Forgot your password?
typodupeerror
Privacy

Blu-ray Update Sent To User Via Credit Card Records 526

Posted by CmdrTaco
from the allright-that's-just-plain-scary dept.
wmoyes writes "Back in September I ran into a Best Buy store to buy a Samsung BD-P2550 Blu-ray player. I didn't give the clerk my name, telephone number, or address, just my debit card. The player has sat happily in my living room without ever being networked or registered. Today I was shocked to find a package waiting for me at home from Best Buy — inside was a firmware update CD for the player. I used to think Windows Update was scary, but Samsung's update service tracked me to my house using the mag stripe from my bank card. Has this happened to any other Blu-ray owners?" Or is there a simpler explanation?
This discussion has been archived. No new comments can be posted.

Blu-ray Update Sent To User Via Credit Card Records

Comments Filter:
  • by Ethanol-fueled (1125189) * on Thursday January 08, 2009 @10:08AM (#26371989) Homepage Journal
    From the sound of this [usnews.com], Samsung or Best buy are not to blame as much as your credit card issuer is for sharing your information. Choice quote:

    First, the facts: The Chase policy, which is similar to those of many other credit card companies, states: "You may tell us not to share information about you with non-financial companies outside of our family of companies. Even if you do tell us not to share, we may do so as required or permitted by law..."

    According to the Wikipedia article, the credit card number, expiration date, and PIN verification info. I've seen tweekers do it with stolen cards. Magstripe readers are available for 50 bucks online.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I think it's more likely that he gave the cashier his Reward Zone [bestbuy.com] card and is neglecting to remember that piece of information.

      • by ShadowBlasko (597519) <shadowblasko AT gmail DOT com> on Thursday January 08, 2009 @11:17AM (#26372949) Homepage
        I'm not so sure.

        I bought a Kawasaki 24 volt drill/driver at Sams club 2 years ago. (TOTAL garbage, but thats another thread)

        My GF used her sams club card for the member verify, and I used my cc for the purchase.

        About 4 months ago I got a post card, addressed to me, saying that it has been recalled for fire hazard reasons. I never filled out a warranty card or anything.

        Had the used the member card, it would have been sent to my gf, at her place.
      • Re: (Score:3, Interesting)

        by darkith (183433)

        Or he *returned/exchanged* a product purchased on his credit card to the store in the past and they asked him to fill out one of the return forms with name and address. Now BB has tied his address to his credit card, so he's now populated in the database with full name and address.

        When he purchased the Blu-ray player, it used his credit card to lookup his record and put the purchase down on his record, even though he didn't supply his personal info at that time.

        Then, when it comes time to mail out updates,

        • Re: (Score:3, Informative)

          by peragrin (659227)

          Bestbuy doesn't ask for your address during returns/exchanges at least they didn't for me yesterday.

          Of course I avoid membership cards like the plagued that they are

          • Re: (Score:3, Funny)

            by Kiaser Zohsay (20134)

            Bestbuy doesn't ask for your address during returns/exchanges at least they didn't for me yesterday.

            That's because they already have you on file. Nice to know, huh?

    • by b4upoo (166390) on Thursday January 08, 2009 @10:21AM (#26372183)

      I tend to believe that sometime in the past you ordered something from Best Buy and perhaps gave them more information at that time. Perhaps you even had a home delivery of a bulky item.
                  If they are doing data mining at the level you think that they are I tend to say congratulations to them for "going modern".
                  The joy of data collection is that the general public should have the same power to collect data as companies do. Putting information in the hands of the public is sort of like putting Al Franklin in the senate. One knows that a shoe is about to drop.

      • by spud603 (832173)
        I assume you mean Al Franken [alfranken.com], and not Al Franklin [fdu.com].
      • Re: (Score:3, Insightful)

        by dangitman (862676)

        One knows that a shoe is about to drop.

        Or be thrown.

    • by wmoyes (215662) on Thursday January 08, 2009 @10:44AM (#26372469)

      My guess is that they (Best Buy) cross referenced the name they read from my credit card to one of the bulk mail lists they purchased for marketing purposes. The letter was addressed to me 'or current resident' and inside was information about how my player with this new firmware update could download Netflix movies. The update CD itself was for my specific model (BD-P2550).

      The other possibility is that they cross-referenced my in store purchase via the card number to a previous on-line purchase from their web store (which would have included a shipping address). In either case, the mag stripe of my card (in an otherwise anonymous transaction) was used to make the connection, and four months later a package with a firmware update arrives at my house.

    • by should_be_linear (779431) on Thursday January 08, 2009 @10:59AM (#26372703)

      Even without credit card part, this story is quite interesting. There are annoying DRM systems. There are pain-in-the-ass DRM systems. But then, miles above all this, there is that ultimate sometimes-go-to-the-shop-and-take-firmware-update-CD-and-unbrick-your-player-again DRM that almost renders any owner of such device as total moron.

    • Re: (Score:3, Interesting)

      by SydShamino (547793)

      My usual grocery store (Central Market) sends us monthly coupons, addressed to us, despite the fact that we've never given them anything more than a credit card. We live rather far from the store, and I know that they don't send them at random to our town; only regular customers get 'em.

      I've also done the full opt-out privacy thing for every card I have as soon as I get it.

      Thus, yeah, I assumed that when I used my credit card the vendor had access to my billing address. Either that was automatic, or they

  • by GPLDAN (732269) on Thursday January 08, 2009 @10:09AM (#26371993)
    The midget in the back seat of the Lincoln crawls in your basement window at night, and takes inventory of your firmware revisions on all your hardware.

    He then runs to the forest to find out what updates you might need.

    Don't talk to him, it sounds like he's talking backwards.
  • by LilGuy (150110)

    I'm really curious as to whether or not this would be legal..

  • by SrWebDeveloper (1419361) on Thursday January 08, 2009 @10:10AM (#26372019)
    BTW, you need to replace that printer cartridge in the computer room on the first floor, and we have photographs of your youngest daughter going to school. Have a nice day, we'll be in touch.
  • Cash (Score:4, Insightful)

    by Anonymous Coward on Thursday January 08, 2009 @10:10AM (#26372029)

    This is why I use federal reserve notes for everything I can. I bought my Wii with federal reserve notes. I bought my PS3 with federal reserve notes.

    --
    End The Fed [endthefed.us]

    • Re:Cash (Score:5, Funny)

      by wamerocity (1106155) on Thursday January 08, 2009 @10:18AM (#26372135) Journal
      That's funny, whenever I give people cash for presents, I refer to it as a "federal reserve gift card". The best part is, it never expires! Though I recommend spending it quick because it seems to lose its value over time....
      • Re:Cash (Score:5, Funny)

        by Garabito (720521) on Thursday January 08, 2009 @11:38AM (#26373281)

        The best part is, it never expires!

        And it can be exchanged for items not available with other gift cards, like recreational drugs and sex with prostitutes.

    • Re:Cash (Score:5, Funny)

      by SQLGuru (980662) on Thursday January 08, 2009 @10:18AM (#26372139) Journal

      You should switch to Liberty Dollar's (http://www.libertydollar.org/) to show your contempt for the government as well.

      • Re:Cash (Score:5, Insightful)

        by ultranova (717540) on Thursday January 08, 2009 @11:24AM (#26373059)

        You should switch to Liberty Dollar's (http://www.libertydollar.org/) to show your contempt for the government as well.

        No, you shouldn't. They aren't money until they're accepted by Wal-Mart because that's what money is: a medium of exchange. So either get stocks, which are backed by the manufacturing/service capacity of the company issuing them, or if you want to hold wealth in silver, just buy silver bards directly. Why bother with a private currency, which inevitably has overhead costs ? What's the benefit ?

      • Re: (Score:3, Insightful)

        by DaveV1.0 (203135)

        And, the liberty dollar is against the law. The Constitution of the United States, in Article 1 section 8, reserves the right to coin money in the U.S. to the federal government.

        The Congress shall have Power ... To coin Money, regulate the Value thereof, and of foreign Coin, and fix the Standard of Weights and Measures

        You have just suggested he commit a federal offense.

        • Re:Cash (Score:4, Insightful)

          by Chaos Incarnate (772793) on Thursday January 08, 2009 @12:00PM (#26373587) Homepage
          As quoted, that just says that Congress can coin money, but doesn't restrain others from doing so.
        • Re:Cash (Score:5, Insightful)

          by Rastl (955935) on Thursday January 08, 2009 @12:11PM (#26373747) Journal

          Did you forget that the Constitution is there to specifically state the rights granted to the federal government? So if it wasn't there they wouldn't have the right to coin money?

          Banks and states printed their own money for a lot of years. There's nothing illegal about it unless you're trying to counterfeit existing currency.

          Currency is just convenient bartering, if you look at it objectively. "This wooden token is worth three chickens" is perfectly valid currency if it is accepted to have value.

          Back on topic.

          I'm not surprised that vendors and manufacturers are digging into the credit/debit card records for purchase histories. They're desperate since no one fills out their marketing, err, warranty cards. They need some way to track a customer base for stockholder reports. Sales histories aren't enough any more. They want to find out how to sell you more of their crap.

          I hope the OP filed an official complaint with the bank and his state. Privacy laws may be in effect here since there was no legal reason for them to mine that data.

    • Re:Cash (Score:5, Interesting)

      by AKAImBatman (238306) * <akaimbatman@gmai ... m minus language> on Thursday January 08, 2009 @10:19AM (#26372145) Homepage Journal

      This is why I use federal reserve notes for everything I can.

      That might not be as sure-fire as you think...

      http://newsmine.org/content.php?ol=security/police-militarization/bestbuy-shopper-arrested-for-two-dollar-bills.txt [newsmine.org]

      • Re: (Score:3, Informative)

        by Jah-Wren Ryel (80510)

        Or this case, [blogspot.com] which might possibly result in a SCOTUS ruling requiring cops to use their brains before using their cuffs.

      • Re:Cash (Score:5, Interesting)

        by hansamurai (907719) <hansamurai@gmail.com> on Thursday January 08, 2009 @10:43AM (#26372455) Homepage Journal

        What a sad, sad story. Check out Woz's site for more $2 idiocracy.

        http://www.woz.org/letters/general/78.html [woz.org]

      • Re: (Score:3, Interesting)

        by Skreems (598317)
        The cashier in the story was quite incorrect. They can refuse a sale with notes they don't want ($2 bills, pennies, etc) but cannot refuse any legal tender as settlement of a debt.
    • Re:Cash (Score:4, Insightful)

      by monoqlith (610041) on Thursday January 08, 2009 @12:35PM (#26374105)

      What's comical is not that you're so paranoid that you'll only use Federal Reserve notes to complete purchases. Well, that's pretty amusing, but what's even more amusing is that your sig contains a link to a site dedicated to ending the Federal Reserve.

    • Re: (Score:3, Funny)

      by kobaz (107760)

      This is why I use federal reserve notes for everything I can. I bought my Wii with federal reserve notes. I bought my PS3 with federal reserve notes.

      --
      End The Fed [endthefed.us]

      But then you don't get rewards points!

  • You've been pirated (Score:5, Interesting)

    by Atreide (16473) on Thursday January 08, 2009 @10:12AM (#26372065)

    That is great news

    if someone ever use your credit card number,
    YOU receive the driver upgrade.
    then you know something wrong happened

  • Prior use? (Score:5, Insightful)

    by Iphtashu Fitz (263795) on Thursday January 08, 2009 @10:14AM (#26372081)

    Have you EVER used that debit card at the same store and provided your address or phone number? If you've ever done that then they have that information readily available.

  • by Anonymous Coward on Thursday January 08, 2009 @10:15AM (#26372093)

    The blueray player used the nearest WiFi access point (it can hack into secured ones). It sent its GPS position, which was cross referenced to your address at the server. It has also been sending information about all the discs you have put in it, whether you played them or not. You haven't put any pirate stuff in there, have you?

    In addition, on the HDMI back channel it has been gathering information about what you watch on TV, and reporting that as well. The company sells this information to Nielson.

    And you wondered why that player was so expensive.

  • by Anonymous Coward on Thursday January 08, 2009 @10:15AM (#26372103)

    This is not unusual. I have benefited from several class action suits where they have somehow tracked me down years after the fact, which is particularly impressive because as a student/young professional/grad student, I moved almost every year.

    What probably happens is they give the debit card number (which is unique and remains unique long after you cancel/close the account) to a credit reporting agency (e.g. Equifax), and the credit agency has a record of your most recent address, which they got when you changed your address at your bank or any of your other credit cards.

    • Re: (Score:3, Informative)

      by darkmeridian (119044)

      Credit reporting agencies may have updated information on your whereabouts but the law restricts them to report only with your permission and only for legitimate purposes. The financial penalties are severe. Therefore, I doubt that BestBuy or Samsung walked around pulling the credit reports of hundreds or thousands of consumers without their permission just to send an update disk.

  • Don't panic. (Score:5, Interesting)

    by cliffiecee (136220) on Thursday January 08, 2009 @10:16AM (#26372115) Homepage Journal

    The 'update' DVD came from Best Buy, not the manufacturer- of course Best Buy has access to your home address, via your credit card. Samsung probably just shipped a bunch of discs to Best Buy, asking them to mail them out to owners of the player. No big conspiracy or identity theft going on, so relax.

    • Re:Don't panic. (Score:4, Insightful)

      by wmoyes (215662) on Thursday January 08, 2009 @10:24AM (#26372235)

      Yes, it was Best Buy who shipped the update DVD, not Samsung. But still... an update service who ships updates to you based on your mag stripe. Scary.

      • by tsstahl (812393) on Thursday January 08, 2009 @10:31AM (#26372323)
        Scary?

        Not really. What if that player had a tendency to explode after 25 hours of use. Would you want to be notified of the recall?

        Basic customer data mining has been around for ages. Pretty much ever since Mr. Drucker asked after your health and crop prospects in the general store. :)

        Or pillow talk after the very first prostitution transaction...depends how far back you want to go.

        Note, I'm not defending intrusive data mining.
        • Re: (Score:3, Insightful)

          Yeah I agree with the parent. I bet that there was some critical flaw in the drive that was fixable through the firmware. Instead of waiting to get sued, it looks like Samsung did the honorable thing to do and preempted it by shipping the fix. Once a company is sued successfully in a class action, they often are required to resort to these things. I get letters once every few years about various products I've purchased that are in litigation because of defects. If say, the company were sending you uns
    • Re:Don't panic. (Score:5, Insightful)

      by Speare (84249) on Thursday January 08, 2009 @10:25AM (#26372261) Homepage Journal
      But even that's wrong. There's no reason for Best Buy to know your address. They know the creditor's address, and the creditor has certified the transaction. If there's a problem with the funds, that's between the creditor and you. Best Buy is out of that loop.
    • Re:Don't panic. (Score:5, Informative)

      by houghi (78078) on Thursday January 08, 2009 @10:41AM (#26372437)

      of course Best Buy has access to your home address, via your credit card.

      This would not be the case in Belgium. In fact it is even illegal to do it that way. If I give only my credit card details, all they will have is the following information:
      Last 4 numbers of the credit card (We are not allowed to keep the credit card number anywhere)
      The name of the credit card holder and the expiration date.
      From the transaction itself the time, amount, item and card. (e.g. visa)
      Some extra information related to the payment itself an the communication concerning the payment.

      No link there with the users address. So unless we link it elsewhere with the address, we would have no idea what that would be. Calling the company will result in nothing but wasted time for both as they are not allowed by law to tell us the address.

  • So... (Score:5, Interesting)

    by nizo (81281) * on Thursday January 08, 2009 @10:30AM (#26372311) Homepage Journal

    Once people get used to this, what keeps naughty people from sending out legitimate looking upgrade disks that scramble your player or install software that lets them use your network connected player as a spam server? Urgh, basically virus laden spam for snail mail.

  • by $1uck (710826) on Thursday January 08, 2009 @10:33AM (#26372345)
    You purchase an item on Credit you're entering into an agreement to pay for something they are going to want to know your billing address so that they can verify payment. If you're that concerned about your privacy you need to not enter into such agreements and pay for everything with cash (which protects both sides). As a side note isn't this potentially a good thing that they sent you an update? You can decide not to use it if you fear its updating drm as opposed to improving the product.
  • by Cathoderoytube (1088737) on Thursday January 08, 2009 @10:41AM (#26372441)
    A similar thing happened to me. I bought a blu-ray player, then one day I came home and found my house ransacked and my blu-ray player was gone. I'm still waiting for Samsung to send my blu-ray player back with the updates. I don't have any problems with these companies being vigilant about their update services. I just really wish they wouldn't spraypaint swastikas on my furniture.
  • by Joe The Dragon (967727) on Thursday January 08, 2009 @10:47AM (#26372519)

    Check you card for any bill BB wants $30 to do this.

    http://consumerist.com/5122504/watch-out-for-firmware-shenanigans-at-best-buy [consumerist.com]

  • A few years ago there was an interesting device being sold that acted as an email dumb terminal. The device was sold sans any real license but the expectation by the vendor was that you would sign up for their service since otherwise the hardware was "useless". Except that folks figured out how to hack it and turn it into a remote terminal for various OS. I was interested....

    I trotted down to my local Circuit City only to find that many others were also interested and that they were sold out. No worries, they let me go ahead and buy one and would let me know when stock arrived so that I could pick it up.

    Meanwhile the company figured out what was going on and began trying to stop efforts to repurpose their hardware - unsuccessfully. I got a letter in the mail from the company a few weeks after I had made my purchase at CircuitCity. The letter was informing me that they had decided to change the license terms on their hardware - after my purchase, that signing up for their service was "mandatory", and that if I did not do so within X number of days or receiving my device they would CHARGE MY CREDIT CARD.

    Now, I had never contacted this company, I had no intentions of ever dealing with them or of buying their service, and I had not shared my contact information with them. CircuitCity however HAD shared my name and home address with them and if the letter was to be believed was also willing to share my credit card account information to facilitate a charge! I trotted back down to the CircuitCity, canceled my order, and demanded an explanation - naturally they had NO clue.

    I was beyond angry to say the least and fired off a letter to CircuitCity HQ. Their response was that no way did they share my CC information with this 3rd party but they said nothing about having shared my HOME ADDRESS! I let them know that I would never shop in their stores again and have told this story more times than I can count - it's been YEARS and I have held true to my promise not to give them a cent. Seeing them go under warms my heart - the jerks. The sad thing is that I nearly made this purchase with cash, I wish I had!

    As a side note, the CircuitCity I went into was one I'd never visited as it was closer to work and not my home. When I gave them my phone number they had my complete address on file! Turns out that my girlfriend's daughter had shopped there about 3 years prior and made a single purchase. They STILL had our address on file tied to that phone number when I made my purchase. So yeah, these companies do cough up data and they also hold onto it a REALLY long time - thank you TJMax!

    • by Nevyn (5505) *

      The letter was informing me that they had decided to change the license terms on their hardware - after my purchase, that signing up for their service was "mandatory", and that if I did not do so within X number of days or receiving my device they would CHARGE MY CREDIT CARD.

      Personally I would have just ignored this, and if they charged me I'd have called my CC company and said it was an unauthorized charge. I also am not optimistic enough to assume that whatever happened wouldn't have happened at Best Bu

    • Re: (Score:3, Interesting)

      by whyde (123448)

      In case anyone's curious, it was the Netpliance i-Opener:

      http://en.wikipedia.org/wiki/I-Opener [wikipedia.org]

      A friend of mine bought two when they went under. He had grand plans to hack them, but life got in the way.

  • by John Jorsett (171560) on Thursday January 08, 2009 @11:29AM (#26373125)

    I once (and only once) bought an expensive Hermes tie at a shop in a Las Vegas casino's mall, paying with a credit card. I never gave them my address, so it had to come from my credit card info. Ever since, I've been getting Hermes catalogs in the mail. They're expensive things too, zillion-color offset printings on expensive paper, stencil cuts, etc. By now, whatever profit they made on that one tie has long vanished in the costs of producing and sending me that catalog.

  • by GayBliss (544986) on Thursday January 08, 2009 @11:57AM (#26373547) Homepage
    I purchased something from the Apple store (brick-and-mortar, not online), and after the guy swiped my credit card, he asked if I wanted the receipt emailed to me. I said "sure, do you need my email address", and he said "no, we have it". And sure enough they did, because I got the receipt in my email. I assume they have the information from my iTunes account.

Algol-60 surely must be regarded as the most important programming language yet developed. -- T. Cheatham

Working...