• The rules for The Exchange can be found here. Please read and follow them. Stop using Paypal Friends & Family and follow our best practices to prevent getting ripped off or having a bad deal.

Bad BHQ Customer Credit Card Data Breach 2021

000Robert said:
I've had a debit card hacked 2 times and I was reimbursed both times. It took a couple of days to get my money back but it wasn't a big deal.
Click to expand...
I have been as well with my Paypal debit card. Most seem to be tied to either Visa or Mastercard and if used as a credit purchase seem to be covered. A scammer/thief is usually not able to get the pin as well so likley uses it as a credit charge.

As for the month delay BHQ probably didn't know until the card numbers got used and customers noticed which may take a while.
 
Heirphoto said:
As for the month delay BHQ probably didn't know until the card numbers got used and customers noticed which may take a while.
Click to expand...
That's generally NOT how it works. Nobody ever knows for sure how/when/where their card got compromised, neither do the card companies.

In this case, it appears that BHQ found the malware themselves (they don't say for sure) and took awhile to get it all sorted. I'm sure they wanted to be 100% confident that they had all the information before alerting their customers, with the potential backlash this has. It would be pretty dumb to do that if it turned out to be nothing.

My card was never used anywhere (nor was it ever attempted), but better safe than sorry. Most card companies would MUCH rather issue you a new card than have to deal with fraudulent charges.
 
rhino said:
You're fortunate. Not all banks will do that and in most cases they are not obligated to do so. Credit cards offer far more protection across the board to consumers and don't really have a down side if you pay your balance each month.
Click to expand...

I think it's both credit or debit. A lot of times I am asked if I want to run the card as credit, or debit. I don't know all of the particulars, I just know that I get reimbursed for fraudulent charges and my bank always goes to bat for me.
 
I’m sorry if this has already been asked,

If I had a card stored in their system and used it, am I compromised? I did not get the email and from the way they word it, you would have to has used a new card or changed the one you already had? Thanks
 
Anderdale said:
I’m sorry if this has already been asked,

If I had a card stored in their system and used it, am I compromised? I did not get the email and from the way they word it, you would have to has used a new card or changed the one you already had? Thanks
Click to expand...

I'm in a similar boat. Used my card outside of the supposed period that the card skimming was happening,and didn't change my card info, but am having my card replaced anyways. They say it only effects those who changed their card data but they don't substantiate that claim with any evidence. I like BHQ but I will certainly be uneasy purchasing from them again in the future if I choose to do so.
 
SpyderPhreak said:
That's generally NOT how it works. Nobody ever knows for sure how/when/where their card got compromised, neither do the card companies.

In this case, it appears that BHQ found the malware themselves (they don't say for sure) and took awhile to get it all sorted. I'm sure they wanted to be 100% confident that they had all the information before alerting their customers, with the potential backlash this has. It would be pretty dumb to do that if it turned out to be nothing.

My card was never used anywhere (nor was it ever attempted), but better safe than sorry. Most card companies would MUCH rather issue you a new card than have to deal with fraudulent charges.
Click to expand...

My Paypal debit card was hacked about 3 weeks ago and I didn't know till I got 3 charges of over $1800 from an online wine vendor. That card only got used 2 places in the past few months, both small local businesses in which I knew the owners. In one I did a phone purchase so gave the number, etc.. to an (new) employee and in the second the card was run by an employee out of my sight. Needless to say I will not be doing any phone orders with them going forward and in the other I have only used cash since. I never store my card info on any websites and it is only used for very specific business purchases. I notified them as to what happened in case there were other instances. Between Paypal and the vendor who received the hacked cards purchases I had funds back within days and a new card in a week. Unless my info was stolen months ago and not used till recently (a possibiity) it had to be one of those spots or Paypal themselves was hacked.

Many people (here even) mentioned having cards used for specific purposes as I do and in those cases it is not too hard to at least narrow the search down to just a few spots.
 
Heirphoto said:
Unless my info was stolen months ago and not used till recently (a possibiity) it had to be one of those spots or Paypal themselves was hacked.
Click to expand...

This exactly proves the point I was trying to make.
SpyderPhreak said:
Nobody ever knows for sure how/when/where their card got compromised, neither do the card companies.
Click to expand...
It appears there were 3 (or 4?) possibilities in your case that you just mentioned.

Another possible point of compromise you hadn't considered is at the credit card processors. That's happening quite a lot these days apparently (up to this event, this was where I got hit the last three times 2 of my cards have been compromised), so it's just another one that's completely out of your control. In that case, it doesn't even matter where you used you card, if it was in-person or online, the transaction could wind up at the same place. Sux.
 
The Aflac Duck said:
Cool, this is also a public forum that allows public response. It’s a question that others should know the answer to.
Click to expand...

It’s better to get a jump on it rather than wait around for a public response don’t you think? At least that’s what I’d be doing if I thought my info was potentially compromised.

They’re most likely handling a lot more cases that happened outside of Blade Forum members’ purchases so this forum isn’t their #1 concern, but they have the number to call.

Then you can post your experience for others to see and that could help them out.
 
Jsega51 said:
It’s better to get a jump on it rather than wait around for a public response don’t you think? At least that’s what I’d be doing if I thought my info was potentially compromised.

They’re most likely handling a lot more cases that happened outside of Blade Forum members’ purchases so this forum isn’t their #1 concern, but they have the number to call.

Then you can post your experience for others to see and that could help them out.
Click to expand...

No thanks. I’ve done my part to make sure my info is secure, but they can come here and guarantee us that anything placed before their date range isn’t also compromised. It’s not my job to baby sit a company. Feel free to do so yourself.
 
I liked it when Discover Card used to have a feature where you could generate a unique, one time use number for each vendor or transaction. Not only could it not be used anywhere else, it someone tried to reuse it, there was a much better idea of where the stolen information originated.
 
rhino said:
I liked it when Discover Card used to have a feature where you could generate a unique, one time use number for each vendor or transaction. Not only could it not be used anywhere else, it someone tried to reuse it, there was a much better idea of where the stolen information originated.
Click to expand...
My cc company has that feature. They call it a "Virtual Account Number". (VAN) You generate the number on your cc account during the checkout process on the website that you're buying from. You have a screen open for the vendor and a screen open for your cc account. When you get to the point at checkout where it asks for your cc information you generate the VAN. Then type it in and complete the purchase.

The Virtual Account Number expires immediately after the transaction so it only exists for as long as it takes you to generate it and make the purchase. Roughly about 30 seconds.

I've been wanting a knife from BladeHQ and I bought one last night even though I knew about this hack. I felt confident using the VAN for the transaction.
 
I was confused about the liability when using a (visa/mastercard) debit card versus a credit card. I always thought the protections were the same from the card issuer. Hearing it was not in this thread led me to do a quick search. Here's the source and what I found: NOLO.COM

With ATM or debit cards, you must act quickly in order to avoid full liability for unauthorized charges when your card is lost or stolen. Under the federal Electronic Fund Transfer Act, your liability is:

  • $0 if you report the loss or theft of the card immediately and before any unauthorized charges are made.
  • up to $50 if you notify the bank within two business days after you realize the card is missing
  • up to $500 if you fail to notify the bank within two business days after you realize the card is missing, but do notify the bank within 60 days after your bank statement is mailed to you listing the unauthorized withdrawals, or
  • unlimited if you fail to notify the bank within 60 days after your bank statement is mailed to you listing the unauthorized withdrawals. (15 U.S. Code § 1693g).
If you can convince the bank that your notification failure was due to extenuating circumstances, it must extend the notification timeline for a "reasonable period."

If your card wasn't lost or stolen, but the number is used for unauthorized transactions, you aren't liable for those transactions so long as you report them within 60 days of the statement being sent to you.
Click to expand...


In this case the numbers were stolen on the debit cards not the cards themselves so there would be no liability for the unauthorized transactions as long as they're reported within 60 days. That link above also has information about fraudulent use of credit cards if anyone is interested.
 
I am not a BHQ customer (not because of anything untoward, I just have others I go to) so I am not impacted by this whole business - I hope everyone who has been, gets sorted though.

I did want to comment with regards to banking and such. Knowing your bank's and/or financial institution's policies with regards to fraud, identity theft, etc. is really important. A number of years ago, my debit card was compromised and my account was cleaned out (about $4k within just an hour or two). I had a coffee mid-morning that I bought and then went to order lunch and everything was locked down. A call into my credit union confirmed that someone went on a spending spree with my card in Hollywood. The bank confirmed the fraudulent charges with me, issued me a temporary refund that was contingent on the results of their investigation, and I stopped at the bank where they issued me a new card.

Something similar happened to my sister-in-law a bit later and her bank froze her accounts for several days. Aside from becoming quite angry at some thieving schmuck and my buddy having to buy my lunch, my life went on as usual because my bank took care of me right away. Bank with institutions that care about you and not just your money - in a world where digital crime is rampant, it can make all the difference.
 
Surprised no one's mentioned this, but I do all my online transactions with a pre-paid debit card linked to Paypal. If hacked, you only lose whatever amount you originally paid for the card (which includes the $5-$6 dollar fee, which I just consider the cost of insurance, and most of these cards limit you to $500 max.) As far as I know, you can succesfully dispute any unauthorized charges with the company that issued the card.

There can be problems using these cards with certain vendors whose systems won't accept them, but that can usually be solved with a follow-up call to the vendor.
 
You must log in or register to reply here.
Back
Top