An Apple worker may have stolen my credit card number and used it at home depot

[theRick119]

I have bought the iphone, Apple tv, ipod's etc... from apple and always used my debit card well i will not be giving Apple my debit or credit card number ever again. i called to cancel mobile me yesterday with Apple and the lady asked for the last 4 digits of my card number to make sure she was crediting the right account so I gave it to her. Two hours later I look at my checking account and had a charge to a home depot 20 miles from Apple's headquarters in CA show up on my account. The purchase was made from a computer or with the help of a home depot employee. some Apple employee stole my debit card number. The police and home depot are investigation and are trying to get the IP address of the idiot who did this so they can arrest them.

Just wanted to let people know that someone at Apple is stealing cards and getting away with it for now but hopefully not for long. Be careful!

<!-- wife used my account and posted this. i changed to a more appropriate thread title and followed up with my own thoughts below -->

 

[noodle654]

People these days are really stupid. Do they think people dont notice things that they didnt buy?

 

[iToaster]

That is unfortunate, however, it's not as if Apple is instructing its employees to do so... I'd call this a rotten apple among the good ones.

 

[question fear]

Yea i'd say thats a fluke/security breach more than Apple trying to fix stuff using home depot on your dime.

 

[iMacZealot]

That is unfortunate, however, it's not as if Apple is instructing its employees to do so... I'd call this a rotten apple among the good ones.

I agree. I also wouldn't have this experience stop you from giving Apple your debit card number again, as this could happen at any retail establishment, not just Apple.

 

[Markleshark]

So Apple is the only company you've ever, ever, ever used your card with?

 

[Duff-Man]

Duff-Man says...agreed - this is not simply an "Apple" problem but something that could happen anywhere at anytime when you use your card. To come on here and say "don't use your card with Apple" is inflammatory and irresponsible. Insinuating that Apple as a company is to blame for what is *unproven* is absurd. Careful - making statements like that could get *you* into trouble too....oh yeah!

 

[mcarnes]

I blame home depot. I always blame home depot.

 

[Surely]

That's sh*tty.

But your thread title should really be:

Beware of Apple any workers stealing your credit card number and using it.

I've even scratched off the 3 digit codes on the back of my cards and memorized them to be sure that they can't be used for online purchases by anyone besides me.

You have to be careful and check your statement online daily to catch any questionable charges before they occur.

 

[Sun Baked]

Must have been an intern, damn them ...

 

[theRick119]

To come on here and say "don't use your card with Apple" is inflammatory and irresponsible. Insinuating that Apple as a company is to blame for what is *unproven* is absurd. Careful - making statements like that could get *you* into trouble too....oh yeah!

my wife better be careful... coming on here and posting with my account and not disclosing her identity.

Now with that out of the way, it was my debit card this happened to, not hers.

That said, she said "i will not be giving Apple my debit or credit card number ever again." Awesome that you were trying to be clever though. Better luck next time perhaps.

Now on to the next point as proposed by a couple others here...

as this could happen at any retail establishment, not just Apple.

That is simply not true. I personally work for a retail web dealer and not a single one of our employees, not even our accountant, has access to customer credit card numbers. If we ever need to credit back an order or add to an existing order we have to use a transaction reference number and complete the charge with it. It would be impossible for an employee to pull something like this off in the company I work for.

Our company is PCI DSS compliant and has restricted physical access to cardholder information and have assigned a unique ID to each person who has computer access and track and monitor all access to sensitive data. If Apple were found to be outside PCI compliance they could be audited, fined and stripped of their ability to process credit cards. Obviously this is the extreme end of what could happen, but its an industry standard requirement.

We still do not know for certain that it was an Apple employee or that they are not PCI DSS compliant, but everything that we know so far raises major flags.

My wife jumped the gun here, but if it was an Apple employee then Apple really needs to step up their game. They need only look at TJ Maxx / Marshalls to see what can happen when a company doesn't secure their customer's personal information.

 

[scotthayes]

You may also want to point out No. 8 on the instantly bannable offences list to your wife


Just because your card was used in a home depot store near Apples head office doesn't mean you can jump to the conclusion it was an Apple employee.

 

[theRick119]

Just because your card was used in a home depot store near Apples head office doesn't mean you can jump to the conclusion it was an Apple employee.

I think I pretty well covered that in my previous post.

And its hardly jumping to a conclusion. I had not used my debit card for any other purchase than the Mobile Me and the Apple TV outside of local gas stations and grocery stores. Our iPods and iPhones were not purchased with my debit card and were not even purchased from Apple.

I've also received solid information from the lost prevention department at Home Depot that further dilutes the doubt.

Just because I can not yet prove it does not mean that I can't draw logical assumptions.

Now I would not have chosen my wife's approach to this topic, but just the same companies are responsible for their employees.

 

[angelneo]

You did use your card at grocery stores and gas stations. Wouldn't it be possible that when someone swipes your card, they memorize all the numbers? You are jumping to conclusion, wait for the police report is out, you should have a clearer picture.

 

[r1ch4rd]

You did use your card at grocery stores and gas stations. Wouldn't it be possible that when someone swipes your card, they memorize all the numbers? You are jumping to conclusion, wait for the police report is out, you should have a clearer picture.

I agree, it's more likely that someone who physically had access to your card managed to swipe the strip and then use that information. Smaller businesses are also less likely to have procedures in place to stop that sort of thing.

 

[rdowns]

Does Apple even have call centers in Cupertino? Pretty sure they are in Texas and New Mexico.

 

[és:]

You may also want to point out No. 8 on the instantly bannable offences list to your wife

Come on, Scott. Let the mods do the moderating

 

[Gray-Wolf]

To the OP, change your password here,and she can't log in. And log out yourself when you leave the forum. That will cure that issue.

 

[MacDawg]

my wife better be careful... coming on here and posting with my account and not disclosing her identity.

Sounds to me like you are at greater risk giving your password to your wife
than you are giving the last 4 digits of your debit card to Apple

Woof, Woof - Dawg

 

[JNB]

That is simply not true. I personally work for a retail web dealer and not a single one of our employees, not even our accountant, has access to customer credit card numbers. If we ever need to credit back an order or add to an existing order we have to use a transaction reference number and complete the charge with it. It would be impossible for an employee to pull something like this off in the company I work for.

Our company is PCI DSS compliant and has restricted physical access to cardholder information and have assigned a unique ID to each person who has computer access and track and monitor all access to sensitive data. If Apple were found to be outside PCI compliance they could be audited, fined and stripped of their ability to process credit cards. Obviously this is the extreme end of what could happen, but its an industry standard requirement.

We still do not know for certain that it was an Apple employee or that they are not PCI DSS compliant, but everything that we know so far raises major flags.

I got hit with three $500 charges at a casino on the other side of the Valley from me. Who did I blame? The person that did it, not the company they work for (whoever that may be). I certainly didn't start publicly challenging anyone without actual evidence (suspicion and coincidence don't count). The list of potentials is too large to care about. Identity theft and fraud are endemic, and you are bound to be hit by it sooner or later. DSS doesn't provide a cure, just a mitigation procedure.

My company sits on the PCI Security Standards Council (and in our market space, the only one to do so). First, remember that PCI DSS is an industry standard, not a law, and entirely voluntary (and may be gained through self-assessment). The PCI Organization has no authority or power to do anything to any member not in compliance, other than take away their membership card. The major processors will likely not stop doing business with someone not in compliance, but individual business or customers might. The CCP's simply want that Merchant Agreement--they make money from it. All that being said, regardless of a merchant's level of compliance, PCI DSS is not foolproof, and an individual card's data is exposed hundreds of times a day with or without DSS.

Whether or not Apple is in compliance--and I suspect they are, or they would be a source of more than one (or a handful) of fraudulent charges--is not the issue here. The fact is, you're leading with your chin on this. I might suggest you wait for a resolution and documentary proof before your decide what the story turned out to be.

 

[theRick119]

I agree, it's more likely that someone who physically had access to your card managed to swipe the strip and then use that information. Smaller businesses are also less likely to have procedures in place to stop that sort of thing.

When is the last time you used a debit card at a gas station or grocery store?

A cashier at a grocery store or gas station hasn't handled any of my cards in years.

Further more the charge occurred over 2,000 miles from where I live.

Is it possible that some manager at a gas station I went to sold the card number and my billing information to someone in California? I suppose it is, but highly unlikely that they would have had all of the billing information that the person who placed this Home Depot order possessed.

The person that did it, not the company they work for (whoever that may be). I certainly didn't start publicly challenging anyone without actual evidence...
I might suggest you wait for a resolution and documentary proof before your decide what the story turned out to be.

As I mentioned previously posting this on here would not have been a decision I would have made.

Now that it has been posted though I will respond to some of the ignorant comments that are being posted in here (yours excluded).

That being said, I have not publicly challenged Apple in this thread, but I do not need documentary proof to form a theory of how the situation occurred. All I have stated is that theory.

Just because you wouldn't put any blame on the company doesn't mean they don't have any. I wouldn't go there, but there are plenty of case logs out there that challenge the company.

Now again, I wouldn't have even posted this here so I will make that my last post on the subject.

 

[Markleshark]

Is it possible that some manager at a gas station I went to sold the card number and my billing information to someone in California? I suppose it is, but highly unlikely that they would have had all of the billing information that the person who placed this Home Depot order possessed.

Why not? I promise, after working in retail for 3 years, if you used your card they have enough information. Simple as that. No 2 ways about it I'm afraid.

 

[r1ch4rd]

If you don't use your card at many shops or online etc. I would assume that you use it at the ATM? This is probably the most likely time that someone would get your details. A friend of mine had his card cloned a number of times after people put reading devices on the cash machines near his house.

Once people have a list of credit card numbers it is usually easier for them to sell them than to make cloned cards themselves. Selling over the internet it is easy to imagine the buyer being 2000 miles away. Being near Apple may just be a coincidence.

 

[Gray-Wolf]

From the Op,

Further more the charge occurred over 2,000 miles from where I live.

Is it possible that some manager at a gas station I went to sold the card number and my billing information to someone in California? I suppose it is, but highly unlikely that they would have had all of the billing information that the person who placed this Home Depot order possessed.

There is another area you need to consider. The person who used your card number, may have gotten a card from your bank. I had the same issue. The cleaned out my account, with a replacement card, that I had requested, but never received. I still believe the postal service had a hand in that one. Fortunate for me, the false charges occurred at the exact time I used my card here in Georgia. They canceled the cards and sent me new ones and I change my pin number too.

 

[themadchemist]

I think it's unreasonable the extent to which people are attacking the OP. I'm sorry this happened to you and if it is an Apple employee that did this while handling a transaction with the company, the responsibility does, at least in part, fall to the company. I hope you're able to resolve the matter without too much of a headache.