PDA

View Full Version : RD and stolen credit card numbers


mobow
12-27-2011, 06:51 PM
Just wanted to give a heads up reminder. I just learned that my card is being used in PA and NJ. Thanx to the breathen that gave the heads up last month about the breach in security at resturaunt depot. I notified my card company of the possibility and they closed the card down pretty quick when all the out of state charges started. Check your statements if you used RD in September thru Novemeber. I hate these scum and hope bad things come their way. keith
__________________
WSM 22.5, CBJ, In The Key Of Que

southernstyle
12-27-2011, 07:21 PM
sure is a shame rd cant get a better fire wall for protection against these scum bags.

Slamdunkpro
12-27-2011, 09:11 PM
sure is a shame rd cant get a better fire wall for protection against these scum bags.
It was an inside job. Someone in IT loaded capture malware into their merchant processing SW.

CBQ
12-27-2011, 10:47 PM
All of this nonsense about checking IDs at registers "for your protection" hides the fact that most credit card thefts are done by store employees, as was the case at RD. They are not supposed to store things like your CCV number, but malware in the POS can capture everything.

Giving them your driver's license just makes identity theft easier. (Most credit card merchant agreements prohibit merchants from requesting an ID at a point of sale, something I cheerfully remind the stores of when I am being a troublemaker, which admittedly is most of the time. :wink:)

BBQchef33
12-27-2011, 11:07 PM
All of this nonsense about checking IDs at registers "for your protection" hides the fact that most credit card thefts are done by store employees, as was the case at RD. They are not supposed to store things like your CCV number, but malware in the POS can capture everything.

Giving them your driver's license just makes identity theft easier. (Most credit card merchant agreements prohibit merchants from requesting an ID at a point of sale, something I cheerfully remind the stores of when I am being a troublemaker, which admittedly is most of the time. :wink:)



i dont quite understand that part.. :confused: all of my credit cards, in the signature box, I have printed in marker 'REQUEST PHOTO ID'. I always figured its easier to duplicate my signature than my ugly face. i show it to them from my wallet and dont turn it over to them. Why does that make it easier for identity theft?

Funtimebbq
12-27-2011, 11:24 PM
I've been to RD 3 times in the last week. Never did they do more than look at my photo on the driver's license. Nor did they look at the back of the credit card for the CCV number.

Benny

Slamdunkpro
12-27-2011, 11:53 PM
i dont quite understand that part.. :confused: all of my credit cards, in the signature box, I have printed in marker 'REQUEST PHOTO ID'. I always figured its easier to duplicate my signature than my ugly face. i show it to them from my wallet and dont turn it over to them. Why does that make it easier for identity theft?
#1 Read your CC agreement - your card isn't valid unless signed and if the bank determines that your card was used fradulently unsigned they may choose to deny you reimbursement for fraudulent charges against your account.
#2 Every time you show ID (which is a violation of the store's merchant agreement - they aren't allowed to request it - unless your card is unsigned and then only to verify that you sign your card with the correct name) The cashier (who only looks like a slack jawed yokel) has access to your name, your full birth date, your address, and your zip code.

BBQchef33
12-28-2011, 12:09 AM
:doh::doh:

dmprantz
12-28-2011, 07:01 AM
I always find it hilarious when the cashiers at Lowe's ask me for the last four digits of the card number used. Obviously no one ever explained to them that the whole point in the POS system asking for that is to ensure that the cashier was holding the card in his hand at the time of sale. Personally, I just think they should throw those self-swipe terminals in a river.

dmp

billm
12-28-2011, 08:48 AM
a letter was sent out to all RD members..I cancelled the one credit card i use there as soon as I read it..

kihrer
12-28-2011, 09:15 AM
If you ever want to read an interesting book on credit card fraud, read the book about Kevin Poulsen called Kingpin. It's a good read and it gives great insight in to how a lot of the credit card fraud is done. Point Of Sale systems was one of the primary ways he did it. His network of thieves used shoppers who would take the stolen (forged) cards and buy stuff at the stores and then sell it on ebay to turn it in to cash.

Sauced!
12-28-2011, 09:37 AM
RD has never ever asked to see my drivers license when I use my card there even after this incident happened. :shock:

ique
12-28-2011, 09:51 AM
I think they got me too. Had some fraudulent charges show up on the card I used last month at the Depot.

nthole
12-28-2011, 09:54 AM
I just saw this. Wish I had seen the previous posting. My card was stolen last week and I was wondering how they got it. That was probably it. I hate thieves.

Mrs. McFrankenboo
12-28-2011, 10:14 AM
They cleaned out our BBQ account but thankfully it was all returned. Aggravating to say the least!

didisea
12-28-2011, 11:46 AM
My advice would be to cancell your card that you used at RD even if you haven't seen fradulent charges show up yet. That way you can avoid part of the hassle of filling out the paperwork. My card issuer wanted me to file a police report. Really? for $49? What is my local police dept going to do?

What really needs to happen is to have Visa/MC/Discover put pressure on their MERCHANTS to have the proper systems and security in place on their POS/credit card processing systems to prevent this. That would have eliminated 100% of the fraudlent charges that I have seen on my personal and business P-card programs over the past year.

Slamdunkpro
12-28-2011, 12:36 PM
My advice would be to cancell your card that you used at RD even if you haven't seen fradulent charges show up yet.
If you used your card at RD during the period in question there is no maybe as to whether your card info was captured. The Malware captured every card used.


What really needs to happen is to have Visa/MC/Discover put pressure on their MERCHANTS to have the proper systems and security in place on their POS/credit card processing systems to prevent this. That would have eliminated 100% of the fraudlent charges that I have seen on my personal and business P-card programs over the past year.
The dirty (not so) secret is that Visa/MC/AMX/Discover don't care. As a merchant I've reported possible fraud before a transaction multiple times and the answer is always the same - "it's up to the card holder to report it - do you want to process this transaction?"

Don't think that merchants don't care about fraud because in every case if there is a fraud charge back the merchant takes the full hit and is out the merchandise as well.

Smokin Mike
12-28-2011, 12:54 PM
Hi guys,

when did this happen?

I got the letter, but I misplaced it somewhere

dmprantz
12-28-2011, 01:03 PM
I would not advise any one to cancel a card as a result of this. Call your issuer and have them issue you a new account number (PAN), but to keep the same account. Canceling a credit card can reflect negatively on your credit score. Opening a new one to replace it is even worse. Debit cards don't have this issue.

I would also say that payment companies and associations care very, very much in reducing fraud and protecting information. The PCI DSS is in place specifically to protect against this type of situation. Obviously RD had a breach, but I can almost guarentee you that they will be fined heavily for it. PCI breaches are serious business. I would question, were you reporting fraud to the association or to the acquirer, or even worse, to the ISO?

dmp
(Worked for an acquirer, merchant, fraud protection company, and data security specialist. Been through many PCI audits.)

Smokin Mike
12-28-2011, 01:40 PM
Thanks DMP, that is what I did.

American Express is even overniting my new cards,,,,,,,

didisea
12-28-2011, 02:32 PM
Sorry I didn't mean to suggest that you cancell your account, but merely request a new card be issued.

As far as the merchants not caring - they more than likely don't know that their systems are compromised. I am just wondering how the losses in a "customer losing/having their physical card stolen" vs. "merchant systems compromised" stack up these days?

Podge
12-28-2011, 02:56 PM
I've had my CC hacked, and someone tried to buy a lap top on my account.. I'm a cash man now.. it's a pain in the a$$ to get cash out all the time, but it's piece of mind, and I find I spend less money now.

mobow
12-28-2011, 03:18 PM
I think everyone who did business during this time should at least call your card company and tell them that your info has been hacked. When I called my card company a month ago I told them that it seemed to the case but had not heard of many who were having problems. Now it is clear that our info is out there and it is being used. My card company was very helpful in that tagged my card to watch and they caught the charges before I was aware of it. They have now changed my number and they also notified the credit score people for me as to the explanation of closing on card number and replacing it with another. Again, I am glad that I had the heads up from the Breathen as it saved me freaking out a little. keith

philw
12-28-2011, 05:28 PM
I have had it happen 2 times

TELL YOU WHAT BBQ
12-28-2011, 07:26 PM
I went to DEPOT yesterday and said to the girl at the register..."So, credit card numbers were stolen?"

Cashier response, "Huh - I don't have NO idea what you're talkin' about?"

About, what I expected...

Funtimebbq
12-28-2011, 10:03 PM
About a week before fisrt reading about the problems at RD, Discover sent us new cards saying a merchant had reported problems to them. I'd say that was procactive of Discover. It was still another week before getting the letter from RD. Didn't have to do anything about it by that point.

Benny

BasicPatrick
12-28-2011, 11:45 PM
Same Story as Funtime. I had a personal business card and a card from my fishing club that I hold compromised. Both were replaced immediately and a week before the RD latter came.

vexter1
12-29-2011, 06:01 AM
Well this explains why I got a brand new discover card out of the blue - same story as Funtimebbq and BasicPatrick - I couldn't figure out why (don't have a membership to Rd except for KCBS one...so no letter for me...) - it's the only card I use for my q habit - discover had some letter in there about possible compromise etc etc...now I know..thanks!

RangerJ
12-29-2011, 08:42 AM
Guess I got lucky, as Wells Fargo sent me a new card about the same time I got the letter from RD. Took me awhile to put 2 and 2 together.

Ashmont
12-29-2011, 08:55 AM
Mine is through our church and I just got my new card and the church sent me the RD letter right before.....

mobow
12-29-2011, 09:53 AM
When you say new card it must be a new number or they can still use the old one. I got a new card also same number new expiration date. They were still able to use the old card. keith

Ashmont
12-29-2011, 10:34 AM
When you say new card it must be a new number or they can still use the old one. I got a new card also same number new expiration date. They were still able to use the old card. keith


New Card different number....

mobow
12-29-2011, 01:39 PM
New Card different number....

:thumb:me too now. keith

Mrs. McFrankenboo
12-29-2011, 02:32 PM
Went in today and talked to the manager about having our info stolen. They said they were working on it and she gave us a $25 off coupon for our troubles. Hopefully they'll get it straightened out or they're going to lose business.

Funtimebbq
12-29-2011, 03:06 PM
When you say new card it must be a new number or they can still use the old one. I got a new card also same number new expiration date. They were still able to use the old card. keith

Ours were new cards with the same number. Discover advised us, they made changes in the magnetic strip to distinguish the new cards from the old ones.
Besides the clerk at RD asking to see my ID, they are now entering the zip code (their's, not mine). Those were two things they did not do before.

Benny

dmprantz
12-29-2011, 04:50 PM
Ours were new cards with the same number. Discover advised us, they made changes in the magnetic strip to distinguish the new cards from the old ones.

Probably either the Service Code or Discretionary Verification Data. PCI prohibits storing the Service Code unencrypted, but it wouldn't help much anyway. The CVV uniquely identifies that card among others with the same number, and is probably what was changed. That won't help with keyed and card not present (MOTOEC) transactions, but odds are the CVV2 printed on the back was changed too, and that will be requested for those transactions. It sounds great, but I dunno if I would trust it. All it takes is one merchant to force a transaction through and you not paying attention to your bill, and you get stung again...just my thoughts.

dmp

Jacked UP BBQ
12-29-2011, 09:10 PM
I got hit for 883.45 in toronto canada at wal mart for a tv and they went to a liquor store after that and they tried to get me for another 886 but the TD fraud department shut the card down and denied the transaction. I went to RD and spoke with the store manager and he told me he would do anything to make the situation right. I got my money back from the bank.

CBQ
12-29-2011, 10:01 PM
i dont quite understand that part.. :confused: all of my credit cards, in the signature box, I have printed in marker 'REQUEST PHOTO ID'. I always figured its easier to duplicate my signature than my ugly face. i show it to them from my wallet and dont turn it over to them. Why does that make it easier for identity theft?

They can use a cell phone or hidden camera to photograph your license, giving them a lot of your personal data along with your credit card. Showing an ID increases your risk.

When you write SEE ID or something like it, merchants are supposed to request an ID and then ask you to sign the card, and refuse the transaction if you don't. Few do that, but that is what the merchant agreements say. For the short version, look here:

http://www.creditcards.com/credit-card-news/sign-or-write-see-ID-1282.php

I just had about 2k charged to a card in transactions I did not make. I am not sure if I used this card at RD or not, but I do know the processor said the card was physically in the store. Since I have the card in my possession, it sounds like they actually made a fake card, or the merchants didn't look too closely.

HarleyGirl14226
12-30-2011, 06:12 AM
Sadly - we are now one of those who had their card information used. Apparently to the tune of $450 in a Walmart somewhere in Texas. Same as Chris - the people in Texas actually had a real card with my number on it. When I explained to the guy in Chase Fraud about the RD situation he said that would have been how they made the new card. :mad2:

New card being sent - but because it wasn't charged until about 5pm EST yesterday, I won't have a new card until next week... Which sucks because we had some items we needed to buy over the weekend and wanted to get the miles/points through the card because they were some larger ticket items... I hope they caught the people who did this. I'm really pissed off about it. :boxing: