x-ray
Veteran
For any of you that have done business with KEH recently, their computers have been breached and credit card and debit card information stolen.
I received a letter today explaining what has happened and recommended steps to protect your accounts. If you've done business with them you'll most likely receive the same letter.
I wound up calling my card company tonight and had the card canceled and a new one issued.
This is getting to be a routine procedure. Three times in the past 6 months my debit card has been breached and once on my credit card. Over the past couple of years I've had five incidents with my debit card and four with my credit card.
I received a letter today explaining what has happened and recommended steps to protect your accounts. If you've done business with them you'll most likely receive the same letter.
I wound up calling my card company tonight and had the card canceled and a new one issued.
This is getting to be a routine procedure. Three times in the past 6 months my debit card has been breached and once on my credit card. Over the past couple of years I've had five incidents with my debit card and four with my credit card.
Bingley
Veteran
Many thanks for the heads up! I have not purchased anything from KEH real recently, but will be on the lookout for unauthorized transactions on my credit card.
Ken Ford
Refuses to suffer fools
One of the reasons I use PayPal whenever possible online.
x-ray
Veteran
Seems like every company is vulnerably. The last breach of my CC was from Home Depot.
Basically I only use my credit card for online purchases and only keep one credit cards and two debit cards. It just makes it simpler to keep track of. Actually I'm now using cash locally whenever possible.
Basically I only use my credit card for online purchases and only keep one credit cards and two debit cards. It just makes it simpler to keep track of. Actually I'm now using cash locally whenever possible.
Bill Clark
Veteran
Please read this on debit cards.
It's your choice.
http://money.usnews.com/money/blogs...e-debit-card-danger-youre-probably-forgetting
It's your choice.
http://money.usnews.com/money/blogs...e-debit-card-danger-youre-probably-forgetting
This is not good for many reasons, one of which is that smaller businesses are now being targeted. Which makes sense as they are less likely to be skilled at fending off these kinds of attacks...
x-ray
Veteran
I keep only small amounts in my checking / debit account. I have 3 checking accounts and three savings in my credit union and keep most money distributed among three savings accounts. My primary checking / debit account is the one I keep a debit card on and really only keep what money I immediaty need in it plus a little cushion.
My credit union had been excellent in detecting fraud. Each time they've caught it immediately and called me within a few minutes to confirm the purchase. The last time I had been in my Post Office and mailed a package at the same time the thieves were attempting to make a purchase in Mexico.
Each time there's been fraud the credit union has stopped it cold as have my credit card company. That's not so say it won't go through sometime.
I've decided to rely more on cash locally. It worked years ago and will work today and I'll probably spend less.
For any of you that have done business with KEH recently, they're computers have been breached and credit card and debit card information stolen.
I received a letter today explaining what has happened and recommended steps to protect your accounts. If you've done business with them you'll most likely receive the same letter.
I wound up calling my card company tonight and had the card canceled and a new one issued.
This is getting to be a routine procedure. Three times in the past 6 months my debit card has been breached and once on my credit card. Over the past couple of years I've had five incidents with my debit card and four with my credit card.
Did KEH provide a time parameter for the stolen cards,
like sales after such a date ?
Steve M.
Veteran
I was concerned about the lack of bank protection on debit cards vs credit cards too. Fortunately, Bank of America told me that I would have exactly the same protection on my debit card as my credit card. They're probably one of the few banks that offer that. They get a lot of grief, and some of it is deserved, but they've been a good bank to us for over 22 years.
Brian Atherton
Well-known
I don't know about banking fraud protection in other countries, but those in the UK may wish to read this:
http://www.moneysavingexpert.com/credit-cards/PayPal-Section75
colyn
ישו משיח
Don't believe this. It's just another scare tactic. The bank is in fact liable for every penny you lose.... Credit card companies try to make you think a credit card is safer than a debit card which just is not true..
I've had money stolen from my bank twice through debit card fraud. Not $50 as credit card companies lead you to believe is the max you will get reimbursed. One was in excess of $1,000 and the bank returned it to my account before I left the bank then issued me a new card.
Banks are responsible for $100,000.00 per FDIC rules..
Mr_Flibble
In Tabulas Argenteas Refero
I haven't done bought anything from KEH recently,
And it turns out it's a good thing I got a new card last month.
And it turns out it's a good thing I got a new card last month.
Bill Clark
Veteran
Here is information from the FTC site:
https://www.consumer.ftc.gov/articles/0213-lost-or-stolen-credit-atm-and-debit-cards
Problem, correct me if I'm wrong, for this type of purchase, buying on a www site, the debit card isn't stolen but the information to use it is where you type in the numbers with with your computer, then it's processed. If some one gets that information and starts using it, well I've been leary to use a debit card because if its a fraudulant purchase it dings your checking or whatever account it's linked to immediately where as credit cards have a grace period before payment is made either automatically or paid with in other ways.
Info. from FDIC site:
https://www.fdic.gov/consumers/consumer/information/ncpw/cardstopten.html
At any rate, something to consider, especially when buying over the internet.
https://www.consumer.ftc.gov/articles/0213-lost-or-stolen-credit-atm-and-debit-cards
Problem, correct me if I'm wrong, for this type of purchase, buying on a www site, the debit card isn't stolen but the information to use it is where you type in the numbers with with your computer, then it's processed. If some one gets that information and starts using it, well I've been leary to use a debit card because if its a fraudulant purchase it dings your checking or whatever account it's linked to immediately where as credit cards have a grace period before payment is made either automatically or paid with in other ways.
Info. from FDIC site:
https://www.fdic.gov/consumers/consumer/information/ncpw/cardstopten.html
At any rate, something to consider, especially when buying over the internet.
ColSebastianMoran
( IRL Richard Karash )
Bill, thanks for the link to the FTC site. Good information there. Things may be different in Europe.
Still, here in America, I believe it is easier to untangle fraudulent charges on a credit card than on a debit card. For example, a debit card breach might drain your funds; you might have to scramble to cover checks or restore a balance. With a credit card, card issuer has only sent you a bill, your money is still in your bank account.
Still, here in America, I believe it is easier to untangle fraudulent charges on a credit card than on a debit card. For example, a debit card breach might drain your funds; you might have to scramble to cover checks or restore a balance. With a credit card, card issuer has only sent you a bill, your money is still in your bank account.
lynnb
Veteran
I had one fraudulent transaction on our PayPal account a few years ago - it was for several thousand dollars in USD (I'm in Oz). I was reimbursed through my local bank credit card (linked to the PayPal account) because - and here's the trap - a refund via PayPal would have been for the amount in USD, however, currency movements between the fraudulent transaction date and refund date would have left me several hundred dollars (AUD) out of pocket if I had gone with PayPal resolution.
bmattock
Veteran
I have had my debit card used for fraudulent purchases. I reported it to my bank and they did fix it.
HOWEVER, they also froze my card and issued me a new one, and that took two weeks. So for two weeks, I had trouble filling my car with gasoline, etc.
It wasn't that I didn't get my money back - I did. It was that it was inconvenient for me since my debit card was the only way I had to pay for gasoline, etc. I avoid the use of credit cards. I have one and I don't use it - don't believe in debt.
HOWEVER, they also froze my card and issued me a new one, and that took two weeks. So for two weeks, I had trouble filling my car with gasoline, etc.
It wasn't that I didn't get my money back - I did. It was that it was inconvenient for me since my debit card was the only way I had to pay for gasoline, etc. I avoid the use of credit cards. I have one and I don't use it - don't believe in debt.
drew.saunders
Well-known
Many credit cards (and probably debit cards as well) allow you to create one-time virtual credit cards. I have a Bank of America card that I keep locked up and only use for online purchases, and I always use their "Safe Banking" option. With it, I create a valid credit card number with a maximum spending limit that I set (usually to the exact amount of the purchase) and 2-12 month expiration date (2 is the default, and is generally fine). It will only allow the first vendor to charge against that number, all subsequent vendors will be denied, so if it's breached, it's useless to whoever gets that number. I could also, for example, make a virtual number and print it out and carry it with me on a trip if I had to make a purchase by phone while on vacation, or otherwise wanted a "disposable" credit card.
Say I'm going to buy something from KEH worth $100, and I had to put in the credit card info before taxes and shipping were calculated, I'd create a temporary card through BofA for about $150 with a 2-month expiration date. If that number got breached, and some other vendor tried to use it, it would be denied.
The good news is that Paypal always calls themselves "Paypal," so you can keep a 12-month card with them this way as a sort of running "tab" (and put a reasonable maximum, like $1000 or whatever you think you might spend with Paypal that year). The bad news is that Amazon payments shows up as a different vendor every time (maybe that's only if you buy from some other party through Amazon), so you may have to create a new virtual card for every purchase through Amazon.
I know Citi Cards offers virtual cards as well, as I used to use them for this purpose, but I switched to using my BofA card for the virtual cards because at the time the Citi Cards interface really sucked. It may have improved.
Say I'm going to buy something from KEH worth $100, and I had to put in the credit card info before taxes and shipping were calculated, I'd create a temporary card through BofA for about $150 with a 2-month expiration date. If that number got breached, and some other vendor tried to use it, it would be denied.
The good news is that Paypal always calls themselves "Paypal," so you can keep a 12-month card with them this way as a sort of running "tab" (and put a reasonable maximum, like $1000 or whatever you think you might spend with Paypal that year). The bad news is that Amazon payments shows up as a different vendor every time (maybe that's only if you buy from some other party through Amazon), so you may have to create a new virtual card for every purchase through Amazon.
I know Citi Cards offers virtual cards as well, as I used to use them for this purpose, but I switched to using my BofA card for the virtual cards because at the time the Citi Cards interface really sucked. It may have improved.
willie_901
Veteran
About two years go a large regional grocery store chain got hammered by credit card fraud. Everyone I knew had to get new cards! Our banks sent them via next-day delivery. This is one situation where using a large bank is convenient.
The thing is everyone's basic credit card info is for sale for for a fraction of a penny per card. What is slightly somewhat more valuable is the cards' three digit security code. It is standard procedure for businesses to silo the basic card data from the security code. Illicit card data with a security code might cost abut a nickel per card. Criminals who buy these lists initiate a low-price fraudulent purchase (less than $10). If the card owner does not detect and report the transaction, then they sell that data on the open market for more money. Still, the issuing bank has proprietary data mining technology that detects and halts potentially illicit transactions. The number of high-dollar losses is actually amazingly low.
The sad facts are it is probably cheaper for KEH to pay the costs required to remediate the fraud losses than to update their legacy IT infrastructure to a new, secure system. Even then the cost to properly administrate such a system is high. Right now hiring IT staff qualified to minimize risk is almost impossible because there aren't enough people with the requisite skills. Outsourcing is also rather expensive for the same reason.
The customer inconvenience factor is a low priority.
The thing is everyone's basic credit card info is for sale for for a fraction of a penny per card. What is slightly somewhat more valuable is the cards' three digit security code. It is standard procedure for businesses to silo the basic card data from the security code. Illicit card data with a security code might cost abut a nickel per card. Criminals who buy these lists initiate a low-price fraudulent purchase (less than $10). If the card owner does not detect and report the transaction, then they sell that data on the open market for more money. Still, the issuing bank has proprietary data mining technology that detects and halts potentially illicit transactions. The number of high-dollar losses is actually amazingly low.
The sad facts are it is probably cheaper for KEH to pay the costs required to remediate the fraud losses than to update their legacy IT infrastructure to a new, secure system. Even then the cost to properly administrate such a system is high. Right now hiring IT staff qualified to minimize risk is almost impossible because there aren't enough people with the requisite skills. Outsourcing is also rather expensive for the same reason.
The customer inconvenience factor is a low priority.
pagpow
Well-known
Question.
If I pay by credit card through PayPal, is it true that the merchant does not "see" the credit card details, as PayPal says? This would mean that the info is not on the merchant's system and thus not at risk in a breach? Correct?
Does KEH take payment by PayPal?
If I pay by credit card through PayPal, is it true that the merchant does not "see" the credit card details, as PayPal says? This would mean that the info is not on the merchant's system and thus not at risk in a breach? Correct?
Does KEH take payment by PayPal?
Paulbe
Well-known
KEH definitely takes PayPal--that how I pay there---
Paul
Paul