said by deanhuff :It was their parent company "Hannaford", which Sweetbay Supermarkets is one of their stores, but I do believe many of their other chains are affected as well.
I saw on the news that a local grocer called Sweetbay had a security breach and gave out a bunch of card numbers. Sure enough, I had 1 Sweetbay transaction in early December.
a time for change... | 1st & 10 | Ham is good
|reply to deanhuff |
said by deanhuff :I assume the "M BAR C RANCH" appeared first, that would be a "ping" charge to validate the account. I wonder if these people »www.m-bar-c.org/ have a merchant account that was hacked.
Add another for MICHAEL P HAMILTON $9.64 on 03/15/2008. Bank of America gave me a new account number and re-imbursed the money.
I also had another charge for around $3 from "M BAR C RANCH" in Pending state but never posted. ......
[EDIT= They do have a merchant account: »payments.auctionpay.com/ver3/?id=w038846 ]
said by deanhuff :I am fairly certain that the Hannaford data would not be sufficient to be proccessed for this CNP type of fraud transactions. "IF", what Hannaford's reps stated is true, that customers names were NOT intercepted, then the data that the hackers got was the TRACK 2 card data. That would only enable them to use the data for fraudulent POS (Point of Sale) transactions. Typically that data is encoded on to white stock" and used where the card is not presented, e.g. gas stations etc. A common cheap method that they can use the stolen data for store POS fraud purchases is to clone the data on to used VISA / MC branded gift cards. That way they can be presented and swiped without causing suspicion.
.....I saw on the news that a local grocer called Sweetbay had a security breach and gave out a bunch of card numbers. Sure enough, I had 1 Sweetbay transaction in early December.
I have not seen any reports yet of the specific fraud use of the 1,800 victims of the Hannaford data so far. If the type of data leaked is correct, fraud use should be limited to POS transactions.
Up until your card was replaced, you could have been the victim of fraud from that as well. However, for an online CNP transaction, the full name and address would have been needed, along with the CVV2 security code. The security code is only printed on the card, and is not embedded in any of the track magnetic data.
A merchant gateway account for an online only entiity, such as these scams, will usually require the use of (AVS) and (CVV2) to restrict fraud. »en.wikipedia.org/wiki/Address_Ve···n_System