Concerned about credit card security at GP
 

I posted a few days ago about fraudulent charges I experienced on a credit card after I had emailed that credit card information to GP when requesting tickets on June 24. The fraudulant charges were made to my card on June 28.

Today I received my credit card bill for my American Express card, the card I usually use, only to find out that someone had fraudulently charged $1498 to Staples in Florida on June 16 on my card. The charge prior to that fraudulent charge was for some taxes and ticketing charges to GP in Miami on June 14. Surprisingly, they only used my card that one time. Like I've done many times before, I had given GP my credit card information over the phone for necessary ticketing charges.

Both accounts have been closed but I'm very concerned about the security of credit card information at GP. The fact that 2 of my credit cards were compromised after contacting GP seems very suspicious. I plan to write a letter over the weekend to John Jackson about this situation.

Note: Check your credit cards carefully if you've supplied that information to GP recently to ensure that someone else isn't using your credit card number.

Im surprised and something isnt right. Ill suspect that the Staples charge was either a call in or by internet but they usually ask for the 4 digit security code, which GP in the past didnt ask of me. Did you supply GP the secuirty code on your card?

No I didn't

If thats the case and AMEX held me to any part of the charge to pay, Id complain to Staples for not getting the 4 digit security code and have them pay what Amex charged you. If they have the code then you'll know it wasnt via GP that they got ahold of it. also since it doesnt look like a walk in then Staples had to ship the stuff somewhere and who signed for it? and where did they ship it?

if it was a walk-in they should have gotten the prsons ID, most of the time in CA & FL Im asked for my Photo ID even on a $3 purchase. In NY I can buy something for $1000 and Im not asked for my ID.

I used my Amex online to buy Global Pass miles (now apparently usless). A week later my account had 3 charges from South Carolina from Gap and Marshalls totaling about $1,500. Amex fraud dept. called me, and then cancelled the card. I still have the actual card in my posession. I guess someone cloned the card. BTW, it was a replacement card which I received only last week for a defective card. Perhaps that is a factor.

If someone is actually making up a clone card will CC still hold you to the $50 limit, Id think that since the store didnt check the ID that the vendor should be held responsible. Unless they made up some fake ID also but unless they are going to spend alot of $$$ I would have thought that it wouldnt be worth the time and effort. Could be Im wrong.

Both credit cards customer service departments assured me that I am not responsible for the charges that are not mine. Both have started investigating the frauds. I have to sign some sort of paperwork for the Mastercard fraud, that was sent out on Thursday, and Amex has already credited the Staples charge, so I don't have to pay for that either. According to both Customer Service departments, I'm not liable for any fraudulant charges, not even the first $50. Evidently the merchants are responsible.

GREAT to hear that. Although the fact that it happened in the 1st place is still problematic. It would mean having to change alot of my automatic billing to reflect the new card # etc. A hassle that everyone can live w/o.

I still dont know why everyone doesnt insist on the security code as that would have stopped them cold, and if they went in person with a cloned card then wanting a Drivers License would have stopped that or a passport if they claimed that they didnt have a License, to an extent the stores deserve the charge backs and the loss for not having taken the proper measures to Protect not only the card holders but themselves as well.

GP Messages are not secure
 

GP's "My Messages" is NOTsecure. I don't know what the problem is, but I have been able to pull up a bunch of other people's messages to GP when I sought to look at my messages. I saw credit card information for a couple of individuals who were trying to request awards. I wasn't able to identify the individuals by a Flyertalk handle using city location, or I would have PM'd the individuals. I probably should have let GP know that there was a problem. If you've had a problem, you should let GP know of the problem with their Messages. I was afraid that they might shut down their whole message system and wouldn't communicate any further with us regarding award tickets!

So then a member of Gp could have done what you did and then went out and used the CC # to make the purchases that vandykes an dothers found was happening.
I do hope that it wasnt being done by any one who is affliated to these boards

I finally sent an email to John Jackson this morning about the probable credit card security breach at GP. Within the hour I received the following response from Mr. Jackson. It sounds as if they were not aware of any problems and appreciated the "heads up."


Dear Mrs. Van Dyke.

Thank you very much for bring this incident to our attention. Our customer’s privacy and security is one of our foremost concerns and has top priority in the handling of our customer’s transactions.

We are not aware of any security breaches in our application and our IT Department will investigate immediately to see if indeed we have a problem. Again, thanks for bringing this to my attention. We will advise you of our findings.

Sincerely,

John Jackson
Senior V.P. Marketing