URGENT - CREDIT CARD FRAUD

[Dean358]

It appears that there is a security problem with HDTRACKS.com. I recently had someone attempt to use my AMEX card fraudulently. That is the card that HDTRACKS.COM had on file. Needless to say, I canceled the card. Yesterday I used my MasterCard with HDTRACKS.com and within 24 hours there was a fraudulent attempt to use that card. HDTRACKS was the only place on the net or in the physical world where BOTH of these cards have ever been used.

 

Please note that I think the HDTRACKS folks are great and I’m NOT implying that they’re intentionally doing anything dishonest. It would appear, however, that security has been compromised on their site. I strongly recommend you not give them your credit card info until this has been resolved. (I’ve contacted HDTRACKS with this info as well.)

 

 

 

 

[icebreaker]

I'm glad I've only used PayPal when shopping at HD Tracks up until now!

 

[silverlight]

can't resist but ask the question, is HDTracks the only company of all the online firms you've ever shopped with that has your amex on file? I guess I've been fortunate, I've been online shopping from a ton a places over 10 years and only had 1 problem, and in that case Amex immediately credited my account (ironically enough it was trying to buy hires stuff from Chesky Records earlier this year - they charged my account but after 2 months never received the albums and no response on a bunch of email attempts).

 

[Dean358]

The particular Amex card on file with HDTRACKS is one I use exclusively for on-line purchases. It’s registered with several sites and I've never had a problem with it before. The Mastercard in question, however, has only been used one single time on line in the past few months -- with HDTRACKS on Saturday morning. By Saturday evening someone had stolen the info. And, as I posted above, HDTRACKS is the only vendor that had the info from BOTH of these cards.

 

[silverlight]

sounds like a prudent conclusion to be careful with them. while there are probably a couple points along the way where CC information can be picked off in a transaction, it's really up to HDTracks to provide a high level of security through the chain as much as possible with their transaction service providers.

 

[HDtracks]

First, thank you for your support of the HDtracks Hi Res Digital Music Store. We safely and successfully process thousands and thousands of transactions every month and will continue to do everything in our power to ensure that shopping with HDtracks is a safe, secure experience.

 

We have been alerted to a potential security concern in our store via an email from a customer who also posted on this blog. We appreciate being directly alerted to this issue. The security of our site and of our customers information is extremely important to us at HDtracks. Please know that we are in the process of investigating any possible security breaches. and carefully monitoring the site. As our customers know, we take pride in our customer service and quick response time to customer issues.

 

HDtracks is implementing security protocols now that go beyond what most online retailers can offer their consumers because we consider even rare occurrences of possible credit card fraud to be unacceptable.

 

Sincerely,

HDtracks.com

 

[sandyk]

HDtracks

You guys provide a unique and very highly sought after service, and from reports that I have heard ,your customer service is first rate as well. Now for a leading question :

When are customers outside the U.S.A and it's territories ,likely to be able to OFFICIALLY enjoy your great service ?

I know of many Audiophiles in Australia and the U.K. etc. that would love to be able to readily (legally) download from your HD store, as well as your normal offerings.

Regards

SandyK (Australia)

 

[cfmsp]

Have you considered that there is perhaps another common element between these two occurrences, i.e. the computer you used to enter the transactions?

 

For example, you don't know that the first occurrence was related to HDTracks, only the second. Your most recent online use of the original Amex card is a very likely candidate for the first instance of theft, in my opinion.

 

Thinking about it, it seems to me that if the issue was with HDTracks the odds that both occurrences would be you, and you alone, are pretty low. So, unless others have also been fleeced via HDTracks (which they would presumably know about, but maybe not), I'd say the odds are quite a bit greater than zero that the source of the problem is something on your computer.

 

I'd say that you're quite lucky, whatever the case, to have a single occurrence with a single card purchase, which gives a definitive data point.

 

How long ago since the earlier Amex problem? Is your computer a Mac or PC? I"d begin to check out your computer while waiting to hear back from HD Tracks.

 

clay

 

 

[Dean358]

I’m exclusively a Mac user, on line via Safari 4.0.3 running under OSX 10.6.1. I employ a fairly rigid password hierarchy scheme and although I do a LOT of on-line shopping this is the one and only time I’ve ever had a problem. The Amex card was used on the HDTRACKS site a little less than two weeks before the MasterCard.

 

You’re correct, it’s certainly possible that this had nothing to do with HDTRACKS.COM but that seems highly unlikely. For that matter, it’s possible that George W. Bush could earn his PhD in English Lit. from Columbia, now that he has some time on his hands. Possible? Yup. Likely? Not so much.

 

 

[Mike in MD]

I had not made the connection, but I made my first credit card purchase from HD Tracks two or three weeks ago, and last week on Wednesday there was a charge from Malaysia for an airline ticket (not by me). This is the first time ever that I have had a credit card event like this. I can not say for sure that it is from HD Tracks, but is interesting in light of this thread.

 

Mike

 

[cfmsp]

 

 

"The Amex card was used on the HDTRACKS site a little less than two weeks before the MasterCard."

 

Thanks for this bit of info.

 

And sadly, it appears you are correct about HDTracks, based on the post by another victim.

 

Apologies if my questions were deemed intrusive/insulting.

 

Agree with you on the chances of even an honorary degree in Literature for W.

 

 

 

[Dean358]

Clay – Absolutely no apology needed.

Mike – sorry to hear this. It does however, seem to confirm that HDTRACKS.COM has a problem.

 

TO THE FOLKS AT HDTRACKS: the people on this site – myself included – are your biggest fans and most loyal customers. However, 48 hours after I sent you two e-mails this was your response:

 

Thank you for alerting us to this issue. Your security concerns are very

important to us at HDtracks. We have elevated this issue to "HIGHEST

PRIORITY" with website management. Please know that we are in the process of investigating any possible security breaches. We will correspond with you shortly with any helpful information that arises as a result of our investigation. While we work to resolve this issue you can be assured that you can continue to shop safely on the site utilizing the Pay Pal option.

 

Thank you again for your support of the HDtracks Hi Res Digital Music Store. We have safely and successfully processed thousands and thousands of transactions since our launch last year and will continue to do everything in our power to ensure that shopping with HDtracks is a safe, secure experience for our customers.

 

 

That’s no longer sufficient. You need to acknowledge the problem and reach out to those of us that have been inconvenienced by your security problem.

 

 

To everyone else: obviously, don’t use your credit card with HDTRACKS!!! If they have one on file you should contact your credit card company right away.

 

 

[[email protected]]

I've just had the same experience as the others. Unknown charges on a five year old card approx a few hours after purchasing through HD Tracks.

 

Card cancelled, have to review transactions and deal with bad stuff.

 

Not a great way to do business.

 

[Mike in MD]

I got my new credit card today. HD Tracks won't be seeing it for a long time.

 

I think that many people don't check their cards online, so they won't see the fraud until they get the paper report in November.

 

This is all very sad.

Mike

 

 

[sandyk]

As one other member has mentioned, Paypal is a good safe option. Using Paypal , and choosing your own debit card account, also helps to soften the blow that you can get when using credit cards.

I use Paypal with HD Tracks, as the system lets me, and I always prefer to pay that way on line wherever possible.

In the meantime, HD Tracks deserves our support, if we hope to not only keep alive existing downloadable HD content, but HD content from new sources via HD Tracks.

 

SandyK

 

[HDtracks]

 

 

HDTracks takes the security of its site extremely seriously and is actively investigating these reports regarding potential issues with our site. However, we can say that we have reviewed our site security protocols and have verified that we are conforming to industry standards related to as defined by the PCI Compliance Standards. We are continuing to review our site and remain committed to maintaining the integrity of our customers data and ensuring peace of mind.

 

We do want to add that we are offended by a posting here accusing HDtracks of "stealing credit card numbers". We appreciate hearing from our customers with any concerns, ideas, or questions they may have, however this type of accusation is essentially business defamation. HDtracks was founded by my brother David and myself to offer the highest quality downloads to the audiophile community. The store is a labor of love for us, one that we have dedicated much money, time and effort. Both my brother and I have, and continue to use, our own credit cards on the site without incident. And of course, one always has the option of using PayPal if they wish.

 

Our entire staff, including our programming team and site management are putting their energies into ensuring that the site is a safe place to shop, regardless of the payment option one chooses.

 

Thank you for listening.

 

Norman and David Chesky

 

[icebreaker]

"We do want to add that we are offended by a posting here accusing HDtracks of 'stealing credit card numbers'."

 

I am offended as well.

 

Anyone who knows this business knows that the founders of HD Tracks are icons in the music industry. They have always held themselves to the highest standards.

 

I'm sure the comments are made out of a sincere yet misdirected concern.

 

[sandyk]

I find the comments offensive also, and they could almost certainly lead to HD Tracks taking legal action against the poster, if they chose to. I would hope that Admin would either remove the highly inflamnatory allegations, or ask the original poster to edit his posts to something more acceptable, without losing the gist of the original warning.

SandyK

 

[pwhinson]

I used HD Tracks on 9/4 and 9/15. There was an attempted use of my Visa credit card in London on 9/8. i have never even been to London. That card was reissued. In the meantime I didn't have a charge card - I only had my debit card and I believe I may have used that card on the 9/15 charge at HD tracks. The debit card was used in New York at Tiffanys sometime I think in the last week of September. Both cards were issued by Charles Schwab. In both cases there was no swipe and I don't know exactly HOW this happened at retailer like Tiffany's but Schwab told me in each case the numbers were keyed in, and that no "swipe" of a card was involved. Again, I don't know how such a thing could happen at Tifffany's without even a swipe of real card but that's the honest truth of what went down with me in September. I'm 52 and have never had any kind of fraudulent use of the cards. I changed all my passwords on my accounts, changed everything. Anybody else have any problems? There are of course wierd coincidences that occur but this looks bad to me.

 

[pwhinson]

don't muck about in the legalese. i've been a legal assistant for litigators for 20 years. The very first test of a libelous statement is that it has to be false. This isn't about that, and HDTracks, if there is a security breach somewhere - you can bet they are right in the middle of it right now with the credit card issuers trying to resolve this problem.

 

[pwhinson]

I have now checked my statements on line and each of the two charges at HD tracks were made using my two different cards, the first one my charge card, and the second one my debit card. Within a week afterward each card had a fradulent charge against it and had to be cancelled by Schwab.

 

[pwhinson]

I have now checked my statements on line and each of the two charges at HD tracks were made using my two different cards, the first one my charge card, and the second one my debit card. Within a week afterward each charge, each card had a fradulent charge against it and each card had to be cancelled by Schwab.

 

[pwhinson]

How do you delete a stupid double post? ;-

 

[pwhinson]

To anyone who might misconstrue my comments - we have only a connection between these events and that's all we have, that connection might lead to other commonalities. And no legitimate business - ever - would do anything intentionally to put their customers at risk and the Cheskys are definitely not only legit but have given us hours of wonderful listening beginning many years ago way before the advent of computer audio or even the idea of it. The only ones who "stole" anything are the ones that ended up with money or merchandise that didn't belong to them in New York, or London or you fill in the blank.

 

[cfmsp]

"We do want to add that we are offended by a posting here accusing HDtracks of "stealing credit card numbers". We appreciate hearing from our customers with any concerns, ideas, or questions they may have, however this type of accusation is essentially business defamation."

 

well, it seems like everyone is offended.

 

As a (likely former) customer of HDTracks, I am disturbed, but not offended, that you haven't alerted me (as a customer of record) that there is a serious breach of your site and/or credit card processing mechanism.

 

Just in a matter of a few days, 8 different occurrences have been discovered across 6 customers - and reported on this site alone. Two customers were apparently victimized twice. Who knows if/when some of the other victims would have noticed the issue. Who knows how many others are affected?

 

Something is clearly wrong here. Perhaps you (HD Tracks) are a victim. If so, you have my sympathy, but ... your customers need to be made aware of the situation.

 

Until notification is received by all of your customers, each and every one of us run a risk of fraudulent charges that we might not even notice due to failure to check statements carefully. Any fraudulent charges that occur due to credit card transactions after you were notified (several days ago) would have been preventable by you.

 

As to whether there is business defamation here, it seems to me that you'd first need to prove that it's not true, that indeed, the people victimized did not have their credit card numbers 'stolen' as a result of transacting business on your site.

 

Here's to hoping that you successfully resolve this matter quickly.

 

 

respectfully,

clay