April 15, 2016


On March 30, I received a text message from my credit card company asking me to verify a purchase at an online organic grocery store. The amount was for a dollar and some change. I thought it was a fraudulent text message, but it had the last four digits of my credit card number listed correctly. I checked my email and sure enough there was a similar message there.

I decided to call my credit card company and ask them what was going on. After a few initial questions, they asked me to verify the last 5 or 6 transactions. They were all correct except for the online organic grocery store.

They determined my credit card was fraudulently used and canceled it and reissued me a new card.

I began to wonder how did someone get my credit card information. Most of the experts agree that credit card fraud has been a physical theft rather than an electronic theft. I knew this was probably not the case for me. I shred all documents and mostly use the credit card at large reputable companies both physically and online.

After thinking about it for a while, I figured I would never determine how the criminals got my credit card information. And I probably never will know for sure. However, yesterday, I received an email from an online retailer (discountrubberstamps.com). Here is a portion of the email:

April 14, 2016 – Notice of Data Breach / Data Security Incident

Dear Wesley:

Thank you for shopping at DiscountRubberStamps.com.  You are a valued customer and we appreciate your business.  We respect the privacy of your information, which is why, as a precautionary measure, we are writing to let you know about a data security incident that recently took place on our system.

What Happened:
We learned that our computer system was accessed without our authorization during the time period of January 22, 2014 and February 8, 2016.

What Information Was Involved:
It is possible that customer credit card information may have been compromised during the incident.  After a comprehensive analysis, our forensic investigators were unable to find evidence that any credit card information was accessed or stolen.  Out of an abundance of caution, we are letting you know about the incident so you can take steps to protect yourself.  

During the time period that someone may have accessed our system, all credit card information processed on our system was maintained on an encrypted server and was protected by security protocols.


Coincidence? I doubt it. I decided to email the company and let them know that I recently experienced a stolen credit card information. Here is their response:

Thank you for contacting Discount Rubber Stamps.

We have no proof that any specific information was accessed or stolen from our website. We provided notice to customers because we do not know that some customer payment information including name, address and credit card information was accessible through our system.  While there may be a risk that information was compromised, there was no proof that any specific information was accessed or stolen.

Please continue to work with your financial institution associated with your credit card.

Thank you.

Discount Rubber Stamps

I am not sure how they would be able to come up with "proof" that specific information was accessed or stolen without an electronic audit trail enabled but obviously thieves got my information from somewhere and it sure seems suspicious.

Thankfully, my credit card company was on top of the situation and all seems to be back to normal again.

Still thinking here at Doe Valley

No comments: