that everyone can go back to ordering from them and feeling good about it.

If I was in their shoes, I would have come out and said there is a yet undetermined problem with their credit card orders and we recommend all our customers to use our paypal system until this is sorted out. Assuming that is secure. Then I would report back with the outcome of the credit card fiasco we are witnessing. That seems to be the right thing to do from this perspective.

Oh I largely agree with this. I don't expect them to publicly speculate precise causes until they've found and solved the issue for certain. But when I'm getting contradictory statements or manipulative half-truths about their practices in order to make people feel safer shopping with them, I don't feel like I can reasonably trust anything being said.

 

[rawlus]

my narrow understanding of the issue is that the breach did not occur on AHS servers or via their site. from their earlier posts, it sounded like they believed it occurred with their payment gateway provider as they referenced they were moving to a new provider... payment gateway providers are necessary for every business that accepts credit cards or plastic. if the breach was indeed with them, then chances are excellent that AHS customers were not the only ones affected, it could be customers from hundreds of other merchants who dont have a homebrew forum.

so before we asll go down the road of convicting AHS of not protecting our info, it might be wise to do what you have to do to protect yourself (change your card) and then wait and see what happens/what the story is after the investigation is complete.

if it is a vendor of AHS that has caused the issue, it will be obviously in the best interest of AHS to let their customers know that, and advise how they have responded (we have rec'd hints of that already), but it is also important to know that they will not be prepared to make a formal statement on the matter until they are absolutely sure that it is not their systems or processes that were compromised or at fault.

does this not make sense to everyone?

people do understand how ecommerce sites can work right? you place the order, the card number gets validated and reserved for the funds through a gateway like authorize.net, if the merchant does not process the transactions through the site, but does so manually, then they can login to authorize.net and review the days transactions, process them from authorized to posting and batch process them to begin the movement of funds from one place to another..in this instance, the numbers and the data pretty much remain on the authorize.net site, there is not necessarily any local typiing of numbers into a keypad, there is not necessarily any record of a number stored in any local system... the merchant gateway is serving the purpose of both authorizing the funds are available and as a remote cloudbased transaction terminal. not im not saying this is how AHS is doing it, just that, it could be doing it this way... again, based on my interpretation of their statements made thus far.

in other words, there is not necessarily deception at play here, it may be that consumers just dont have a solid idea of how the transaction is completed when they type their credit numbers into the internet site.

 

[pfeuffer]

Just another data point, 'cuz this thread isn't long enough already:

I made an in store purchase at AHS on 1/26, and the card has not been compromised so far.

Keeping my fingers firmly crossed and my eyeballs on the account.

 

[rawlus]

dude, dont cross your yourfingers and watch your account, just get a new card. why is everyone resisting the one thing that will absolutely protect them?

 

[Hermit]

it may be that consumers just dont have a solid idea of how the transaction is completed when they type their credit numbers into the internet site.

Yep. Consumers are to blame here. I had a customer on a server that took the info and the cart software emailed the card number to him when an order came in. Truth is YOU have no idea how this vendor processes his accounts at all either. You are taking your limited knowledge probably based on one experience and extrapolating it to this situation.

 

[gritmaster]

my narrow understanding of the issue is that the breach did not occur on AHS servers or via their site. from their earlier posts, it sounded like they believed it occurred with their payment gateway provider as they referenced they were moving to a new provider... payment gateway providers are necessary for every business that accepts credit cards or plastic. if the breach was indeed with them, then chances are excellent that AHS customers were not the only ones affected, it could be customers from hundreds of other merchants who dont have a homebrew forum.

so before we asll go down the road of convicting AHS of not protecting our info, it might be wise to do what you have to do to protect yourself (change your card) and then wait and see what happens/what the story is after the investigation is complete.

if it is a vendor of AHS that has caused the issue, it will be obviously in the best interest of AHS to let their customers know that, and advise how they have responded (we have rec'd hints of that already), but it is also important to know that they will not be prepared to make a formal statement on the matter until they are absolutely sure that it is not their systems or processes that were compromised or at fault.

does this not make sense to everyone?

people do understand how ecommerce sites can work right? you place the order, the card number gets validated and reserved for the funds through a gateway like authorize.net, if the merchant does not process the transactions through the site, but does so manually, then they can login to authorize.net and review the days transactions, process them from authorized to posting and batch process them to begin the movement of funds from one place to another..in this instance, the numbers and the data pretty much remain on the authorize.net site, there is not necessarily any local typiing of numbers into a keypad, there is not necessarily any record of a number stored in any local system... the merchant gateway is serving the purpose of both authorizing the funds are available and as a remote cloudbased transaction terminal. not im not saying this is how AHS is doing it, just that, it could be doing it this way... again, based on my interpretation of their statements made thus far.

in other words, there is not necessarily deception at play here, it may be that consumers just dont have a solid idea of how the transaction is completed when they type their credit numbers into the internet site.

If there is no typing of numbers into a keypad, why do I always get a receipt from them from a CC machine when I get my stuff in the mail? Also, why did the "hacker" also have my email address...is this typically sent to "authorize.net"?

 

[stratslinger]

my narrow understanding of the issue is that the breach did not occur on AHS servers or via their site. from their earlier posts, it sounded like they believed it occurred with their payment gateway provider as they referenced they were moving to a new provider... payment gateway providers are necessary for every business that accepts credit cards or plastic. if the breach was indeed with them, then chances are excellent that AHS customers were not the only ones affected, it could be customers from hundreds of other merchants who dont have a homebrew forum.

so before we asll go down the road of convicting AHS of not protecting our info, it might be wise to do what you have to do to protect yourself (change your card) and then wait and see what happens/what the story is after the investigation is complete.

if it is a vendor of AHS that has caused the issue, it will be obviously in the best interest of AHS to let their customers know that, and advise how they have responded (we have rec'd hints of that already), but it is also important to know that they will not be prepared to make a formal statement on the matter until they are absolutely sure that it is not their systems or processes that were compromised or at fault.

does this not make sense to everyone?

people do understand how ecommerce sites can work right? you place the order, the card number gets validated and reserved for the funds through a gateway like authorize.net, if the merchant does not process the transactions through the site, but does so manually, then they can login to authorize.net and review the days transactions, process them from authorized to posting and batch process them to begin the movement of funds from one place to another..in this instance, the numbers and the data pretty much remain on the authorize.net site, there is not necessarily any local typiing of numbers into a keypad, there is not necessarily any record of a number stored in any local system... the merchant gateway is serving the purpose of both authorizing the funds are available and as a remote cloudbased transaction terminal. not im not saying this is how AHS is doing it, just that, it could be doing it this way... again, based on my interpretation of their statements made thus far.

in other words, there is not necessarily deception at play here, it may be that consumers just dont have a solid idea of how the transaction is completed when they type their credit numbers into the internet site.

If that was the full story, then yes, that would absolutely make sense and I'd agree there's no deception at play here.

However - we've been told one thing publicly (exactly you just described), yet a few people have been given drastically different descriptions of how AHS handled information prior to this breach. By all reports, what you just described is exactly how they're handling transactions now. But people are being told privately that things were handled far differently prior to the breach.

Now, there is a chance that what people are being told privately is simply a case of one or more AHS employees speaking out of turn about issues they don't fully understand. Yet despite the fact that people have been asking for clarification on that count for days, Forrest has been silent in this thread since late last week.

Add to that the fact that they are aware that there is at least a significant chance that there was a breach in their (or their vendors') systems, and they have not done anything to proactively alert their customers. I'd argue that they have an ethical obligation to do so. They have not done so, which at least looks like they're just hoping this all blows over and anyone who wasn't directly impacted will never know the difference.

A little transparency would go an awful long way to helping to calm a lot of suspicions around here.