Yesterday I went to the Springdale store to purchase a 12 lb. bag of black beans. It is the only Sam’s Club store in the area with the 12 lb. bag and it is close to our church. Since I was only purchasing one item, I used the Scan and Go application to check out. A few minutes later at my mother-in-law’s house, I noticed that the receipt on my phone was for a 50 lb. bag of potatoes. I went back to the store because I thought it was a scanning error. The black beans scanned correctly so they took my information and promised to investigate.
Today I noticed that I have two receipts. The first receipt was for the beans at 08/26/18 13:21. The second receipt was for the potatoes at 08/26/18 13:25. How does this happen? If the times are correct, I was probably in the car going to my mother-in-law’s house when the potatoes receipt was posted.
One of the oddities that caught my attention was that my phone was on the checkout screen for the potatoes. Typically when a Scan and Go transaction completes, the checkout screen is replaced with the completed transaction screen. Although credit card fraud is always a possibility, this looks like a Sam’s Club oops problem.
Last week Discover notified me that due to the Home Depot data breach, my Discover debit card was going to be re-issued. Their solution is not cheap but it is the best way to improve credit card fraud protection.
This is the first incident we have seen in which an auction site was used to launder money for stolen credit cards.
Yesterday we ran into an interesting new wrinkle on credit card fraud. A customer called us because they did not recognize a credit card charge on their bill. We had an order in our system with the correct billing address but they did not know the person the order was being shipped to. This is the typical way we find out about credit card fraud but this time when we called the person who it was being shipped to and she answered the phone. This was a first! She said that her husband probably ordered it and told us to call him. So we called him and he said he had ordered not one but two pumps from an auction site. Sure enough our order system said we had shipped a second pump to his wife using a completely different credit card and billing address. This is the first incident we have seen in which an auction site was used to launder money for stolen credit cards! Fortunately FedEx had not delivered either pump so we asked FedEx to return the pumps to us. Today we called the second customer and confirmed that they were unaware that their credit card had been stolen. We told them that a credit card refund had been processed and recommended that they notify their credit card company of the fraud. In this case the people whose credit card data was stolen did not lose any money. Typically we lose both the product and the shipping costs so we are pretty happy to get the products back. The biggest loser is the guy who thought he had won a legitimate auction for two pumps. I do not know how he paid for it but if he is fast enough he may be able to process a charge back.
In case you did not already know Home Depot had a data breach that is pretty similar to the Target breach. Since I am one of those Home Depot customers who are at risk, I took them up and signed up for their free identity protection from AllClearID. Like the first customer I plan to check my card activity several times a week.