Ever have a credit card number stolen???

[Flomaster]

ahh after making a phone call to my bank I found out on 2/9/2011 they blocked a charge of 79.95 from REG-Repair.com... so it looks like I was compromised and my card has now been cancelled. My online statement didn't show this declined charge however.

I really am glad Forrest sent out that email notifying people that their cards may have been compromised. so if 50 people out of 15% worth of sales were hacked how many out of the other 85% of sales.....


-=Jason=-

 

[gunner65]

ahh after making a phone call to my bank I found out on 2/9/2011 they blocked a charge of 79.95 from REG-Repair.com... so it looks like I was compromised and my card has now been cancelled. My online statement didn't show this declined charge however.

I really am glad Forrest sent out that email notifying people that their cards may have been compromised. so if 50 people out of 15% worth of sales were hacked how many out of the other 85% of sales.....


-=Jason=-

Glad I used Paypal.

 

[mhochman]

... But, calling it a "limited number of complaints" is an insult to my intelligence.

Didn't he only say that a limited number contacted them? I haven't contacted them, but it happened to me.

Sent from my iPad using HB Talk

 

[borrachio]

I just can't believe that any of you think that Forrest is manipulating the info here. There are at least 100 people here picking apart every word in this thread.

I happen to think he shares too much with you all. Just about every thread I see where he is being earnest and forthright, 3 people chime on with their free business advice.

Go ahead and tell me about some other vendor that puts up with this **** in a more graceful and open way.

Amen

 

[spinoza]

Last month, I also had fraudulent charges after ordering from AHS, and got phone call from credit card company who noticed suspicious charges then canceled/reissued new card.

 

[DaBiggin]

Forrest,

Would you please answer in detail how charges were/are processed by your business? Are they manually typed into a point-of-sale device? If so, then by whom? What physical security measures did/do you use to protect financial account numbers? Did/does every user have his or her own user I'd and password for accessing account number information? Were/are there audit logs tracking users accessing account numbers? All these sorts of questions.

 

[TheBrewinator]

So you want information made public that a savvy hacker could possibly use to launch an attack on what they can see might be an already possibly compromised system? Why would any business owner ever do that?

 

[cook1969]

So, My sister went into AHS and bought me a giftcard for Christmas. I used it on AHS website to make an online purchase, but they still wanted my CC info as some sorta backup. I still got hit even though my purchase was paid for with the giftcard.

 

[DaBiggin]

So you want information made public that a savvy hacker could possibly use to launch an attack on what they can see might be an already possibly compromised system? Why would any business owner ever do that?

Don't be smart. What I and others want to know is that they are looking internally at their security measures. These are simple standard methods that a confirmation would not harm.

 

[rawlus]

have you gotten the sense that they are taking it lightly or lax in their investigation into the matter?

i am sort of getting the sense that they may not be able to say anything that will satisfy some of you. think objectively here, do you put every merchant who you deal with through the same credentials check?

one would sort of think that a principle in the company taking time out to indicate they are investigating thoroughly, that they are working with a 3rd party independent forensics team, etc and so on would be indicator enough that they are taking it seriously.

if one doesnt believe any of that, then i dont see how revealing the inner workings of their practices and procedures is any more believable.

i think hiring a 3rd party forensics team to investigate is indication enough they are looking internally at their security measures.

just sayin.

 

[GoldMiner]

So, My sister went into AHS and bought me a giftcard for Christmas. I used it on AHS website to make an online purchase, but they still wanted my CC info as some sorta backup. I still got hit even though my purchase was paid for with the giftcard.

That makes absolutely no sense.

My co-worker had his CC get hit after ordering from AHS.

 

[r2eng]

I fall into the timeline of AHS orders and credit card issues.

IMO, I do appreciate the investigation, and the e-mail from AHS telling me what's going on. I was lucky, as my bank noticed and called, reversed the charges, etc. Same pattern of a small $3 charge and then big $ charges following.

My wife and I have had issues like this a couple of time in the last 5 years, and whether it is AHS's card processors or not, I will order from them again.

Keep us posted Forrest.

 

[borrachio]

Forrest,

Would you please answer in detail how charges were/are processed by your business? Are they manually typed into a point-of-sale device? If so, then by whom? What physical security measures did/do you use to protect financial account numbers? Did/does every user have his or her own user I'd and password for accessing account number information? Were/are there audit logs tracking users accessing account numbers? All these sorts of questions.

It's obviously up to AHS if they choose to answer your question, but frankly I'm not sure any of us has the right to probe that deeply into how a man runs his business. It's just that: his business.

 

[DaBiggin]

have you gotten the sense that they are taking it lightly or lax in their investigation into the matter?

i am sort of getting the sense that they may not be able to say anything that will satisfy some of you. think objectively here, do you put every merchant who you deal with through the same credentials check?

one would sort of think that a principle in the company taking time out to indicate they are investigating thoroughly, that they are working with a 3rd party independent forensics team, etc and so on would be indicator enough that they are taking it seriously.

if one doesnt believe any of that, then i dont see how revealing the inner workings of their practices and procedures is any more believable.

i think hiring a 3rd party forensics team to investigate is indication enough they are looking internally at their security measures.

just sayin.

If that's enough for you, congratulations. All I recall Forrest commenting on was how he and others were looking externally. Others keep bringing up convoluted scenarios and ignore the simple methods. Most likely it was an unscrupulous employee with access to the account numbers.

"Just sayin"

 

[DaBiggin]

It's obviously up to AHS if they choose to answer your question, but frankly I'm not sure any of us has the right to probe that deeply into how a man runs his business. It's just that: his business.

True enough. And customers can vote with their feet. I hope they find the problem and resolve it. Until then, I will order elsewhere. And it is my business how a vendor handles my financial account information. To think otherwise is ignorant.

 

[uncleben113]

I have 3 fraudulent charges from some flower store in canada as well as an email from AHB. I'm pissed but this is why I love Chase Bank. They are going to reverse the charges!!!

Good Luck with y'alls

 

[andrew300]

Oh so this is my I had bad charges. I had 2 of them right after my purchase from ahs. My bank called me and reversed it.

 

[bob1852]

If that's enough for you, congratulations. All I recall Forrest commenting on was how he and others were looking externally. Others keep bringing up convoluted scenarios and ignore the simple methods. Most likely it was an unscrupulous employee with access to the account numbers.

"Just sayin"

arm-chair QB speculation isn't helping anything.

Just sayin'

 

[dcott]

I placed my first ever order with AHS last week. My card was processed on 2/9 (which falls outside the dates given by Forrest). I stumbled upon this thread the next day, became very paranoid, and decided to carefully watch my account.

Absolutely nothing has been out of the ordinary.

I received the order today. Everything was perfectly packaged, the prices definitely beat-out a lot of others, and the grains look to have a great milling (the reason I'm trying a new vendor is that I'd been having problems with efficiency which I was thinking was due to how the grains were milled. Seeing AHS's milling, I feel confident that I will have better efficiency).

Anyway, I just wanted to a) confirm that a transaction after the given date was NOT compromised, which would corroborate Forrest's assertion that the issue was related to the C.C. processing, and b) give them a shout-out for being a good vendor.

Regardless of how much finger pointing people may want to do because, let's be honest, the situation really sucks; I don't think anyone can claim that AHS isn't good at doing what their business is: namely, selling brewing supplies. Maybe it's the fact that I'm an uber-geek and recognize my own kind, or maybe it's that I'm too trusting of a person, but something tells me that someone who opens a Homebrew Supply Store (that has been open for a damn long time), wouldn't be the type to be in cahoots with an international online identity theft and money laundering ring. If info was compromised, I refuse to believe it was intentional, negligent, or with malice. And since he took pro-active action to change his C.C. processing agent, and it seems to have fixed the problem, isn't that the action we should be looking at rather than "damn, he hasn't posted updates on some internet web-forum." Something tells me he has better things to do with his time (like helping law enforcement track down who is ACTUALLY responsible for all of this).

Anyway, thanks for the order, Forrest; I'll definitely shop with you guys again.

 

[DaBiggin]

arm-chair QB speculation isn't helping anything.

Just sayin'

It would help the merchant to secure such data. Who do you think eats the costs and all associated fees associated with credit card fraud? And what value are you bring to the discussion?

Just sayin'

 

[Catnip_X07]

I was keeping up with the posts and maybe this came up. Not sure.

Anyone remember this:
http://abcnews.go.com/Business/PersonalFinance/story?id=6695611&page=1
also
http://www.pcmag.com/article2/0,2817,2339242,00.asp

The events happened sometime in 2008 and then came to light in 2009. Were retailers at fault...

Anyway, blame AHS, refuse to shop there. Support AHS and continue to buy from them. It is our right and discretion to do so. Not forcing you to continue your business with AHS nor will I be swayed by anyone to discontinue my business there. I called in with my card number during the suspected time frame and no issues anywhere. Would it be different if I was hit with fraud charges. Nope. I would do a better job of forcing myself to use the virtual account numbers (one time use number) that my credit card company offers me. It wouldn't be my first rodeo where my identity or credit card numbers were stolen.

Don't like credit or worries of someone stealing your debit/credit card numbers? Pay with cash.

I thought this thread was a great notice for persons to keep an eye on their accounts, which I have, and I'm sure others have to. Not sure what this thread is evolving into...

 

[bob1852]

It would help the merchant to secure such data. Who do you think eats the costs and all associated fees associated with credit card fraud? And what value are you bring to the discussion?

Just sayin'

*bringing

I bring grammar correction to the discussion, I guess....

 

[DrHops]

I just received the e-mail from Forrest today, but it was too late, they already got me for just shy of $700, all of it international. Most of the charges were for Travelodge. Wells Fargo already deactivated my card, issued a temporary one and ordered a new one. Unfortunately, they told me it will be around a week to get my money back. I've already e-mailed Forrest to tell him and to let him know that if they catch the person I am willing to press charges against them. I'd be happy to tell Forrest what all of the charges are for if it helps in the investigation.

 

[Flomaster]

little info. I mad mention of my account being compromised at work by that RED-Repair.com site she said has friends that too have those bogus charges and those DO NOT shop at AHS. so I am betting this problem is not with AHS but the credit card processor they used.

-=Jason=-

 

[DaBiggin]

I agree with you dcott. I like AHS. Until this I had nothing but great service, except for a delay on my last order which I was told was due to a large increase in business. I congratulated AHS on their success via email. What I do not appreciate is what appears to me to be obfuscation by AHS and members here who try to defend the indefensible and also belittle others for taking this fraud seriously.

 

[DaBiggin]

*bringing

I bring grammar correction to the discussion, I guess....

Good one AZ_IPA! You made me smile with that. Thanks.

 

[Random]

I also had my debit card info taken on the 7th, but I got lucky because I checked my balance the very same day that the fraudulent charges were made.

 

[jmick]

My wife's card was hit for just over $100 dollars. The credit card company tried calling, but somehow had the wrong phone number. All charges were refunded.

Now she's giving me lots of crap because she was buying me a couple of perlicks to add to the keezer as a birthday present. She says thats the last time I get beer stuff for a present

 

[r8rphan]

Until I'm '100% sure' that the danger has passed, anything I order from AHS will be done in such a way that there is a 'protection buffer' between them and I....

But if they continue to offer great deals, I will continue to bite....

I'm not finger pointing, just acknowledging that for now prudence says "be careful".. That's just the reality of the situation...

I love the perlicks, and I appreciate it when companies are thoughtful enough to include little freebies that make life better.. Like the brew day note pad they stuck in my shipment... They didn't have to do that.. The deal they gave me on the order was enough in itself.. The useful gift was icing on the cake...

 

[Westwooddave]

I received this email from Austin Homebrew today...

"Austin Homebrew Supply has received communication from a very limited number of customers that they recently have had fraudulent charges on their credit or debit card. We are conducting a thorough 3rd party forensic investigation and to date have not uncovered a breach on our end, or identified any network infrastructure or website vulnerabilities. We have changed our merchant service credit card processor because we suspect the source of the problem lies in that direction.

If you placed an order with Austin Homebrew Supply from January 7th through February 6th, please check your credit card or bank statements for any charges that you do not recognize. Call your bank to reverse these charges. As an added precaution, we recommend that you have your bank or credit card company issue you a new card.

Sorry for the inconvenience this may have caused you. We really appreciate your business and support.

Forrest Rogness President Austin Homebrew Supply, LLC"

I did in fact make a purchase from them online with Visa on Jan 9, 2011, and had fraudulent charges on my card on Feb 7-8, 2011.