Blu-ray Update Sent To User Via Credit Card Records

wmoyes writes "Back in September I ran into a Best Buy store to buy a Samsung BD-P2550 Blu-ray player. I didn't give the clerk my name, telephone number, or address, just my debit card. The player has sat happily in my living room without ever being networked or registered. Today I was shocked to find a package waiting for me at home from Best Buy — inside was a firmware update CD for the player. I used to think Windows Update was scary, but Samsung's update service tracked me to my house using the mag stripe from my bank card. Has this happened to any other Blu-ray owners?" Or is there a simpler explanation?

Cash

[Anonymous Coward]

This is why I use federal reserve notes for everything I can. I bought my Wii with federal reserve notes. I bought my PS3 with federal reserve notes.

--
End The Fed [endthefed.us]

Prior use?

[Iphtashu Fitz]

Have you EVER used that debit card at the same store and provided your address or phone number? If you've ever done that then they have that information readily available.

Re:Customer information sharing

[Anonymous Coward]

I think it's more likely that he gave the cashier his Reward Zone [bestbuy.com] card and is neglecting to remember that piece of information.

Re:Customer information sharing

[b4upoo]

I tend to believe that sometime in the past you ordered something from Best Buy and perhaps gave them more information at that time. Perhaps you even had a home delivery of a bulky item.
            If they are doing data mining at the level you think that they are I tend to say congratulations to them for "going modern".
            The joy of data collection is that the general public should have the same power to collect data as companies do. Putting information in the hands of the public is sort of like putting Al Franklin in the senate. One knows that a shoe is about to drop.

Re:Don't panic.

[wmoyes]

Yes, it was Best Buy who shipped the update DVD, not Samsung. But still... an update service who ships updates to you based on your mag stripe. Scary.

Re:Don't panic.

[Jah-Wren Ryel]

of course Best Buy has access to your home address, via your credit card.

Of course? WTF? If the issuing bank gave a shit about customer privacy, it would "no fucking way" not "of course." When I go into Best Buy and pay with cash, they don't get my billing address, the same thing should apply when using a credit card. They certainly do not have a legitimate need to know my billing address without first asking for my permission.

Re:Don't panic.

[Speare]

But even that's wrong. There's no reason for Best Buy to know your address. They know the creditor's address, and the creditor has certified the transaction. If there's a problem with the funds, that's between the creditor and you. Best Buy is out of that loop.

Are you a reward zone member?

[Kuang_Grade]

If you have signed up with best buy's reward zone program and have used that credit card at least once with your reward zone card, they will know it is you...even if you didn't flash your reward zone card during the purchase of your blu ray player. Likewise, if you sent a rebate to best buy (although not necessarily to a 3rd party) using that credit card, its likely they will know it is you. Similar things happened with people who bought HD DVD players at best buy...when HD DVD was killed off, best buy decided to send folks $50 gift cards as a 'sorry things didn't work out with HD DVD' gesture...they mostly fed off info they already had from reward zone, rebates, or extended warranties to send the cards out.

I frequently use $2 bills

[jaredmauch]

I dine out at a local eatery and they give change in 50c and $2 bills as appropriate based on your order. I tend to re-use the bills at other local places, and usually get some combination of NOOP and Cool! I've never had any issues, but also don't tend to hand them to someone who may die due to drooling on themselves.

Re:We know where you are.

[Anonymous Coward]

The Wikipedia article does not state that the comma is optional. It states that compound sentences can be formed with or without a comma. Eliminating a comma is only permissible under very specific circumstances dealing with the flow and complexity of the sentence.

e.g.

"I've been waiting for this letter but now I wish it hadn't come."

vs.

"I've stayed at home all day waiting for this letter, but now I wish I hadn't received it."

Situations dealing with confusion ABSOLUTELY require a comma. e.g. "We finished eating dinner and then the children..." The remaining part of the sentence is unimportant. It has already caused confusion. Whereas the following example is much clearer: "We finished eating dinner, and then the children..."

Reference: http://grammartips.homestead.com/compoundsentences.html [homestead.com]

--The Grammar Communist

Re:Cash

[ultranova]

You should switch to Liberty Dollar's (http://www.libertydollar.org/) to show your contempt for the government as well.

No, you shouldn't. They aren't money until they're accepted by Wal-Mart because that's what money is: a medium of exchange. So either get stocks, which are backed by the manufacturing/service capacity of the company issuing them, or if you want to hold wealth in silver, just buy silver bards directly. Why bother with a private currency, which inevitably has overhead costs ? What's the benefit ?

This seems to be routine

[John Jorsett]

I once (and only once) bought an expensive Hermes tie at a shop in a Las Vegas casino's mall, paying with a credit card. I never gave them my address, so it had to come from my credit card info. Ever since, I've been getting Hermes catalogs in the mail. They're expensive things too, zillion-color offset printings on expensive paper, stencil cuts, etc. By now, whatever profit they made on that one tie has long vanished in the costs of producing and sending me that catalog.

Re:Cash

[DaveV1.0]

And, the liberty dollar is against the law. The Constitution of the United States, in Article 1 section 8, reserves the right to coin money in the U.S. to the federal government.

The Congress shall have Power ... To coin Money, regulate the Value thereof, and of foreign Coin, and fix the Standard of Weights and Measures

You have just suggested he commit a federal offense.

Re:Don't panic.

[je ne sais quoi]

Yeah I agree with the parent. I bet that there was some critical flaw in the drive that was fixable through the firmware. Instead of waiting to get sued, it looks like Samsung did the honorable thing to do and preempted it by shipping the fix. Once a company is sued successfully in a class action, they often are required to resort to these things. I get letters once every few years about various products I've purchased that are in litigation because of defects. If say, the company were sending you unsolicited advertisements using this method, that is annoying, or using it to sue their customers, that would be scary, but this behavior isn't scary, it's helpful.

Re:Customer information sharing

[Score Whore]

The package in the OP was from Best Buy for a Samsung player. Best odds are that Samsung knows absolutely nothing about this guy, they just told Best Buy that "hey, here's a firmware update for player model xyz."

Re:Don't panic.

[gammygator]

"What if that player had a tendency to explode after 25 hours of use. Would you want to be notified of the recall? "

That all depends on who I bought it for.

Re:Customer information sharing

[skuzzlebutt]

Yes, highly unlikely...the magstripe doesn't store that info, so they would have to get that info from the card issuer (not Visa or Mastercard, the issuing bank) recursively. The card acquirer isn't even privy to that info unless there is a chargeback case or something where the consumer needs to be contacted. Card-issuing banks are beholden to regulations that would make most industries not even want to get out of bed in the morning and turn on the cash register; and they are extremely careful with what they do with cardholder info (lest they lose their charter with Visa/MC and have to close shop).

Also, consider it from a business standpoint: even if you can get around the regulatory stuff, the CC issuer isn't going to pass that info along for free (they would have to have frame circuits or encrypted FTP channels or some secure way to send batches of data safely from the issuer to BB and then to Samsung--and no, it's not going over the same pipes that the authorization and capture are being passed through...that's going to be a totally different environment, likely through a third party processor; then there are operational expenses, etc...nobody does this stuff for free). How much is that data really worth to Samsung? BB has to be in that loop, because the cardhlder didn't by the device from Samsung; the issuer doesn't care that it's a Samsung device, they aren't a part of that transaction chain, so the data would have to go to BB directly. And is BB going to go through the expense to do that for just Samsung? If not, are enough companies going to want this to make it worthwhile? Again, strains credulity from a business standpoint.

And even if they did have some kind of affiliate info-sharing deal with BestBuy (which, again, is highly unlikely), they aren't going to go through he expense and trouble so that you can get firmware updates for your Blu Ray player.

Samsung got that info some other way, like a rewards card application or rebate submission that BB was able to link to an address via one of the many data aggregators out there.

All credit card industry stuff aside: yes, that is indeed scary as hell. I wouldn't be happy at all.

Re:Cash

[Chaos Incarnate]

As quoted, that just says that Congress can coin money, but doesn't restrain others from doing so.

Re:Customer information sharing

[somersault]

There is most likely some other thing at work here.

Maybe it was aliens? Or little toys come to life? The guy bought the player at best buy. He received a package from best buy with an update. It doesn't take that much to figure it out.

Do best buy do anything like customer reward cards where they would have your address on file? Still, the guy says he only used his debit card. The simplest and most logical assumption would be that buying one of these players automatically puts you down to receive updates and they take the address from your debit card. Privacy nuts may hate that idea but I think it shows that Best Buy cares ;)

Re:Cash

[Rastl]

Did you forget that the Constitution is there to specifically state the rights granted to the federal government? So if it wasn't there they wouldn't have the right to coin money?

Banks and states printed their own money for a lot of years. There's nothing illegal about it unless you're trying to counterfeit existing currency.

Currency is just convenient bartering, if you look at it objectively. "This wooden token is worth three chickens" is perfectly valid currency if it is accepted to have value.

Back on topic.

I'm not surprised that vendors and manufacturers are digging into the credit/debit card records for purchase histories. They're desperate since no one fills out their marketing, err, warranty cards. They need some way to track a customer base for stockholder reports. Sales histories aren't enough any more. They want to find out how to sell you more of their crap.

I hope the OP filed an official complaint with the bank and his state. Privacy laws may be in effect here since there was no legal reason for them to mine that data.

tmobile @home forced router updates

[Anonymous Coward]

yesterday i got a message that tmobile pushed a performance update onto my @home linksys router. i was thinking about trying to reverse it and discover how i can push my own firmware onto others @home linksys routers..but then i figured i'll just let the cat out of the bag and let someone else do it......

Re:Cash

[MBGMorden]

Ah. The old "read half the post, think of a joke, and hit reply to tell it despite it already being told in the second half of the original post". We've all had it happen to me before. Don't feel embarrassed. :)

Re:Cash

[monoqlith]

What's comical is not that you're so paranoid that you'll only use Federal Reserve notes to complete purchases. Well, that's pretty amusing, but what's even more amusing is that your sig contains a link to a site dedicated to ending the Federal Reserve.

Re:Cash

[ultranova]

Because people collect coins and so they have more value to collectors than the metal they are made from. As the coins disappear over time (melted, lost, whatever) then the value of the coin goes up - in theory.

But we aren't talking about some ancient coinage. We're talking about a contemporary private coinage project. It seems likely that the number of coins hasn't topped yet, neither do these things have any historical value. Maybe in a few hundred years they're antique, but I wouldn't bet on that either, and in any case you could always have the silver you bought made into a nice statue.

Re:Customer information sharing

[pdabbadabba]

"The simplest and most logical assumption would be that..." ...they looked him up in the phonebook?

Cash

[RJFerret]

See subject.

Re:Customer information sharing

[TheVision]

It's my regular signature with two lines through the first letter of my name.

Sounds like a lot of work; what's wrong with an "X"? Home Depot et al. happily accept it.

Re:Customer information sharing

[DamnStupidElf]

Credit Card numbers are quite reliable and for 1 dollar we would get *all* of the information on the card holder. This included name, address, age, spouse's name and age, children's names and ages, your income, and various demographic information for your neighbourhood.

So, uh, basically everything you'd need to impersonate the person whose card number you have? No wonder credit card companies are so eager to do chargebacks and eat the loss on fraud... There's actually negative personal security by having a credit card.

Just how choosy was the company you were doing lookups with? Can any cheapo web store get an account with them?

Re:If it was sent in the mail, unsolicited

[NeoSkandranon]

I'm fairly sure being sent anything unsolicited doesn't allow you to flaunt copyright or patents.

Re:Customer information sharing

[WhatAmIDoingHere]

" Today I was shocked to find a package waiting for me at home from Best Buy"

Looks like Best Buy didn't share the information with anyone. Looks to me like Samsung asked BB to send out the updates to everyone who bought the player, and they did so without sharing that information with anyone else.

Re:Customer information sharing

[bluefoxlucid]

Putting information in the hands of the public is sort of like putting Al Franklin in the senate. One knows that a shoe is about to drop.

Thank god it's nowhere near as horrible as putting GW Bush in the White House.

In which case, a shoe is about to be ducked?

Re:Customer information sharing

[dangitman]

One knows that a shoe is about to drop.

Or be thrown.