[ale] Anyone know of a security breach at CarFax?

Leam Hall leamhall at gmail.com
Wed Jan 1 11:56:42 EST 2020


I agree. My PayPal falls under some of the old rules, it seems, and is 
not set up to take from my bank if there's not enough in the account. I 
usually only keep a few dollars there so I can order from Amazon or pay 
for stuff like DNS or Google drive.



On 1/1/20 11:45 AM, neal at mnopltd.com wrote:
> I agree on the danger of debit cards.  Here's another fun fact: HSA 
> (Health Savings Account) cards are supposed to be debit with a PIN 
> required, but often can be run as a credit card.  Now, you'd think a 
> Health Savings Account could only be used by a health provider, but... no.
> 
> I have an Amazon credit card, which I normally only use ON AMAZON 
> website.  So, it's an interesting control group.  Unless Amazon's online 
> internal payment system is compromised, when I get a fraud alert, I can 
> usually pin down the source, since I rarely use it elsewhere.
> 
> Thus far, the two fraud leakages have been:
> - the day after we bought Italian train tickets on Trenitalia.
> - the day after we bought Marta tickets at the airport.
> 
> Still waiting on reply from Marta...
> 
> regards,
> 
> Neal
> 
> On 2019-12-31 07:52, Lightner, Jeffrey via Ale wrote:
>> Debit?
>>
>> I never use my debit card except at ATMs.   Giving people direct
>> access to my bank account that way means I’m out the money until I
>> can get it back later and risk other fees from things hitting while
>> the cash is gone.   With a credit card they can (and once did for
>> $20k) take money in withdrawals without me ever having to pay and
>> “recover” the money.   Still stressful to deal with the credit
>> card fraud but no direct access to my money meant I didn’t have to
>> worry about bounced checks or lack of access to pay bills.
>>
>> For similar reasons I don’t setup automatic payments at sites like
>> utility, mortgage and other “legitimate” companies.   It makes
>> more sense to me to setup payments at online bill pay at my bank.
>> I’m less concerned about the bank knowing my Georgia Power and other
>> account numbers than I would be for those others to know my bank
>> account number.   More than once I’ve heard people complain because
>> someone hit them with an unexpected or duplicate debit from companies
>> they’ve setup automatic payments with.   “Oops we’re sorry”
>> doesn’t cover it and in most cases and one doesn’t get back such
>> debits because there’s a future payment coming so they don’t see
>> the need to reverse it.
>>
>> P.S.  I see CarFax had a major data breach in 2017 but nothing more
>> recent has been reported…yet.
>> https://oppositelock.kinja.com/carfax-data-breach-could-affect-50-million-american-car-1818840505 
>>
>>
>>
>> FROM: Ale <ale-bounces at ale.org> ON BEHALF OF Leam Hall via Ale
>> SENT: Monday, December 30, 2019 8:10 PM
>> TO: Atlanta Linux Enthusiasts <ale at ale.org>
>> SUBJECT: [ale] Anyone know of a security breach at CarFax?
>>
>> Just had someone use my PayPal card for PostMates. One of the few new
>> vendors I've used the debit card with was CarFax. Most everything else
>> has been supporting my unhealthy relationship with Amazon...
>>
>> PayPal the company is already sending a new card; yay!
>>
>> Leam
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list