[ale] Anyone know of a security breach at CarFax?

neal at mnopltd.com neal at mnopltd.com
Wed Jan 1 11:45:58 EST 2020


I agree on the danger of debit cards.  Here's another fun fact: HSA 
(Health Savings Account) cards are supposed to be debit with a PIN 
required, but often can be run as a credit card.  Now, you'd think a 
Health Savings Account could only be used by a health provider, but... 
no.

I have an Amazon credit card, which I normally only use ON AMAZON 
website.  So, it's an interesting control group.  Unless Amazon's online 
internal payment system is compromised, when I get a fraud alert, I can 
usually pin down the source, since I rarely use it elsewhere.

Thus far, the two fraud leakages have been:
- the day after we bought Italian train tickets on Trenitalia.
- the day after we bought Marta tickets at the airport.

Still waiting on reply from Marta...

regards,

Neal

On 2019-12-31 07:52, Lightner, Jeffrey via Ale wrote:
> Debit?
> 
> I never use my debit card except at ATMs.   Giving people direct
> access to my bank account that way means I’m out the money until I
> can get it back later and risk other fees from things hitting while
> the cash is gone.   With a credit card they can (and once did for
> $20k) take money in withdrawals without me ever having to pay and
> “recover” the money.   Still stressful to deal with the credit
> card fraud but no direct access to my money meant I didn’t have to
> worry about bounced checks or lack of access to pay bills.
> 
> For similar reasons I don’t setup automatic payments at sites like
> utility, mortgage and other “legitimate” companies.   It makes
> more sense to me to setup payments at online bill pay at my bank.
> I’m less concerned about the bank knowing my Georgia Power and other
> account numbers than I would be for those others to know my bank
> account number.   More than once I’ve heard people complain because
> someone hit them with an unexpected or duplicate debit from companies
> they’ve setup automatic payments with.   “Oops we’re sorry”
> doesn’t cover it and in most cases and one doesn’t get back such
> debits because there’s a future payment coming so they don’t see
> the need to reverse it.
> 
> P.S.  I see CarFax had a major data breach in 2017 but nothing more
> recent has been reported…yet.
> https://oppositelock.kinja.com/carfax-data-breach-could-affect-50-million-american-car-1818840505
> 
> 
> FROM: Ale <ale-bounces at ale.org> ON BEHALF OF Leam Hall via Ale
> SENT: Monday, December 30, 2019 8:10 PM
> TO: Atlanta Linux Enthusiasts <ale at ale.org>
> SUBJECT: [ale] Anyone know of a security breach at CarFax?
> 
> Just had someone use my PayPal card for PostMates. One of the few new
> vendors I've used the debit card with was CarFax. Most everything else
> has been supporting my unhealthy relationship with Amazon...
> 
> PayPal the company is already sending a new card; yay!
> 
> Leam
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


More information about the Ale mailing list