Blu-ray Update Sent To User Via Credit Card Records 526
wmoyes writes "Back in September I ran into a Best Buy store to buy a Samsung BD-P2550 Blu-ray player. I didn't give the clerk my name, telephone number, or address, just my debit card. The player has sat happily in my living room without ever being networked or registered. Today I was shocked to find a package waiting for me at home from Best Buy — inside was a firmware update CD for the player. I used to think Windows Update was scary, but Samsung's update service tracked me to my house using the mag stripe from my bank card. Has this happened to any other Blu-ray owners?" Or is there a simpler explanation?
Customer information sharing (Score:5, Informative)
First, the facts: The Chase policy, which is similar to those of many other credit card companies, states: "You may tell us not to share information about you with non-financial companies outside of our family of companies. Even if you do tell us not to share, we may do so as required or permitted by law..."
According to the Wikipedia article, the credit card number, expiration date, and PIN verification info. I've seen tweekers do it with stolen cards. Magstripe readers are available for 50 bucks online.
it's the credit report agencies (Score:3, Informative)
This is not unusual. I have benefited from several class action suits where they have somehow tracked me down years after the fact, which is particularly impressive because as a student/young professional/grad student, I moved almost every year.
What probably happens is they give the debit card number (which is unique and remains unique long after you cancel/close the account) to a credit reporting agency (e.g. Equifax), and the credit agency has a record of your most recent address, which they got when you changed your address at your bank or any of your other credit cards.
Re:it's the credit report agencies (Score:3, Informative)
Credit reporting agencies may have updated information on your whereabouts but the law restricts them to report only with your permission and only for legitimate purposes. The financial penalties are severe. Therefore, I doubt that BestBuy or Samsung walked around pulling the credit reports of hundreds or thousands of consumers without their permission just to send an update disk.
Re:Cash (Score:3, Informative)
Or this case, [blogspot.com] which might possibly result in a SCOTUS ruling requiring cops to use their brains before using their cuffs.
Re:Personal Information and Tracking you down (Score:4, Informative)
As they say on Wikipedia, "citation needed". I've bought a hundreds of things at BB, and even worked there for a spell when I was between real jobs; never once was I asked for my phone number during a purchase.
And what is wrong with this? (Score:5, Informative)
Comment removed (Score:5, Informative)
Re:Don't panic. (Score:0, Informative)
Most retail stores put your information into their database when you make a purchase.
The first time you purchase from a company you'll usually be asked your name, address, and phone number before making the purchase no matter how you're paying.
Same thing with online orders as well.
Even if you don't tell it to remember your information it's still in a record somewhere.
I'm personally not too worried about it.
Re:Customer information sharing (Score:5, Informative)
My guess is that they (Best Buy) cross referenced the name they read from my credit card to one of the bulk mail lists they purchased for marketing purposes. The letter was addressed to me 'or current resident' and inside was information about how my player with this new firmware update could download Netflix movies. The update CD itself was for my specific model (BD-P2550).
The other possibility is that they cross-referenced my in store purchase via the card number to a previous on-line purchase from their web store (which would have included a shipping address). In either case, the mag stripe of my card (in an otherwise anonymous transaction) was used to make the connection, and four months later a package with a firmware update arrives at my house.
Check you card for any bill BB wants $30 to do thi (Score:5, Informative)
Check you card for any bill BB wants $30 to do this.
http://consumerist.com/5122504/watch-out-for-firmware-shenanigans-at-best-buy [consumerist.com]
Re:We know where you are. (Score:4, Informative)
Yes, you should. It is combining two complete clauses. If both clauses were short, it would be optional, but it is always correct to use a comma in this case.
If you want to complain about something, complain about the comma splice in the last sentence. It should either be a period (followed by a capital letter) or a semicolon.
--David the Grammarian
P.S. Just to bring this back on topic, if you want to make it a lot harder for this to happen, use a prepaid credit card and pay with cash.
Note: there are two short clauses in that last sentence. :-)
Re:it's the credit report agencies (Score:2, Informative)
Section 604(a)(3)(F)(i) of the Fair Credit Reporting Act [ftc.gov]:
In general, any consumer reporting agency may furnish a consumer report under the following circumstances: To a person which it has reason to believe ... has a legitimate business need for the information in connection with a business transaction that is initiated by the consumer.
Bank, Credit Card Company, Merchant (Score:3, Informative)
If your bank account does have enough funds, Visa/MasterCard requests the transaction amount to be placed on hold on your account until such a time as when the funds can be actually transferred from your bank account to the merchant's account with a credit card merchant office (e.g. Nova). This transfer can happen instantly during business hours or can hold as pending until the next available business day if done during off hours or weekends.
You sign/confirm to an agreement that the funds will still be there when the transaction electronically resolves itself. If you don't have the funds, Visa/Mastercard can come rape you. If the merchant sold you damaged goods and will not issue you a refund, you can use Visa/Mastercard's thugs to force their hand. If you didn't make the purchase (identity theft), your bank can use Visa/Mastercard's thugs to track things down, issue you a provincial credit, and other fun things.
Anytime you pay for something electronically, your info will be made known to the merchant and Visa/Mastercard. How do you think Visa has that promo for debit cards allowing you to be the big mystery winner just for using your debit card to make purchases?
Re:Customer information sharing (Score:3, Informative)
That's probably the dumbest thing I've read all day. If you want an anonymous transaction, don't use a card.
Re:Customer information sharing (Score:2, Informative)
Re:Customer information sharing (Score:3, Informative)
Bestbuy doesn't ask for your address during returns/exchanges at least they didn't for me yesterday.
Of course I avoid membership cards like the plagued that they are
Re:Customer information sharing (Score:4, Informative)
"Those marks mean they never had a physical signature attached to a document, and thus it's wholly unenforceable."
Totally wrong. The validity of those signatures have been upheld countless times in court. Generally, an electronic signature pad is backed by a surprisingly sophisticated system for tracking when you signed, how you signed, and what you signed, generally storing screenshots of each step of the process including the agreement for each unique signature.
Does it prove conclusively that you signed the document that they say you signed? No. but, then again, neither does your signature on a paper contract (Think about it. Do you sign every page or just the last one? ). The signature is good unless you dispute that you made it in court (and just not being sure if that is the document you signed doesn't cut it. You are expected to have a reasonable belief that it isn't).
Re:Customer information sharing (Score:5, Informative)
"they would have to get that info from the card issuer"
No, not really.
I worked for a telephone services company some years ago and developed their customer information system. We would only get one of two possible pieces of information from a transaction: the telephone number they called a 1-900 number from, or the Credit card number they used if they called a 1-800 number.
We wanted to get the customer information so we could send them related advertising.
There are vendors out there that will supply all available subscriber information for a telephone number, and others that will provide all available information given a Credit Card number.
Telephone numbers are not super reliable as they can be re-used, but for 5 cents we would (about 60% of the time) get a result which would give us the subscriber name and address. For 20 cents we would get about a 90% match. We sent all phone numbers to the 5 cent vendor and for those that didn't get a result we would send them to the 20 cent vendor.
Credit Card numbers are quite reliable and for 1 dollar we would get *all* of the information on the card holder. This included name, address, age, spouse's name and age, children's names and ages, your income, and various demographic information for your neighbourhood.
Given that big box stores likely get thousands of 'Card only' purchases a day I am sure they also have similar agreements with vendors, or contract with 3rd parties to do it for them.
CC Info Cross Reference (Score:4, Informative)
I've stopped shopping at stores that use my credit card as a way to get me on their mailing list. On vacation, we bought some chocolates at Harry & David. When we got back, there was a catalog from them in our mail with my name (not "Resident") in the address.
I'm not saying you're wrong but you do realize it is far more likely that they got your name and address from a local mailing list vendor than from your credit card? Especially around the holidays. There are countless services available that can target promotional mailings for a fee. There are all sorts of public sources for this information including housing records. (seriously - buy a house and you will get spammed with more refinancing offers than you can imagine)
I get Harry & David catalogs too (no I don't want them), with my name on them and I've never purchased anything from H&D. They also will send you catalogs if someone else buys you a gift from H&D.
That's not to say they don't use credit card into. I never give a zip code, phone number or any other info when checking out because it can be cross referenced. I nearly called the cops on the guys at Jiffy Lube once because they drained the oil in my car and then insisted they needed my address to put oil back in. They do have a legal right to ask and can refuse service if I don't provide the information but then I have a legal right to shop elsewhere as well.
Re:Customer information sharing (Score:3, Informative)
Re:Customer information sharing (Score:2, Informative)
Re:Cash (Score:3, Informative)
You're going to bother going to the ATM to get a couple of hundred dollars in cash?
Instead of using a credit card, where the purchase is _cheaper_ (cash back, other rewards) than with cash. I pay off my credit cards every month, they're more convenient than cash, especially now that virtually all places I go to take them (e.g. restaurants).
Re:Customer information sharing (Score:5, Informative)
Yes! Same here. And that site is
www.optoutprescreen.com [optoutprescreen.com]
I share everyone's frustration that you have to opt out of a process by which another entity can expose you to the risk of identify theft, but I can personally attest that this site is effective. I have even moved a few times since I signed up, and still remain opted-out.
Re:Cash (Score:5, Informative)
Except it's not cheaper, what you interpret as cash back is actually compensation for providing your personal information and you having paid extra for the "convenience".
It's sharing a percentage of the charge the vendor has to pay for processing a credit card, ever wonder why some places (commonly gas stations) have different prices for cash/credit? Prices overall could be a few percent cheaper if nobody used credit cards and that "cash back" could be accruing interest in YOUR bank account instead of theirs!
I'll take the 2% in my savings account rather than the 1% you get back after a month (interest free) any day (and Discover doesn't give it back anymore until you've accrued a big chunk).
Also, I use credit cards for business expenses, and the transactions take longer than cash (which I use for all personal expenses). Ironically, it used to be you'd look for the line where people were paying cash as it was faster, and now the credit card payment systems have gotten more convoluted and time consuming than when we signed paper slips, never mind waiting for a slow network day or waiting for the clerk to explain which buttons to press to each person in line. (Although I love self checkouts, then there's nobody there to explain to people how to process their plastic.)
Credit cards have their place (paper trail, online ordering), but they do enable others to profit from you and your information (while you pay them for the privilege).
(And yes, of course pay them off completely every month, anything else and you should use cash simply to not spend beyond what you have!)
PS: Ever wonder why credit companies can afford such lavish advertising, promotions, sponsorships, cash back programs, technical infrastructure all while being subject to so much fraud and theft? It's because they profit so much from each of "your" transactions. Sure you can minimize the extra costs to you, but they have perfected their revenue stream and made it appear inexpensive/painless.
Re:Customer information sharing (Score:4, Informative)
No wonder credit card companies are so eager to do chargebacks and eat the loss on fraud...
Actually, the seller gets hit with the chargeback. Hence the back in chargeback. The CC companies have no skin in the game. The people that eat it on fraud are the people that are selling. CC fraud is VERY bad.
Re:Customer information sharing (Score:3, Informative)
I have taken lately to showing my US Passport Card when asked for picture ID...
Not only does it not have my address or signature on it, I suspect that getting information about me from the US Department of State is a damn site more difficult than getting it from most other sources.
So far no one who has requested ID has objected to the passport card, which is almost a disappointment - I sometimes relish a good fight. :o)
(The US Passport card is better screened and more difficult to get than a common driver's license or state ID card, and is issued by the federal government. If someone doesn't want to accept that as official government issued picture ID, I WILL be right there in their face.)
--
Tomas
Re:Customer information sharing (Score:2, Informative)
Re:Customer information sharing (Score:3, Informative)
I believe that this applies to single cash transactions of > $10k, or multiple smaller transaction that equal or exceed 10k over a specified period of time. Also, only the following companies are required to report these transaction:
- banks
- securities companies
- money services companies
- casinos
- gem/precious metal dealers
- insurance companies
Notably, car dealers are not on this list...
See the federal Bank Secrecy Act - http://www.fincen.gov/ [fincen.gov]
Re:Customer information sharing (Score:3, Informative)
In Europe the limit is €15,000, and car dealers are on the list.
Re:Customer information sharing (Score:2, Informative)
Re:Customer information sharing (Score:3, Informative)
DentinYourHead - I own a processing company [virtualpaymentsystem.com]. Things have changed substantially in the past 3 years. It's mostly hitting the merchants now. I wish the banks were eating it, but most of it is going back to the merchants, and this is especially true of internet based transactions.