In the past week I've had fraudulent charges post on 2 different credit cards of mine. I've been scratching my head on this and it seems the only recent purchases that aren't "typical" for me (on 2 different cards) are related to buying wine from several wineries. Has anyone else had this happen recently? Could we crowd source a common entity? Or maybe my usual shopping sites are the culprit... Just a total shot in the dark, really but thought I'd ask the community at large.
[MOD EDIT: added update as of 2/14/20]
bryan flannery wrote: ↑February 14th, 2020, 2:38 pm
Hi All, I want to give you an update on what is going on with regards to" the fine mess I've gotten you all in" ! We hired 3 companies to look at each facet of our process; ingress, the platform, and egress. We have identified the problem and removed it. Somehow, a script was added at the egress side ( where the CC info is sent to the card processor). This script effectively made a copy of the card data and at the point where the website sent the billing information to the card processor; it simultaneously diverted the copy to the bad guys. We are now in the process of determining how and when the script got added in the first place; so for this reason, the website is still locked down. We have blocked all of the cards in storage at the processing company, so for any who might have tried to order and were told you card was not accepted, that's the reason. We won't open the site back up until we are absolutely secure- if anyone wants anything in the meantime, call us directly and we'll take care of you. Once again, our sincere apologies for this inconvenience, and we'll keep everyone posted on progress towards a solution. Happy Valentine's Day to everyone! Bryan and Katie
[Mod edit: added Flannery response]
bryan flannery wrote: ↑February 10th, 2020, 5:32 pm
Hi all, I am just seeing this thread now, and want to address as best we can. Last week Amex reached out and said that they were researching potential fraud with cards used prior on our website. We immediately reached out to our payment gateway company (Authorize.net). They did not indicate anything definitive, so we hired an approved scanning vendor to run a full audit of our web site. This is underway right now, but I don't know any results if any yet. We are taking this very seriously, and as we find out more, will post here. To err on the safe side, we are currently gathering all emails of customers who purchased from us on BD to send a note to apprise them of this situation. For those of you who don't already have it, my cell # is 415-819-4366; i'm happy to speak directly with any and all. My sincere apologies for whatever is happening. Bryan
Last edited by David McMillen on February 10th, 2020, 4:33 pm, edited 1 time in total.
I've had this happen recently on a brand new credit card that was 9 days old (after getting a replacement because of suspected fraud) and after using it at maybe 5 physical stores and 5 online wine shops... They had my credit card number and street address and used it in combination with someone else's Ticketmaster account to buy expensive Sacramento Kings tickets.
All resolved with the credit card company and Ticketmaster, but thought it's worth sharing.
Hmm. Coincidence? David and Andy -- you guys should compare lists of wineries. Also, do they possibly share some backend software or transaction processor for their sales?
I'm always a bit nervous about giving my credit card info to small businesses (such as wineries) because I suspect many do not have very robust security.
I actually had a fraud on my CC on the Wed or Th after BD10. They attempted a $0.85 charge at some sort of "restaurant" in CA. Can't recall the name of the town. Nowhere I'd ever heard of. I initially thought it could have been related to BD10 purchases but I use my CC a lot in general (online and in person) so it would be hard to pinpoint where the fraud could have originated.
We had a card replacement about a week and a half ago. The attempted charges which our CC company flagged were in the midwest somewhere.
It's a card we use a lot, so I'm not sure it's any of the wine-related places it was on file (listed below), but just in case there is a pattern to be found:
K&L
Benchmark
Tercero
John Morris wrote: ↑February 10th, 2020, 11:45 am
Hmm. Coincidence? David and Andy -- you guys should compare lists of wineries. Also, do they possibly share some backend software or transaction processor for their sales?
I'm always a bit nervous about giving my credit card info to small businesses (such as wineries) because I suspect many do not have very robust security.
Not that big business's record has been great.
My card was compromised last year but I have no clue how.
I’ve wondered about the common winery back end. When I search my email for certain producers other wineries that appear to be using the same backend software also pop up. Anyone know why that is?
Scott Goodwin wrote: ↑February 10th, 2020, 12:16 pm
I actually had a fraud on my CC on the Wed or Th after BD10. They attempted a $0.85 charge at some sort of "restaurant" in CA. Can't recall the name of the town. Nowhere I'd ever heard of. I initially thought it could have been related to BD10 purchases but I use my CC a lot in general (online and in person) so it would be hard to pinpoint where the fraud could have originated.
Woa. I had the same thing!!
Chase flagged it as fraud and called me.
Wow. Maybe we're on to something, (or maybe coincidence?). I hate to publicly post entities because I don't want to tarnish any names, but 1 place I purchased from has been named already in this thread. In my original post I made the mistake of not saying my unusual purchases were from wineries, online wine stores, and a BD purveyor. That said, I bet most companies are under cyber attack constantly so not sure all this will help much.
AndyK wrote: ↑February 10th, 2020, 10:50 am
I've had this happen recently on a brand new credit card that was 9 days old (after getting a replacement because of suspected fraud) and after using it at maybe 5 physical stores and 5 online wine shops... They had my credit card number and street address and used it in combination with someone else's Ticketmaster account to buy expensive Sacramento Kings tickets.
All resolved with the credit card company and Ticketmaster, but thought it's worth sharing.
I also had this happen to me, with an non-new card. A random charge of over $900 from Ticketmaster appeared with the description of Sacramento Kings, but then the charge was refunded/reversed the next day...
Last edited by Frank Z on February 10th, 2020, 1:55 pm, edited 1 time in total.
JDavisRoby wrote: ↑February 10th, 2020, 12:56 pm
I’ve wondered about the common winery back end. When I search my email for certain producers other wineries that appear to be using the same backend software also pop up. Anyone know why that is?
It might not just be software that a winery uses. The sales part of their website might actually be run by some other company that furnishes that service to wineries.
AndyK wrote: ↑February 10th, 2020, 10:50 am
I've had this happen recently on a brand new credit card that was 9 days old (after getting a replacement because of suspected fraud) and after using it at maybe 5 physical stores and 5 online wine shops... They had my credit card number and street address and used it in combination with someone else's Ticketmaster account to buy expensive Sacramento Kings tickets.
All resolved with the credit card company and Ticketmaster, but thought it's worth sharing.
I also had this happen to me, with an non-new card. A random charge of over $900 from Ticketmaster appeared with the description of Sacramento Kings, but then the charge was refunded/reversed the next day...
Interesting... Same charge here, $950 and change. Ticketmaster refunded and clearly identified as fraud, Chase closed my card and sent me yet another new one.
Not trying to call out anyone or suggesting their website or partner website was hijacked, but here's the list of wine related stores I've used my credit card in the 9 days I've had it before the fraud occurred: Crush, Flannery, wine.com, Ceritas.
AndyK wrote: ↑February 10th, 2020, 10:50 am
I've had this happen recently on a brand new credit card that was 9 days old (after getting a replacement because of suspected fraud) and after using it at maybe 5 physical stores and 5 online wine shops... They had my credit card number and street address and used it in combination with someone else's Ticketmaster account to buy expensive Sacramento Kings tickets.
All resolved with the credit card company and Ticketmaster, but thought it's worth sharing.
I also had this happen to me, with an non-new card. A random charge of over $900 from Ticketmaster appeared with the description of Sacramento Kings, but then the charge was refunded/reversed the next day...
Interesting... Same charge here, $950 and change. Ticketmaster refunded and clearly identified as fraud, Chase closed my card and sent me yet another new one.
Not trying to call out anyone or suggesting their website or partner website was hijacked, but here's the list of wine related stores I've used my credit card in the 9 days I've had it before the fraud occurred: Crush, Flannery, wine.com, Ceritas.
Mine was also a Chase card and I requested a replacement as well (the charge was on 2/1, refunded on the 2/2). And as for stores I used mine at: Starbucks, Amazon, and Flannery... hmm..
Mine was a Citibank card and I purchased from Flannery, also. Citibank called me regarding a bogus $78 hotel (I think the business was something like HotelTonight, the reviews are brutal) charge in San Francisco.
Not sure it's Flannery but that's one of the merchants I bought from during BD. Got $0.1 from Wilborniti Turkey Run US last Thursday, then $600+ from GB which Citi marked as fraud and contacted me immediately.
Ethan Abraham wrote: ↑February 10th, 2020, 2:23 pm
Me too. I sent them an email to alert them.
5 people so far. I tried calling them multiple times and left a voice mail
I sent Bryan a text as well. Nothing is conclusive or definitive as everything still may in fact be coincidental, but just wanted to make sure that they're aware.
Shoot.. i do not mean to bash on Flannery.. freakin' loved the meat.. i was just shocked someone had the same thing happen as me.. (80 some cents from a restaurant in CA).. and I only made one purchase on BD. Looking at my statement, that's the only 'unusual' purchase i made within about a 10 day window (the rest are common lunch spots near work, etc).
Mine was Flannery as well that same day. The fraud was from Ticketmaster for SB Music Festival $464 (super bowl or santa barbara music festival). I am still debating with the bank. I call immediately it appeared as approved, but not billed. Ticketmaster never responded me.
Not trying to bash Flannery and hoping it’s not them as I have purchased multiple times in the past with no issues and live their product, but based on the data points from this thread, there is zero reason to believe it’s not them or one of their partners...
Orlando De Jesus wrote: ↑February 10th, 2020, 3:21 pm
Mine was Flannery as well that same day. The fraud was from Ticketmaster for SB Music Festival $464 (super bowl or santa barbara music festival). I am still debating with the bank. I call immediately it appeared as approved, but not billed. Ticketmaster never responded me.
Call Ticketmaster, they were very responsive and called me back the same day
Probably unrelated, but there was fraud on my card for the first time in a long time (or that I can remember) on 1/17/20 when someone tried to buy a little under $300 worth of goods at a place called Winter Kids Online. The only wine store related purchase I made anywhere around that time was at K&L (online) a few days prior.
I'm thinking it's just coincidence, but I figured I'd share just in case there's a trend.
I have had several cards scammed, most of the problems were gas purchases at stations on the road. One was at a restaurant where they take the card away to process. Solution for the gas station issue was to get a new card with the tap to pay feature, this seems to avoid the scimmers at the pump.
Scott Goodwin wrote: ↑February 10th, 2020, 12:16 pm
I actually had a fraud on my CC on the Wed or Th after BD10. They attempted a $0.85 charge at some sort of "restaurant" in CA. Can't recall the name of the town. Nowhere I'd ever heard of. I initially thought it could have been related to BD10 purchases but I use my CC a lot in general (online and in person) so it would be hard to pinpoint where the fraud could have originated.
Woa. I had the same thing!!
Chase flagged it as fraud and called me.
Like 83 cents from a restaurant in California.
Only I bought in BD11 was Flannery tho?
Just for the record, Flannery was one of the (several) places I purchased from on BD.
One of my purchases was Flannery as well. As several people have mentioned already contacting them, I won't. I hope the guilty thieves get their due and feel bad for any small business trying to get by in an age of internet predators at every step.
My Chase card was compromised and used for $1 at a gas station in Decatur, GA on Sat. 2/1. Probably someone testing it out and Chase denied it and flagged it as fraud. I did not order from Flannery. Bought from several others on BD11 but it’s the card I used for most purchases not just wine.
I did just have a breach discovered on Saturday ($100 exactly at Massage Envy, plus a <$1.00 charge at Massage Envy, and another $100 charge at some online clothing retailer in CA - I assume the $100 even charges were attempts to buy gift cards?). An annoyance because this was a fairly recently re-issued card and it's the one we use most, and for many recurring items, so I get to go through and re-enter all of those yet again...
I made a few BD11 purchases, all with this card, but I did NOT make a Flannery purchase this time. Grassl, Terrien, Calluna, Balanced, Wilde Farm.
Of course, whoever got my info could have gotten it weeks ago and only now did they (or someone who bought it from them on the dark web) try using it.
Me too - purchased from Flannery on BD and had to replace Amex Platinum. It's the first time I've ever had an issue with that card. Not holding anything against Bryan, of course!
Sort of ITB - my husband imports a small amount of sake and I help out
Hi all, I am just seeing this thread now, and want to address as best we can. Last week Amex reached out and said that they were researching potential fraud with cards used prior on our website. We immediately reached out to our payment gateway company (Authorize.net). They did not indicate anything definitive, so we hired an approved scanning vendor to run a full audit of our web site. This is underway right now, but I don't know any results if any yet. We are taking this very seriously, and as we find out more, will post here. To err on the safe side, we are currently gathering all emails of customers who purchased from us on BD to send a note to apprise them of this situation. For those of you who don't already have it, my cell # is 415-819-4366; i'm happy to speak directly with any and all. My sincere apologies for whatever is happening. Bryan