[ale] OT: I AM paranoid!

Jeff Hubbs hbbs at comcast.net
Thu Oct 9 22:29:25 EDT 2003


For one thing, NEVER use a debit card for these kinds of remote
transactions!  You have FAR fewer protections associated with debit
cards than credit card carriers give.  

- Jeff

On Thu, 2003-10-09 at 16:53, Jim Philips wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> The previous thread gets awfully close to an issue I've been dealing with the 
> last two weeks. Some goon got my debit card number (how, I don't know) and 
> bought a bunch of stuff on the Internet. They bought $378.83 worth of stuff 
> at Walmart.com and spent another $59.95 at USSearch.com. The latter site does 
> public records searches, so I guess they were looking for a new victim. By 
> reporting it all quickly, I got Walmart to stop the shipment of merchandise 
> and USSearch quickly reimbursed me. But there are some scary things that came 
> out of this.
> 
> The DeKalb County cops gave me some resistance when I reported this as a 
> crime, saying it had to be investigated in the jurisdiction where it 
> occurred. They took this to mean the city where the servers live. Never mind 
> that this is utterly stupid, I set out to call the police in Bentonville, AR 
> (home of Walmart). And--wonder of wonders!--they simply turned over all of 
> the information they got from Walmart. Now here is what was weird about that. 
> I was already doing business with Walmart.com for their DVD rental service. 
> So, they already had my debit card number. The fraudster used that same card 
> number with them, but gave them the wrong e-mail address, the wrong phone 
> number and also misspelled my name. So, what this tells me is that they do 
> absolutely no checking on the identity of the person presenting the card. If 
> they communicated with the card issuer, they could get the spelling for my 
> name and my home phone number. Or, barring that, all they would have to do is 
> check to see if someone else has tried to use the same card number with 
> different information. But they don't do either thing. Now given the fact 
> that Walmart is the biggest retail operation in the world, you would think 
> they could afford this kind of diligence. But apparently, it's too much 
> trouble for them. I sent them an e-mail asking about all of this and what I 
> got back was their stock answer to all security questions: SSL, your 
> information is encrypted and all of that crap.
> 
> Side note: Last Saturday, I got e-mail from Amazon.com saying that my debit 
> card might have been compromised in some way. I wrote back and explained that 
> I had no suspect transactions from their site, but that my card had indeed 
> been compromised. I asked them to tell me what might have happened. They sent 
> me back a tersely worded reply, saying that information could only be turned 
> over to law enforcement. So, something happened, but I don't deserve to know. 
> Amazon.com is now my most likely suspect for the place where my information 
> got stolen. I hadn't used them in a couple of years. But just a few days 
> before I got ripped off, I registered my debit card with them and ordered a 
> DVD. 
> 
> Just so you'll all know how concerned the major e-commerce sites are about 
> your money.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
> 
> iD8DBQE/hcrNmqVh/g13CaoRAv6pAJ91q2vkp0cmBFmvSoYF+iyx3gPDGwCfYKV1
> Ub/7ey+5v+VJgTVEhqqrJWw=
> =Sfhb
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
Jeff Hubbs <hbbs at comcast.net>



More information about the Ale mailing list