Ever have a credit card number stolen???

[knotquiteawake]

I wrote the announcement under my own advisement.

Forrest

Self representing then I see.

 

[Austinhomebrew]

The week I ordered they didn't ship for over 4 days, I sent Forest a PM and he told me they were backed up because over the weekend of the 15th/16th of January they had over 300 online orders. If that is a single weekend then over the course of a month they must have well over a thousand plus online orders. 50 out of a 1000 is not a "small" number but I could see it being labeled a "limited" number.
However, saying that here, seems to marginalize us in a way that has pushed me from the "oh come on give them a break" camp to the "going to not order from them until this is sorted out" camp.

I am not trying to marginalize anyone. I was just trying to put it in perspective. We have a very large volume of orders. The 300 I mentioned was just the number at that moment. I will have more information as soon as I can. Thanks.

Forrest

 

[knotquiteawake]

Its ok, you just need a copy editor or PR editor to deal with the PMSing members of the board here (myself included). I'll fix that line in question, no charge!

Austin Homebrew Supply has received communication from a very limited number of our most valued honored and esteemed customers who are in large part a member of this great valuable and important community, that they recently have had fraudulent charges on their credit or debit card.

 

[rawlus]

My name isn't Jack but that is just one more way to condescend to us less qualified folks I guess.

my emotions got away from me when you questioned my intellect and knowledge. sorry!

 

[rawlus]

i can appreciate the trauma a fraud act can cause, however, one should realize that there is no one approach that is 100% secure.

(full disclosure: i have been a victim of fraud multiple times over the years, and a potential victim even more times, though not with AHS or any homebrew store yet)

a merchant can/could take every precaution in the book, follow every best practice and do everything in their power to minimize the risk, be compliant with industry standards, etc, but because of the other parties involved in the processing of credit cards/debit cards, banks, merchant services, gateway companies, hardware providers, hosting companies, technology providers... i believe it is an unreasonable expectation to place upon a merchant that nothing will ever happen to your card/account. It seems that perhaps at least some of the victims are looking for guarantees in this thread... this is the whole reason CC companies have fraud protection programs, investigators, card replacement services, etc. If your process after having your card compromised is unsatisfactory, you should ALSO be looking at your own issuing bank... hoping/dreaming that it will never happen to you is unrealistic IMHO based on personal and professional experience.

 

[Hermit]

Yep. Consumers are to blame here. I had a customer on a server that took the info and the cart software emailed the card number to him when an order came in. Truth is YOU have no idea how this vendor processes his accounts at all either. You are taking your limited knowledge probably based on one experience and extrapolating it to this situation.

my emotions got away from me when you questioned my intellect and knowledge. sorry!

I'm not sure how you get I questioned you "intellect" from that posting. You did say most of us had no clue how internet transactions are handled and then laid out a lengthy post that may or may not apply to how this vendor does/did his transactions but the implication was clear that you believed the vendor never saw the cc numbers. I was right to point out you also had no direct knowledge of how these transactions were handled in spite of your lengthy post on how 'interent transactions are handled'. I gave you an example of how one vendor I knew did his transactions to show another way of doing it, and I might add, seemed more consistent with what had been told to other posters by AHS. Your throw away disclaimer at the end not withstanding.

 

[rawlus]

"You are taking your limited knowledge probably based on one experience and extrapolating it to this situation."
i already had acknowledged that i knew little of AHS' specific system. that does not mean i know little on the subject. or that i base my understanding on only one experience.

my earlier points.
my narrow understanding of the issue is that the breach did not occur on AHS servers or via their site. from their earlier posts, it sounded like they believed it occurred with their payment gateway provider as they referenced they were moving to a new provider... payment gateway providers are necessary for every business that accepts credit cards or plastic. if the breach was indeed with them, then chances are excellent that AHS customers were not the only ones affected, it could be customers from hundreds of other merchants who dont have a homebrew forum.

if it is a vendor of AHS that has caused the issue, it will be obviously in the best interest of AHS to let their customers know that, and advise how they have responded (we have rec'd hints of that already), but it is also important to know that they will not be prepared to make a formal statement on the matter until they are absolutely sure that it is not their systems or processes that were compromised or at fault.

in other words, there is not necessarily deception at play here, it may be that consumers just dont have a solid idea of how the transaction is completed when they type their credit numbers into the internet site.

 

[rawlus]

I'm not sure how you get I questioned you "intellect" from that posting. You did say most of us had no clue how internet transactions are handled and then laid out a lengthy post that may or may not apply to how this vendor does/did his transactions but the implication was clear that you believed the vendor never saw the cc numbers. I was right to point out you also had no direct knowledge of how these transactions were handled in spite of your lengthy post on how 'interent transactions are handled'. I gave you an example of how one vendor I knew did his transactions to show another way of doing it, and I might add, seemed more consistent with what had been told to other posters by AHS. Your throw away disclaimer at the end not withstanding.

just to be clear, i did NOT imply the vendor never saw the CC#'s, i thought i made myself explicitly clear that the vendor may not STORE the numbers on a local device/computer.... ie. a mass amount of numbers may not have been stolen from AHS, the mass amount of numbers may have been stolen from a merchant gateway, something not operated or owned by the merchant.

i did not say "most have no clue.. blah blah blah", the content of what i said was that it is likely most people do not think about what is happening to the CC numbers after they type them into the web form in terms of where they're going, where they're being stored, etc....

if we can refocus the conversation on alerting consumers, providing them with good information so they can minimize any potential risk and try to control the lynch mob until all the facts are known - then i think this thread can still have a positive impact on the community.

 

[Hermit]

<snip>
people do understand how ecommerce sites can work right?
<snip>
it may be that consumers just dont have a solid idea of how the transaction is completed when they type their credit numbers into the internet site.

<snip>

i did not say "most have no clue.. blah blah blah",

I stand corrected.

 

[DaBiggin]

rawlus, you are not helping anyone. In all honesty, STFU.

 

[Seven]

if we can refocus the conversation on alerting consumers, providing them with good information so they can minimize any potential risk and try to control the lynch mob until all the facts are known - then i think this thread can still have a positive impact on the community.

I agree with this.

I look forward to hearing the results of the investigation from AHB.

Hopefully the issue will be identified and corrected soon.

 

[Flomaster]

why AHS has sent out a mass email to those customer who have purchased and let them know there has been a security breach and they advised to close out the account or card if they already haven't. like said if only 15% of AHS sales are from HBT members then I should guess that a LOT more people have been compromised and have no idea where it came from.

just sayin'

I know I haven't received an email and I purchased Jan 20th. no I have not been compromised, but I will get a new card today.

-=Jason=-

 

[remilard]

why AHS has sent out a mass email to those customer who have purchased and let them know there has been a security breach and they advised to close out the account or card if they already haven't. like said if only 15% of AHS sales are from HBT members then I should guess that a LOT more people have been compromised and have no idea where it came from.

just sayin'

I know I haven't received an email and I purchased Jan 20th. no I have not been compromised, but I will get a new card today.

-=Jason=-

Not a bad question. I've never had fraudulent charges but I have been notified 2-3 times about an issue with a retailer.

 

[rawlus]

rawlus, you are not helping anyone. In all honesty, STFU.

trolling?

 

[WhiskeySix]

trolling?

Yeah, I don't get that one rawlus. Someone has their panties wadded up. You have presented some useful information. If it is relevant to this case or not, it's still good info.

 

[KurtB]

why AHS has sent out a mass email to those customer who have purchased and let them know there has been a security breach and they advised to close out the account or card if they already haven't. like said if only 15% of AHS sales are from HBT members then I should guess that a LOT more people have been compromised and have no idea where it came from.

just sayin'

I know I haven't received an email and I purchased Jan 20th. no I have not been compromised, but I will get a new card today.

-=Jason=-

I just got a mass email minutes ago from Forrest saying the exact same thing, word for word, that he said in post #696 of this thread.

-Kurt

 

[lazytaper]

Me too. That is a large step in the right direction IMO.

 

[r8rphan]

me 4

 

[rack04]

I'm interested to know how the dates of January 7th through February 6th relate to the supposed breach? BTW, I ordered from AHS on January 4th and February 6th and haven't seen any fraudulent activity.

 

[molson]

Me too. That is a large step in the right direction IMO.

Now if he would just explain what he is doing to secure our card info and become PCI compliant.

 

[sdillow]

Just received the Austin Homebrew email. Now I know how my number was compromised. Two fraudulent charges, one for $2 and change (which went through but I'm being refunded on), and one for $3,700 plus for airfare, which I'm glad got rejected.

 

[kidsmakeyoucrazy]

Well, they got me. Ordered 1/28. Got hit with bogus charges on 2/12.

 

[Austinhomebrew]

I'm interested to know how the dates of January 7th through February 6th relate to the supposed breach? BTW, I ordered from AHS on January 4th and February 6th and haven't seen any fraudulent activity.

The people that are reporting a problem are between those dates with a cushion added to be sure.

Forrest

 

[r8rphan]

I have a temporary OT comment for Forrest (since you're currently watching this forum a bit)..

In my order you guys included a really cool note pad for brewday info...

What would be the bomb, is if you sold some sort of small clear vinyl pouch to put them in, with a small lanyard that could be hung around a carboy or the handle of a ferment bucket, and then later re-hung on a corny handle for when the beer is transferred..

The ideal size would be so that when the notepad paper is folded in thirds, the top portion stating the recipe name, and brew date would be visible... just big enough to hold a 3" x 5" post card would be ideal

This would be an awesome way for us to keep track of what's what.. especially those of us who are highly disorganized such as myself...

 

[bschoenb]

Got my e-mail also (thanks Austin); in my case it was with muliple Apple online actions..... interesting thing; Apple stuff is showing up at my house now?! Right name; altered address.......

 

[Fat_Bastard]

update for me: bank finally gave back the money I was out.I closed out my accounts with them, cleaned out my safe deposit box and switched over to a local bank.

I also placed another order with AHS (used pay-pal) getting a couple more kits and a nifty temp controller.

 

[r8rphan]

I closed out my accounts with them, cleaned out my safe deposit box and switched over to a local bank.

My prediction is that you are going to have a much more pleasurable experience with your small community bank... and satisfaction that you will no longer be feeding the monster that is the corporate banking system...

 

[tknice]

Me too, got my email today and low and behold, a charge for $1 and then another for $841 from some Apple Store in Austin Texas. Had to cancel my card etc. etc.

It's a shame because I really liked AHB and I see they changed their 3rd party vendor but it still makes me leery. Oh well--guess it's a sign I should be supporting my local homebrew shop any how.

-TK

 

[arkowa]

AHS Purchase 1/11, fraudulent activity 2/6, 2/14. Western Union money orders purchased 2/6. Bank caught some odd $3000+ purchase on 2/14 and called me. Went to the bank to fill out the dispute forms. Hopefully all will be well again! Le Sigh.

 

[olllllo]

29% of all credit card holders have been a victim of credit card fraud in the last 5 years.

Perhaps 0.1% have had the opportunity to get information about it in a forum with a vendor and other affected individuals in near realtime.

I am a mod here, but I have no financial stake in this site. I've gotten no instruction from anyone as to how to respond. Not from the admin. Not from ahs. (Never do. Never was.) You can count my ahs orders on one hand. People with torches will believe what they want though.

I just can't believe that any of you think that Forrest is manipulating the info here. There are at least 100 people here picking apart every word in this thread.

I happen to think he shares too much with you all. Just about every thread I see where he is being earnest and forthright, 3 people chime on with their free business advice.

Go ahead and tell me about some other vendor that puts up with this **** in a more graceful and open way....

On a final note. If this hobby puts you at any risk in any part of your life, it might be time to recalibrate your priorities.