OT: Fraud, heartbleed & the death of windows xp

Most of you either are, or were seminary students at some point in your life, and most of you will be able to relate to not having a lot of cash on hand. As such I keep a close eye on my bank account.

This habit paid huge dividends today as when I logged into my bank account I noticed a 49.95 charge that I had not authorized. I called my bank right away and they informed me I had been a victim of fraud. Their suggestion was that I had paid using my debit card at a vendor using XP on their point of sale terminal - or else I had become a victim of the heartbleed vulnerability.

A few weeks ago, there were some who chided me for asking vendors if they use XP still. Let this be a warning for you, make sure you what type of computer your debit card is running through. I took the requisite precautions and the ONE time I used my card (at a gas station) running XP, a week later my card has been used fraudulently.

Best advice I can give this:
1. Don't do business with companies still relying on windows XP.
2. Check your account balance regularly
3. Cancel and re-order your cards if you think you may have used your card at a compromised location.4. many banks (including my own) will offer temporary cards for use while situations like this are being
handled.

Find more posts tagged with

Comments

DAL

There are some gas stations that have had people go in and install a card reader at the pumps to steal credit card information. They fill up their tanks, pay with credit/debit card and a few days (sometimes hours) later they start getting all these charges they never approved. Too many thieves out there, technology needs to get better.

DMB

Thanks for the heads-up, abondservent. We limit out debit card to big-boy merchants like Target.

Interesting that Target is putting chips on their cards now, as in Europe. $100 mil price-tag versus their slow drain from their experience.

Matthew C Jones

. Don't do business with companies still relying on windows XP.

How about; don't do business with the company that created Windows XP? My conspiracy-haunted mind whispers to me that the people offering solutions to these security breaches are the same entities that created the problems. [6]

abondservant

https://community.logos.com/discussion/comment/592087#Comment_592087

Poking into this a little deeper, MS estimates 1/3 of the world are still using XP - so 1/3 of all vendors, gas stations and so forth. Thus odds are someone you are currently doing business with is unwittingly making your information vulnerable.

Further any place you've ever used your card that had XP, and (even if you're not still shopping there) still is using XP causes your information to be vulnerable.

I canceled all my cards today, not just those affected by the fraud - hoping to prevent any further issues. Fortunately when a card is involved such as the one I used - you have two layers of protection - both visa and your bank.

. Don't do business with companies still relying on windows XP.

How about; don't do business with the company that created Windows XP? My conspiracy-haunted mind whispers to me that the people offering solutions to these security breaches are the same entities that created the problems.

The alternatives are not less vulnerable, just less exploited at the moment I'm afraid.

Randy W. Sims

https://community.logos.com/discussion/comment/592092#Comment_592092

I don't think it's just Windows XP. A lot of software, even on newer OS, are un-reliable. The best course is to have an account that is used for all debit transactions and just put in enough to cover the transactions that are pending (< 2 weeks) plus a bit of filler. It may be a good idea to have a separate account for trusted transactions like Logos and for un-trusted transactions like running through the drive-in at checkers. Multiple segregated accounts can be a good preventative against hackers.

Robert M. Warren

The last time I checked, in the U.S. debit cards do not have nearly the same mandated fraud protection as credit cards. Your bank may have a policy to make good customers whole, but I don't think they are compelled to. I only use debit cards at ATM machines (that are in busy stores).

Matthew C Jones

https://community.logos.com/discussion/comment/592108#Comment_592108

I only use debit cards at ATM machines (that are in busy stores).

Me too. I also use dedicated accounts like Randy suggests. Very few merchants ever get my card info. I use my PayPal account for the rest.

abondservant

https://community.logos.com/discussion/comment/592114#Comment_592114

I may have said debit - but its a visa-backed check card, which is slightly different. Both Regions and Wells Fargo will both replace stolen funds, and will prosecute the offender.

I suspect it costs them well more than the 50$ I lost to investigate and pay a lawyer to prosecute, but I digress.

MJ. Smith

Their suggestion was that I had paid using my debit card at a vendor using XP on their point of sale terminal - or else I had become a victim of the heartbleed vulnerability.

I'm sorry that you've been a victim of fraud. However,it is unlikely that the card processing company knew the source of the fraud. They rarely do except in cases large enough to make the local /national news. It is more likely they were reassuring you by repeating something they believed you would have heard about. I've seen nothing that's indicated a change in rate of fraud since the demise of XP.

There are some gas stations that have had people go in and install a card reader at the pumps to steal credit card information.

Quite true - but even more prevalent at ATMS.

abondservant

https://community.logos.com/discussion/comment/592166#Comment_592166

Their suggestion was that I had paid using my debit card at a vendor using XP on their point of sale terminal - or else I had become a victim of the heartbleed vulnerability.

I'm sorry that you've been a victim of fraud. However,it is unlikely that the card processing company knew the source of the fraud. They rarely do except in cases large enough to make the local /national news. It is more likely they were reassuring you by repeating something they believed you would have heard about. I've seen nothing that's indicated a change in rate of fraud since the demise of XP.

There are some gas stations that have had people go in and install a card reader at the pumps to steal credit card information.

Quite true - but even more prevalent at ATMS.

I've certainly seen an up-tick. The bank said they've seen an uptick as well

.

Martha, I don't know why you get so defensive on this topic - but its not bringing out the nicest sides of me. We do better when were discussing religion and politics :P

MJ. Smith

https://community.logos.com/discussion/comment/592170#Comment_592170

Martha, I don't know why you get so defensive on this topic

Because this type of topic tends to be based on fear-mongering rather than facts - usually starting with the press reporting although some presses are accurate. The major sources of fraud are not newsworthy. The net result is usually the waste of a great deal of energy trying to avoid a threat that is not avoidable --> caution is a good thing, fearful worrying is not. Someone once taught me: “For this reason I say to you, do not be anxious for your life, . . . Therefore do not be anxious for tomorrow, because tomorrow will be anxious for itself. Each day has enough trouble of its own.".

And yes, I have been a victim of fraud - a dishonest clerk in a store with a very honest owner.but someone needs to present the ongoing, nonsensational perspective. I couldn't find last year's statistics but realistic figures are:

http://www.cardhub.com/edu/credit-debit-card-fraud-statistics/
http://www.statisticbrain.com/credit-card-fraud-statistics/

DMB

https://community.logos.com/discussion/comment/592194#Comment_592194

I'd normally sign-on to the 'go with what data is on the table'.

But here, the major players are best disposed not to admit anything is wrong. Absent the media hype and the odd name, most people would certainly never get clued in by the card companies, banks, etc. I doubt even Logos would have communicated absent the badgering.

Here's a good example of the conflicting motives a few weeks back:

http://www.nytimes.com/2014/03/08/your-money/after-debit-card-fraud-a-small-bank-feels-customers-frustration.html?_r=0

In the article, they reference MC's liability policy, though I'd assume each bank has fine print.

Robert Harner

https://community.logos.com/discussion/comment/592092#Comment_592092

Poking into this a little deeper, MS estimates 1/3 of the world are still using XP - so 1/3 of all vendors, gas stations and so forth. Thus odds are someone you are currently doing business with is unwittingly making your information vulnerable.

I don't think it follows a third of all vendors would be using XP, Most XP would be on personal machines. Gas stations ect are using a device/program/system that has been certified by the mandates of the Card Associations (PCI DSS). If they become non-compliant they are required to fix it or get a different system. This is also required by the Acquiring companies that issue merchant accounts. Not that the system is perfect, I know better, but I'm worried more about my card in the hands of someone in a restaurant than one of these machines.

abondservant

https://community.logos.com/discussion/comment/592203#Comment_592203

MJ MJ MJ, you who usually respond with so much grace on issues you know about are responding in a non-typical way on an issue you have made clear, that you don't understand.

Those that know are particularly careful - at least until the metrics change. Those that don't ought to be warned not to play in the lava, not encouraged to hop in its nice and warm.

I know you've cited your un-named "expert" before. But from my own knowledge and experience in the IT field (and in IT security), and based upon the knowledge and experience of others in high places in the IT security field - I can assure you that if anything this is being under-emphasized. Sometimes when someone shouts fire, its because there is a fire.

Perhaps we should agree not to discuss this issue .

I agree that 1/3 is probably high for most businesses - however I know that there are defense contractors who were unable to fully remediate this problem, if a fortune 100 has trouble moving away from XP, many others will have trouble as well.

MJ. Smith

https://community.logos.com/discussion/comment/592276#Comment_592276

MJ MJ MJ, you who usually respond with so much grace on issues you know about are responding in a non-typical way on an issue you have made clear, that you don't understand.

I "don't" understand it because:

So, unless you can present equivalent expertise, and I readily admit many have more expertise than I in the area,

be warned not to play in the lava, not encouraged to hop in its nice and warm.

Sorry, ABS, I don't usually shout my credentials but I am careful about sticking to areas of my expertise ... even if sometimes there are factors I didn't take into account. And I do try to be gracious in admitting when I am wrong - although crow often tastes gamey even slathered in BBQ sauce.

Fraud is a problem effecting somewhere between 10-17% of people with cards according to the statistical pages I listed above. And, yes, the rate continues to rise. The issue is that people take an action that covers < 1% of the risk and feel good about it ... while ignoring the things that have far higher risk rates. Moral: pay attention to the statistics ranking the risks not to the issues that make the news.

abondservant

https://community.logos.com/discussion/comment/592279#Comment_592279

MJ - Between some sensitive IT work, and sensitive gospel work I think I ended up being a bit more tightly wound on issues of IT security.

If you want to hear more then perhaps we can meet over coffee one day (tea for me thanks).

MJ. Smith

https://community.logos.com/discussion/comment/592315#Comment_592315

If you want to hear more then perhaps we can meet over coffee one day (tea for me thanks).

Starbucks forays into tea leave a bit to be desired ... but I know this great little Chinese tea shop at the Market [:D]

abondservant

https://community.logos.com/discussion/comment/592318#Comment_592318

Have you tried starbucks iced Chai Tea Latte? its pricey (what isn't at starbucks?) - but I like it.

Chinese tea shop sounds better though.

MJ. Smith

https://community.logos.com/discussion/comment/592436#Comment_592436

Have you tried starbucks iced Chai Tea Latte?

I order it occasionally but it's not my favorite of the Chai Tea Lattes. Oregon Chai is my favorite of the commercial brands.

Donnie Hale

I called my bank right away and they informed me I had been a victim of fraud. Their suggestion was that I had paid using my debit card at a vendor using XP on their point of sale terminal - or else I had become a victim of the heartbleed vulnerability.

I can't restrain myself from jumping in on this.

Did the bank give you any specific information on how the fraudulent charge was made? Was it a "card present" transaction (when not fraudulent, an actual swipe of the mag stripe)? Or was it a "card not present" (card #, expiration date, and hopefully CVV)? What merchant? If it was card present, did they ask the merchant if they have video surveillance? Can they prove that a card was physically swiped at the time of the authorization? Is there any relevant data to correlate which specific card usage of yours prior to the fraud is the one that led to the fraud?

There are a whole host of questions that would need to be answered before anyone could start narrowing in on an explanation of "it's XP." The only thing that has happened since XP went out of support was the very serious "remote takeover" threat via IE. That is also a vulnerability on all post-XP Microsoft OS's. ***Microsoft broke their own rules and issued a hotfix for it *for XP*!!! So if that happened to be the vulnerability that led to your fraud, it could have been from any unpatched MS OS instance.

Also worth noting: You focused on the "XP" comment and not much on the heartbleed vulnerability. I'm skeptical it was that vulnerability, either, but if it was, you'd have been better off hitting a system running XP since the MS OS's were significantly less vulnerable to it than OS's which use OpenSSL for key components.

You're certainly welcome to take any and all precautions you think are warranted. But there's almost no likelihood that XP is at fault in any way different than it might have been 2 months ago.

Donnie

Donnie Hale

https://community.logos.com/discussion/comment/592108#Comment_592108

The last time I checked, in the U.S. debit cards do not have nearly the same mandated fraud protection as credit cards. Your bank may have a policy to make good customers whole, but I don't think they are compelled to. I only use debit cards at ATM machines (that are in busy stores).

This is a big problem and, IMO, stems from a U.S. business culture that focuses on maximizing near-term profits at almost any cost. The symptoms of this are seen in areas like lagging behind in credit card technology, internet / broadband buildout, etc. There are other contributing factors, to be sure (geography / size). But there's simply very little incentive to undertake these capital intensive projects in a proactive manner. It's always reactive, either to regulation (ugh!) or an overwhelmingly bad event (in the case of credit cards, the Target breach).

See http://www.engadget.com/2014/05/08/us-credit-cards-chip/ . Microchips and tokenized transactions are long overdue.

My $.02 ...

Donnie

DMB

https://community.logos.com/discussion/comment/592654#Comment_592654

This thread is funny. It reminds me of Las Vegas, two gamblers arguing whether it was the house or the player (of course, losing).

The principle in Vegas is someone is governing (the state), and so people know the general odds (slight loss over time).

In the XP/Heartbleed example, the consumer's in over their head. On one hand 'the house' is global, and on the other, most don't know how to gamble.

abondservant

https://community.logos.com/discussion/comment/592653#Comment_592653

Transaction was done online with my proper address and cv2. However the card was physically in my possession at the time of the transaction. The shipping address is how they plan to get the guy.

This thread is funny. It reminds me of Las Vegas, two gamblers arguing whether it was the house or the player (of course, losing).

The principle in Vegas is someone is governing (the state), and so people know the general odds (slight loss over time).

In the XP/Heartbleed example, the consumer's in over their head. On one hand 'the house' is global, and on the other, most don't know how to gamble.

ahh yes - except the house always wins. Especially because of those who can't gamble.

Interesting to point out a gamblers winnings are helping to pay for my tuition at seminary.

I'm less inclined to think it had to do with heartbleed. For a couple of reasons. I don't buy or sell online except from a few companies - Logos being one of them, Amazon the other. While amazon was affected (and reportedly not the parts I had used), I doubt it was them as I changed my login credentials immediately upon hearing there were parts of amazon affected.

Any machine that you've done business with in the past that still runs XP makes your card number vulnerable. Granted just because you're dancing blindfolded near a cliff doesn't mean you will for certain fall off. Statistically some will though, and that (from what I hear from the bank - who intends to prosecute this individual as there has been a significant amount of fraud tied to his address in the past week) seems to be what happened to me. Either the gas station on the way up (i've seen skimmers before, and while its possible that was the cause - he would have had to put one on each pump because I look at the card readers on other pumps before sliding my card - and usually pay in the store to avoid that headache), or someone I've done business with, likely a small business who still has not yet made the jump, or doesn't understand the security reasons to make the jump to a newer OS. There is a little hardware store near my house - the kind of country store where you can buy chickens, screws/nails by the pound and so forth. I asked the new owners recently (because thats who mans the register) about their OS, and they said "uhh yeah I don't know its windows, its fine - the last people paid a computer guy and he upgraded it to x something". I paid in cash, and suggested they call someone to upgrade their pc.

RFID (which if I recall was the technology used in France to secure debit cards - "pulse" I think it was called) is not the savior people think it will be. There were stories at the time about individuals with a scanner in their pocket bumping into people on the metro (subway) and then using the cards online to tip strippers as a way of laundering the money (the girls "pimp" was a part of the same criminal organization but would run legit looking fronts - the girls agency would get paid, they pay the girl, and then they send part of the money back to the thief and keep part for themselves). You don't hear too much about how vulnerable RFID is - I read an article not too long ago about Mythbusters - they were looking to do a second episode on RFID and the security or lack their of. However the governmental agency in charge of regulating RFID (and I can find the article if you like) gathered a bunch of mythbusters sponsors (amex, and some others) and asked them not to do the second episode - saying it would be problematic for their sponsors.

They backed right down - and understandably so.

I'm not sure what the solution is - but I do know some of the techniques that are used in attacks. Prior to 9/11 individuals would simply walk into a facility and plug a machine into a network and run a packet sniffer for a while. Network traffic over the wire is natively unencrypted. In larger facilities no one knows everyone, and so for a few hours you can sometimes get away with this sort of tactic. It depends much on social engineering to get past the rent-a-cops at the door. Small transmitters can be clipped over network cables, and if done right the plaintext data traveling over the network can be read and transmitted offsite. Many places don't check for this type of thing either depending more on physical security at the entry points. Further I saw an incident where an individual with a non-visible spectrum "laser pen" tied to their computer was able to determine which keys were being pressed on a keyboard from the top of a microwave transmission tower in a parking lot across the street. IE they were recording every key pressed - passwords, private corporate emails, potentially corporate secrets and so forth - on their targets computer. It would be possible (but not practical) to employ this method against an atm or an individual at home. I suspect in time you'll be able to get the parts from radio shack, and then download an app from the app store. The aiming mechanism looked like a hodge podge of electric RC car parts (rotary actuators rigged up to give granular control over both where the digital camera (and thus the "laser") with the telephoto lens was pointing - then the whole mess was clamped to the frame of the tower).

Security is an illusion. Any security we have can only come from the Lord. If someone (especially foreign entitys with government level resources) wants to find out what you know or whats on your computer they can. The technology to interpret the electrical signals in your brain has advanced quite a bit, and is going to be in every house hold that buys video games in a few years. I saw a piece of tech a couple of years ago that attached to a game console that would allow you to move your character in the game by thought. It interpreted your mood - IE Bad mood? maybe its raining and playing death metal. Good mood? perhaps its playing the Beatles and the sun is shining (in the video game). In pragmatic terms then, if say China wants to know what you know, they could strap one of these things onto your head (albeit with more advanced programming) and interrogate you. Anything you think about while being interrogated could potentially popup on some computer screen elsewhere in the facility. Most of us this won't be a risk for - but its on the cusp of being a reality faced by missionaries to creative access countries.

However we should do our due diligence. Looking around to make sure a gorilla of a man in a balaclava isn't behind you is generally a good idea at night in a city, when you're using your ATM. So is keeping your wallet in your front pocket in NY City (learned that one the hard way, now if they pickpocket me they get a Gideon NT). So is seeking to only do business with companies that take your security seriously enough to have moved away from XP.

You wouldn't intentionally slide your card through a skimmer, you wouldn't walk on a lake covered by a thin veneer of ice. You wouldn't intentionally drive on a road you knew to be unstable and at risk for falling down the side of a mountain; and you shouldn't be so free-spirited where you swipe your card.

Its properly basic.

Anyway I digress. If after all this you're still unwilling to look out for your own security on this issue, then continuing to write about it and beleaguer the point accomplishes nothing.

Robert Harner

https://community.logos.com/discussion/comment/592665#Comment_592665

Their suggestion was that I had paid using my debit card at a vendor using XP on their point of sale terminal . . .

Transaction was done online with my proper address and cv2.

If it was a POS they would not have your address or CVV, they are not on the card strip. XP did not suddenly become the scourge of the earth. As long as the card swiping device is PCI DSS certified (as they are required to be) I don't care if there are six hundred and sixty six XP machines in the room. Giving your card to a waiter has much more documented risks. BTW, if that address is the real address of the perpetrator you are dealing with an individual of near room temperature IQ.

abondservant

https://community.logos.com/discussion/comment/592709#Comment_592709

or one especially young.

They ordered muscle building supplements from some MMA outfit in Miami. The bank of course didn't give me the address the thief used, however they did mention delivery to eastern Europe.

The 666 reference made me chuckle

Donnie Hale

https://community.logos.com/discussion/comment/592665#Comment_592665

Transaction was done online with my proper address and cv2.

How did the fraudster get your address? That's clearly not supplied by a mag swipe. It sounds more like a customer database was hacked, with heartbleed still being a possibility if you performed any online activity recently that would have pulled your address into a vulnerable web server's memory (either by retrieval from a data store or by you entering it). The fact that they had your cvv seems to mean either heartbleed, a combination of two attacks that were able to relate the data (e.g. by card #), or improper card handling practices on the part of some merchant (cvv should never be stored, but if they did...).

Donnie

abondservant

https://community.logos.com/discussion/comment/592717#Comment_592717

Transaction was done online with my proper address and cv2.

How did the fraudster get your address? That's clearly not supplied by a mag swipe. It sounds more like a customer database was hacked, with heartbleed still being a possibility if you performed any online activity recently that would have pulled your address into a vulnerable web server's memory (either by retrieval from a data store or by you entering it). The fact that they had your cvv seems to mean either heartbleed, a combination of two attacks that were able to relate the data (e.g. by card #), or improper card handling practices on the part of some merchant (cvv should never be stored, but if they did...).

Donnie

I haven't purchased anything online in quite some time. Maybe January? I buy from Logos regularly. But they were only affected through proclaim iirc, and I've never used that particular product (downloaded once, but not used).
Heartbleed was one of the things they mentioned as possible. I suppose I could call my friend at the bank - she's been my source for info thus far. Maybe after finals.

Matthew C Jones

https://community.logos.com/discussion/comment/592276#Comment_592276

I agree that 1/3 is probably high for most businesses - however I know that there are defense contractors who were unable to fully remediate this problem, if a fortune 100 has trouble moving away from XP, many others will have trouble as well.

My brother was hired to update the computer networks for a certain Sheriff department and prison in Kansas. The Kansas Bureau of Investigation requires all networks to abandon Windows XP to access the NCIC network. My brother's success was crippled by the lack of funds in the budget, There was just no money to upgrade the network.

I noticed the computers in my doctor's office are still Windows XP.

Donnie Hale

https://community.logos.com/discussion/comment/592720#Comment_592720

There was just no money to upgrade the network.

As things have gotten more and more locked down in the infrastructure where I work (at least the powers that be perceive that they have been), I've suggested a new procedure for deploying servers into our data centers.

1. Install server into rack.

2. Insert epoxy into all network ports.

Secured.

Donnie

(‾◡◝)

https://community.logos.com/discussion/comment/592741#Comment_592741

There was just no money to upgrade the network.

As things have gotten more and more locked down in the infrastructure where I work (at least the powers that be perceive that they have been), I've suggested a new procedure for deploying servers into our data centers.

1. Install server into rack.

2. Insert epoxy into all network ports.

Secured.

Donnie

[:D]

I like it ... simple, inexpensive, and it works. Brilliant! What manager in his or her right mind could not/would not sign off on that?

Matthew C Jones

https://community.logos.com/discussion/comment/592741#Comment_592741

I've suggested a new procedure for deploying servers into our data centers.

1. Install server into rack.

2. Insert epoxy into all network ports.

Secured.

My brother had to revoke everyone's passwords and administrator's rights. Everyone and their dog had access. [&]

---Come to think of it, its probably good to force the upgrades away from Windows XP.

TCBlack

This habit paid huge dividends today as when I logged into my bank account I noticed a 49.95 charge that I had not authorized. I called my bank right away and they informed me I had been a victim of fraud.

I've been there. Actually I've been hit much harder than that. I was fortunate that it was a credit card though, they took the hit and dispatched an investigator - refunded my money and all. But man what a horrible feeling.

I'm sorry to read this abondservant. It's not fun.

Regardless of XP, due caution, or anything else, the best advice in the thread is: Watch your accounts.

Unix

https://community.logos.com/discussion/comment/592756#Comment_592756

That is GREAT advice, TCBlack! I know You do:

the best advice in the thread is: Watch your accounts.

I want to set realistic hopes in life, so I need to know my balance at all times. Helps me not to spend.

Keep Smiling 4 Jesus :)

https://community.logos.com/discussion/comment/592756#Comment_592756

I'm sorry to read this abondservant. It's not fun.

Praying plus Thankful God is in control. Looking forward to His Kingdom; clouds have many shapes and colors: see Luke 21:25-28

Searching Logos for:

credit NEAR card NEAR fraud

found another story:

Regardless of XP, due caution, or anything else, the best advice in the thread is: Watch your accounts.

+1 [Y] for watch your accounts. A friend experienced a $ 1.00 charge on Monday being followed by a surprising order on Thursday for more $'s with the thief intercepting unexpected delivery at the friend's house.

Concerning XP, Computer World has an article about upcoming security patches being reversed engineered to find vulnerabilities => http://www.computerworld.com/s/article/9248265/Hackers_now_crave_patches_and_Microsoft_s_giving_them_just_what_they_want

Keep Smiling [:)]

Randy W. Sims

Just posted against my Wells Fargo Visa/Debit card: MMAMUSCLEGAIN.C TAMPA FL $49.95.

Is that the same one?

Has to be an online vendor. Wells Fargo said that this vendor is legitimate. They often initial 90 day trials that then automatically start billing, but I never initiated any trial nor gave them or anyone like them any information and I've never received anything from them.

abondservant

https://community.logos.com/discussion/comment/594722#Comment_594722

mine was "FitLikeMMA" out of some place by miami.

Glad you caught it quickly Randy.

Matthew C Jones

https://community.logos.com/discussion/comment/592763#Comment_592763

I want to set realistic hopes in life, so I need to know my balance at all times. Helps me not to spend.

This is a wise approach.

mete

https://community.logos.com/discussion/comment/594791#Comment_594791

Thank u for your post. I googled "Fitlikemma fraud" because I have a 4.95 charge that is not mine. You confirmed fraud.

Donnie Hale

https://community.logos.com/discussion/comment/598287#Comment_598287

I got a fraud alert from Chase this morning for one of my credit cards. They had declined the transaction (rightly). Close account, new card, etc.

What's interesting about this is that I'm the only one who physically has this card, I only use it physically 2-3 times a year, when I stay at the Southern Seminary hotel in Louisville. And beyond that, I only use it for seminary-related purchases - meaning it's only on file with Amazon and Logos.

Makes me nervous...

Donnie