Digital Star unauthorized charge

ComplaintsOnline StoresDigital Star

Complaint

0
Steve
Country: United States
A preauthorization for $74.95 from Digital Star with a bad phone number (208-123-7377) showed up on my debit card account 1/29/12.  Called bank fraud department and had the account killed immediately.  They stopped the charge since it had not completed.  Do not know who Digital Star is or what the charge was for.  I use the card for online purchases mainly through Amazon.  No purchases in the last 30 dqays.  However, I placed orders in the last 60 days from a company called Turncraft (woodworking plans), Personal Creations, and Entirely Pets. I wonder what companies others have used recently.

Comments

1234567...192021Next
  • 0
    Steve
    | 3 replies
    I was first poster on this thread.  I am in Oregon.  Wonder if the common thread for all posters is Amazon.  I listed all my uses above, anyone have a use in common other than Amazon??  I know they said that the Zappos hack did not effect Amazon users, but the timing makes you wonder.
    • 0
      Nolan replies to Steve
      | 1 reply
      I ordered from Amazon a in January but the Digital Star charge didn't show up until today. It was for 149.99. I guess they've progressed from 74.99 because stealing that amount wasn't enough to suit their lifestyle.
      • 0
        Beth replies to Nolan
        I got the same charge by Digital Star for $149.99 on 2/14. Had to file a fraud complaint with Wells Fargo.
    • 0
      tj replies to Steve
      They also claimed the Zappos hack didn't compromise credit card information, only customer login information, which they just blocked by resetting passwords.

      Amazon has historically kept card data on isolated servers separate from the order taking servers.  This isolation and protection of card data has been built into their systems from the start, since trustability of online ordering was seen by Bezos as critical to becoming the dominant online seller.  When they originally started, reportedly they actually passed information from one server group to the other only via floppy.
  • 0
    Alanis
    I just had the same thing on my account dated around the same time. This is crazy. I've used amazon too but not in a while.
  • 0
    Alanis
    Just checked Amazon & my card was stored there so that could be it.
  • 0
    JBoy
    Same thing just happened to me as well.  I was charged $77.05.  Cancelled card immediately.  I'm in Toronto.
  • 0
    Gary
    It just happened to me too.  BOA account debited $74.95.  They told me to wait for the debit to complete processing and then file a claim.  I too hve bought from Amazon, but not in a long time.  

    I hope they catch the thieves.
  • 0
    Carl
    | 9 replies
    Wife said that Bank of America told her the "purchase" was for theater tickets. Not sure how they would get that info, but interesting nonetheless. I haven't ordered anything from Amazon for quite some time, at least 6 months, but perhaps the card data was stored there. Someone needs to investigate the Amazon common thread though. If our data has been compromised, this would be big news.
    • 0
      RWG replies to Carl
      I called BOA also. But first I looked at the details of this transaction at my BOA online account and it says it right there - theater tickets. I reported it to BOA and the person I spoke to also asked me if I bought theater tickets recently. Got the 79$ charge same as many here with the same phone number on 1/29/12. We just got our statement yesterday and noticed this fraudulent charge.
    • 0
      Jackie replies to Carl
      | 7 replies
      It turns out we called b of a when this happened to her.  The bank told us that they were recycling card numbers that had been canceled after being used by others!!!  Are u kidding me.  These cards could have been used anywhere.  This b of a account is only used because EDD set it up as a place to deposit her unemployment check.  She had no controll over it and it cannotbe changed.  The bank will return her. Only in ten days but in the mean time she is out 149.99.
      • 0
        tj replies to Jackie
        | 6 replies
        Interesting claim by BofA, but doesn't sound relevant.

        It also implies they are providing this debit card service to EDD using these "recycled" numbers, in effect providing a defective product more subject to theft and fraud loss to EDD's clients. The state may be interested in what they are paying for.

        The complaint patterns show:

        1)  The charges are to banks and cards all over the map, VISA and MasterCard, BofA, Citi, CapOne, Chase, credit unions, etc.

        2)  The recent or even long term card usage patterns are also all over the map, some Amazon, some never Amazon, some used online, some never used online, some never used, some business cards, most consumer cards, etc.  

        Both bank pattern and usage pattern appear like a cross section of cards and usage patterns.

        This might be some payment processor or bank hack, but some of the little used cards charged argue even against that.

        This is looking like "pinging", just running through random numbers and expiration dates against some online sites with weak security to see what goes through.  There may actually be no "stolen" card information, just sites that allow charges to be run to "test" the combination of card number and expriation date, maybe even "digital star" itself.  We don't even know if they have used CCV, and in fact, it's not even needed to run through charges, just an additional security measure to protect the merchant, which in this case, appears to be out of business.

        One complaint consistent with this is the report of $1 Amazon "ping" charges that showed up on 3 cards a day before the full "digital star" charges showed up.  

        Amazon has appeared at the center of complaints (yet absent from some), but as the largest processor of payments, that would be expected.  They would, however, have the best information on the fraud pattern, probably even better than the banks, and it is interesting that no other reports of Amazon "pings" have been reported.  Either these show up only for a short time and don't post so people can only catch them for maybe a day, or Amazon may now be blocking that channel.  

        The fact that even one report of "pings" connected to immediately following fraudulent charges (on 3 cards, yet) implies that is at least ONE of the techniques this fraud is using.  It shows that this fraud has the capability to obtain valid card information by "pinging", and has in fact used that technique.

        If this is the case, then the only way to stop it is by shutting down the vulnerabilities that make it possible:  "pinging" sites, and "digital star" itself.

        There may be no practical limit to how many sites are out there that might be allowing "pinging" to test card/exp.date combinations, but the failure of the banks to follow up on these small charges may be creating the vulnerability that allows the real fraud to continue.

        Lacking any effort to deal with blocking "pinging", this will continue as long as the money door is open at "digital star".
        • 0
          tj replies to tj
          The complaint patterns deviate from expected payment processor database information, or even retained merchant (Amazon) information, which should be skewed towards cards actively used.

          This suggests random "pinging" rather than a hack.
        • 0
          Chuck replies to tj
          | 4 replies
          Same thing happen to me on 2/14 I got the 149.99 charge. I was reading about the pings and I did have a dollar ping charge from a speedway gas station the transaction just before the Digital Star charge. I had never heard of this till yesterday when I called the bank.
          • 0
            tj replies to Chuck
            | 3 replies
            Please contact the Secret Service with this information.

            This is the second report of a "ping" immediately preceding fraudulent "digital star" charges.
            The first reported 3 "pings" of $1 each through Amazon, to 3 different cards of the person reporting, removed while they were still pending, then immediately followed the next day by the 3 fraudulent charges to those same 3 cards.

            That is a highly specific indicator of "pinging", caught in the act, just as your report is.

            As evidence, it has high "diagnosticity", essentially an "existence proof" that the perpetrators are using and have the capability to obtain card information by "pinging",

            It cuts through the confusing picture of "where is the hack?", "is it Amazon?" (which lots of people use, ), and explains why the relatively high levels of miscellaneous credit union reports, yet relatively low levels of large banks (compared to their share of the CC market).  

            It also explains the reports of fraudulent charges to unused or not recently used cards, which are also unexpectedly high for fraud based on a hack, which would obtain card numbers being actively used.

            A merchant or payment processor hack should create complaints dominated by the major CC banks, BofA, Citi, Chase, Wells Fargo.  They are there, but not in proportion to their dominant consumer market share, and we see little banks and credit unions showing up above their market share.

            Informally, the statistics argue against a hack, toward pings with frequencies matching the number of different bank prefixes, not the total number of cards per bank.  That raises the probability that even small banks or credit unions might show up.
1234567...192021Next

Post a new comment