Ever have a credit card number stolen???

BrewSwag 728
Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum

Help Support Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Status
Not open for further replies.
knotquiteawake said:
The week I ordered they didn't ship for over 4 days, I sent Forest a PM and he told me they were backed up because over the weekend of the 15th/16th of January they had over 300 online orders. If that is a single weekend then over the course of a month they must have well over a thousand plus online orders. 50 out of a 1000 is not a "small" number but I could see it being labeled a "limited" number.
However, saying that here, seems to marginalize us in a way that has pushed me from the "oh come on give them a break" camp to the "going to not order from them until this is sorted out" camp.
Click to expand...

I am not trying to marginalize anyone. I was just trying to put it in perspective. We have a very large volume of orders. The 300 I mentioned was just the number at that moment. I will have more information as soon as I can. Thanks.

Forrest
 
Its ok, you just need a copy editor or PR editor to deal with the PMSing members of the board here (myself included). I'll fix that line in question, no charge!

Austin Homebrew Supply has received communication from a very limited number of our most valued honored and esteemed customers who are in large part a member of this great valuable and important community, that they recently have had fraudulent charges on their credit or debit card.
Click to expand...
 
i can appreciate the trauma a fraud act can cause, however, one should realize that there is no one approach that is 100% secure.

(full disclosure: i have been a victim of fraud multiple times over the years, and a potential victim even more times, though not with AHS or any homebrew store yet)

a merchant can/could take every precaution in the book, follow every best practice and do everything in their power to minimize the risk, be compliant with industry standards, etc, but because of the other parties involved in the processing of credit cards/debit cards, banks, merchant services, gateway companies, hardware providers, hosting companies, technology providers... i believe it is an unreasonable expectation to place upon a merchant that nothing will ever happen to your card/account. It seems that perhaps at least some of the victims are looking for guarantees in this thread... this is the whole reason CC companies have fraud protection programs, investigators, card replacement services, etc. If your process after having your card compromised is unsatisfactory, you should ALSO be looking at your own issuing bank... hoping/dreaming that it will never happen to you is unrealistic IMHO based on personal and professional experience.
 
Hermit said:
Yep. Consumers are to blame here. I had a customer on a server that took the info and the cart software emailed the card number to him when an order came in. Truth is YOU have no idea how this vendor processes his accounts at all either. You are taking your limited knowledge probably based on one experience and extrapolating it to this situation.
Click to expand...

rawlus said:
my emotions got away from me when you questioned my intellect and knowledge. sorry!
Click to expand...

I'm not sure how you get I questioned you "intellect" from that posting. You did say most of us had no clue how internet transactions are handled and then laid out a lengthy post that may or may not apply to how this vendor does/did his transactions but the implication was clear that you believed the vendor never saw the cc numbers. I was right to point out you also had no direct knowledge of how these transactions were handled in spite of your lengthy post on how 'interent transactions are handled'. I gave you an example of how one vendor I knew did his transactions to show another way of doing it, and I might add, seemed more consistent with what had been told to other posters by AHS. Your throw away disclaimer at the end not withstanding.
 
"You are taking your limited knowledge probably based on one experience and extrapolating it to this situation."
i already had acknowledged that i knew little of AHS' specific system. that does not mean i know little on the subject. or that i base my understanding on only one experience.

my earlier points.
my narrow understanding of the issue is that the breach did not occur on AHS servers or via their site. from their earlier posts, it sounded like they believed it occurred with their payment gateway provider as they referenced they were moving to a new provider... payment gateway providers are necessary for every business that accepts credit cards or plastic. if the breach was indeed with them, then chances are excellent that AHS customers were not the only ones affected, it could be customers from hundreds of other merchants who dont have a homebrew forum.

if it is a vendor of AHS that has caused the issue, it will be obviously in the best interest of AHS to let their customers know that, and advise how they have responded (we have rec'd hints of that already), but it is also important to know that they will not be prepared to make a formal statement on the matter until they are absolutely sure that it is not their systems or processes that were compromised or at fault.

in other words, there is not necessarily deception at play here, it may be that consumers just dont have a solid idea of how the transaction is completed when they type their credit numbers into the internet site.
 
Hermit said:
I'm not sure how you get I questioned you "intellect" from that posting. You did say most of us had no clue how internet transactions are handled and then laid out a lengthy post that may or may not apply to how this vendor does/did his transactions but the implication was clear that you believed the vendor never saw the cc numbers. I was right to point out you also had no direct knowledge of how these transactions were handled in spite of your lengthy post on how 'interent transactions are handled'. I gave you an example of how one vendor I knew did his transactions to show another way of doing it, and I might add, seemed more consistent with what had been told to other posters by AHS. Your throw away disclaimer at the end not withstanding.
Click to expand...


just to be clear, i did NOT imply the vendor never saw the CC#'s, i thought i made myself explicitly clear that the vendor may not STORE the numbers on a local device/computer.... ie. a mass amount of numbers may not have been stolen from AHS, the mass amount of numbers may have been stolen from a merchant gateway, something not operated or owned by the merchant.

i did not say "most have no clue.. blah blah blah", the content of what i said was that it is likely most people do not think about what is happening to the CC numbers after they type them into the web form in terms of where they're going, where they're being stored, etc....

if we can refocus the conversation on alerting consumers, providing them with good information so they can minimize any potential risk and try to control the lynch mob until all the facts are known - then i think this thread can still have a positive impact on the community.
 
rawlus said:
if we can refocus the conversation on alerting consumers, providing them with good information so they can minimize any potential risk and try to control the lynch mob until all the facts are known - then i think this thread can still have a positive impact on the community.
Click to expand...

I agree with this.

I look forward to hearing the results of the investigation from AHB.

Hopefully the issue will be identified and corrected soon.
 
why AHS has sent out a mass email to those customer who have purchased and let them know there has been a security breach and they advised to close out the account or card if they already haven't. like said if only 15% of AHS sales are from HBT members then I should guess that a LOT more people have been compromised and have no idea where it came from.

just sayin'

I know I haven't received an email and I purchased Jan 20th. no I have not been compromised, but I will get a new card today.

-=Jason=-
 
Flomaster said:
why AHS has sent out a mass email to those customer who have purchased and let them know there has been a security breach and they advised to close out the account or card if they already haven't. like said if only 15% of AHS sales are from HBT members then I should guess that a LOT more people have been compromised and have no idea where it came from.

just sayin'

I know I haven't received an email and I purchased Jan 20th. no I have not been compromised, but I will get a new card today.

-=Jason=-
Click to expand...

Not a bad question. I've never had fraudulent charges but I have been notified 2-3 times about an issue with a retailer.
 
Flomaster said:
why AHS has sent out a mass email to those customer who have purchased and let them know there has been a security breach and they advised to close out the account or card if they already haven't. like said if only 15% of AHS sales are from HBT members then I should guess that a LOT more people have been compromised and have no idea where it came from.

just sayin'

I know I haven't received an email and I purchased Jan 20th. no I have not been compromised, but I will get a new card today.

-=Jason=-
Click to expand...

I just got a mass email minutes ago from Forrest saying the exact same thing, word for word, that he said in post #696 of this thread.

-Kurt
 
I'm interested to know how the dates of January 7th through February 6th relate to the supposed breach? BTW, I ordered from AHS on January 4th and February 6th and haven't seen any fraudulent activity.
 
lazytaper said:
Me too. That is a large step in the right direction IMO.
Click to expand...

Now if he would just explain what he is doing to secure our card info and become PCI compliant.
 
Just received the Austin Homebrew email. Now I know how my number was compromised. Two fraudulent charges, one for $2 and change (which went through but I'm being refunded on), and one for $3,700 plus for airfare, which I'm glad got rejected.
 
rack04 said:
I'm interested to know how the dates of January 7th through February 6th relate to the supposed breach? BTW, I ordered from AHS on January 4th and February 6th and haven't seen any fraudulent activity.
Click to expand...

The people that are reporting a problem are between those dates with a cushion added to be sure.

Forrest
 
I have a temporary OT comment for Forrest (since you're currently watching this forum a bit)..

In my order you guys included a really cool note pad for brewday info...

What would be the bomb, is if you sold some sort of small clear vinyl pouch to put them in, with a small lanyard that could be hung around a carboy or the handle of a ferment bucket, and then later re-hung on a corny handle for when the beer is transferred..

The ideal size would be so that when the notepad paper is folded in thirds, the top portion stating the recipe name, and brew date would be visible... just big enough to hold a 3" x 5" post card would be ideal

This would be an awesome way for us to keep track of what's what.. especially those of us who are highly disorganized such as myself...
 
Got my e-mail also (thanks Austin); in my case it was with muliple Apple online actions..... interesting thing; Apple stuff is showing up at my house now?! Right name; altered address.......
 
update for me: bank finally gave back the money I was out.I closed out my accounts with them, cleaned out my safe deposit box and switched over to a local bank.

I also placed another order with AHS (used pay-pal) getting a couple more kits and a nifty temp controller.
 
Fat_Bastard said:
I closed out my accounts with them, cleaned out my safe deposit box and switched over to a local bank.
Click to expand...

My prediction is that you are going to have a much more pleasurable experience with your small community bank... and satisfaction that you will no longer be feeding the monster that is the corporate banking system...
:mug:
 
Me too, got my email today and low and behold, a charge for $1 and then another for $841 from some Apple Store in Austin Texas. Had to cancel my card etc. etc.

It's a shame because I really liked AHB and I see they changed their 3rd party vendor but it still makes me leery. Oh well--guess it's a sign I should be supporting my local homebrew shop any how.

-TK
 
AHS Purchase 1/11, fraudulent activity 2/6, 2/14. Western Union money orders purchased 2/6. Bank caught some odd $3000+ purchase on 2/14 and called me. Went to the bank to fill out the dispute forms. Hopefully all will be well again! Le Sigh.
 
29% of all credit card holders have been a victim of credit card fraud in the last 5 years.

Perhaps 0.1% have had the opportunity to get information about it in a forum with a vendor and other affected individuals in near realtime.

I am a mod here, but I have no financial stake in this site. I've gotten no instruction from anyone as to how to respond. Not from the admin. Not from ahs. (Never do. Never was.) You can count my ahs orders on one hand. People with torches will believe what they want though.

I just can't believe that any of you think that Forrest is manipulating the info here. There are at least 100 people here picking apart every word in this thread.

I happen to think he shares too much with you all. Just about every thread I see where he is being earnest and forthright, 3 people chime on with their free business advice.

Go ahead and tell me about some other vendor that puts up with this **** in a more graceful and open way....

On a final note. If this hobby puts you at any risk in any part of your life, it might be time to recalibrate your priorities.
 
ahh after making a phone call to my bank I found out on 2/9/2011 they blocked a charge of 79.95 from REG-Repair.com... so it looks like I was compromised and my card has now been cancelled. My online statement didn't show this declined charge however.

I really am glad Forrest sent out that email notifying people that their cards may have been compromised. so if 50 people out of 15% worth of sales were hacked how many out of the other 85% of sales.....


-=Jason=-
 
Flomaster said:
ahh after making a phone call to my bank I found out on 2/9/2011 they blocked a charge of 79.95 from REG-Repair.com... so it looks like I was compromised and my card has now been cancelled. My online statement didn't show this declined charge however.

I really am glad Forrest sent out that email notifying people that their cards may have been compromised. so if 50 people out of 15% worth of sales were hacked how many out of the other 85% of sales.....


-=Jason=-
Click to expand...

Glad I used Paypal.
 
the_bird said:
... But, calling it a "limited number of complaints" is an insult to my intelligence.
Click to expand...

Didn't he only say that a limited number contacted them? I haven't contacted them, but it happened to me.

Sent from my iPad using HB Talk
 
olllllo said:
I just can't believe that any of you think that Forrest is manipulating the info here. There are at least 100 people here picking apart every word in this thread.

I happen to think he shares too much with you all. Just about every thread I see where he is being earnest and forthright, 3 people chime on with their free business advice.

Go ahead and tell me about some other vendor that puts up with this **** in a more graceful and open way.
Click to expand...

Amen
 
Last month, I also had fraudulent charges after ordering from AHS, and got phone call from credit card company who noticed suspicious charges then canceled/reissued new card.
 
Forrest,

Would you please answer in detail how charges were/are processed by your business? Are they manually typed into a point-of-sale device? If so, then by whom? What physical security measures did/do you use to protect financial account numbers? Did/does every user have his or her own user I'd and password for accessing account number information? Were/are there audit logs tracking users accessing account numbers? All these sorts of questions.
 
So you want information made public that a savvy hacker could possibly use to launch an attack on what they can see might be an already possibly compromised system? Why would any business owner ever do that?
 
So, My sister went into AHS and bought me a giftcard for Christmas. I used it on AHS website to make an online purchase, but they still wanted my CC info as some sorta backup. I still got hit even though my purchase was paid for with the giftcard.
 
TheBrewinator said:
So you want information made public that a savvy hacker could possibly use to launch an attack on what they can see might be an already possibly compromised system? Why would any business owner ever do that?
Click to expand...

Don't be smart. What I and others want to know is that they are looking internally at their security measures. These are simple standard methods that a confirmation would not harm.
 
have you gotten the sense that they are taking it lightly or lax in their investigation into the matter?

i am sort of getting the sense that they may not be able to say anything that will satisfy some of you. think objectively here, do you put every merchant who you deal with through the same credentials check?

one would sort of think that a principle in the company taking time out to indicate they are investigating thoroughly, that they are working with a 3rd party independent forensics team, etc and so on would be indicator enough that they are taking it seriously.

if one doesnt believe any of that, then i dont see how revealing the inner workings of their practices and procedures is any more believable.

i think hiring a 3rd party forensics team to investigate is indication enough they are looking internally at their security measures.

just sayin.
 
Status
Not open for further replies.

Similar threads

Steveruch
REALLY disappointed with morebeer
Replies
8
Views
2K
Kickass
K
D
not really new but I sort of am
Replies
2
Views
514
RM-MN
R
F
Northern Brewer Shipping Delay
Replies
18
Views
3K
Skeeter686
S
H
Houston CO2
Replies
4
Views
320
Houston_CO2
H
Cogswell
Anyone Familiar with Long Island Homebrew?
Replies
10
Views
3K
AlexKay
A
BrewSwag 300

Latest posts

Back
Top