Slashdot Mirror
Blu-ray Update Sent To User Via Credit Card Records
wmoyes writes "Back in September I ran into a Best Buy store to buy a Samsung BD-P2550 Blu-ray player. I didn't give the clerk my name, telephone number, or address, just my debit card. The player has sat happily in my living room without ever being networked or registered. Today I was shocked to find a package waiting for me at home from Best Buy — inside was a firmware update CD for the player. I used to think Windows Update was scary, but Samsung's update service tracked me to my house using the mag stripe from my bank card. Has this happened to any other Blu-ray owners?" Or is there a simpler explanation?
First, the facts: The Chase policy, which is similar to those of many other credit card companies, states: "You may tell us not to share information about you with non-financial companies outside of our family of companies. Even if you do tell us not to share, we may do so as required or permitted by law..."
According to the Wikipedia article, the credit card number, expiration date, and PIN verification info. I've seen tweekers do it with stolen cards. Magstripe readers are available for 50 bucks online.
The midget in the back seat of the Lincoln crawls in your basement window at night, and takes inventory of your firmware revisions on all your hardware.
He then runs to the forest to find out what updates you might need.
Don't talk to him, it sounds like he's talking backwards.
I'm really curious as to whether or not this would be legal..
You're nothing; like me.
BTW, you need to replace that printer cartridge in the computer room on the first floor, and we have photographs of your youngest daughter going to school. Have a nice day, we'll be in touch.
This is why I use federal reserve notes for everything I can. I bought my Wii with federal reserve notes. I bought my PS3 with federal reserve notes.
--
End The Fed
You did register with them last year...
Did you purchase the Best Buy Extended Warranty? if so perhaps they tracked you through that...
That is great news
if someone ever use your credit card number,
YOU receive the driver upgrade.
then you know something wrong happened
The world belongs to those who get up early. - I'm far from being the king of Earth then
You have been owned.
Have you EVER used that debit card at the same store and provided your address or phone number? If you've ever done that then they have that information readily available.
The blueray player used the nearest WiFi access point (it can hack into secured ones). It sent its GPS position, which was cross referenced to your address at the server. It has also been sending information about all the discs you have put in it, whether you played them or not. You haven't put any pirate stuff in there, have you?
In addition, on the HDMI back channel it has been gathering information about what you watch on TV, and reporting that as well. The company sells this information to Nielson.
And you wondered why that player was so expensive.
This is not unusual. I have benefited from several class action suits where they have somehow tracked me down years after the fact, which is particularly impressive because as a student/young professional/grad student, I moved almost every year.
What probably happens is they give the debit card number (which is unique and remains unique long after you cancel/close the account) to a credit reporting agency (e.g. Equifax), and the credit agency has a record of your most recent address, which they got when you changed your address at your bank or any of your other credit cards.
The 'update' DVD came from Best Buy, not the manufacturer- of course Best Buy has access to your home address, via your credit card. Samsung probably just shipped a bunch of discs to Best Buy, asking them to mail them out to owners of the player. No big conspiracy or identity theft going on, so relax.
And there's nothing scary with Windows update. Just look and see how almost any other OS out there, Linuzz distros inclusive, are now using the same kind of service.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
Many companies subscribe to data mining services that put turn your credit card number back into contact details.
Depending on your choice of grocer... they'll even track what brand of condoms you use and how many boxes you buy in a month (year).
It's time to throw out that milk in your fridge.
Quidquid Latine dictum sit, altum videtur (anything said in Latin sounds important)
Sony has lost all my business forever, since the cd root kit fiasco a couple of years ago. As for Blu-Ray, I refuse to purchase any consumer device that REQUIRES me to install some so-called upgrade. The fact that you cannot play some newer media without upgrading in the case of blu-ray, just raises my hackles.
In this case, I think there is a matter of invasion of privacy. I can understand why they might send you an upgrade after registering the product, but HOW IN THE EARTH'S GOOD NAME DO THEY KNOW YOU HAVEN'T PURCHASED IT AS A PRESENT FOR SOMEONE ELSE?! Such maroons...
In any case, I personally would boycott the store that did this. This situation shows that they have absolutely no respect for the privacy rights of their customers.
Sometimes, real fast is almost as good as real-time.
When you cashed out, you gave Best Buy your phone number, too. Every Best Buy cashier asks for it when they start your transaction. With a phone number, and/or a credit card number, anyone could find you.
Armaments, 2-9-21 And Saint Attila raised the hand grenade up on high, saying, 'O Lord, bless this Thy hand grenade' N
If you have signed up with best buy's reward zone program and have used that credit card at least once with your reward zone card, they will know it is you...even if you didn't flash your reward zone card during the purchase of your blu ray player. Likewise, if you sent a rebate to best buy (although not necessarily to a 3rd party) using that credit card, its likely they will know it is you. Similar things happened with people who bought HD DVD players at best buy...when HD DVD was killed off, best buy decided to send folks $50 gift cards as a 'sorry things didn't work out with HD DVD' gesture...they mostly fed off info they already had from reward zone, rebates, or extended warranties to send the cards out.
Best Buy is a pro at MDM, and have been for a few years now. They have a record of everyone's purchases and actions at Best Buy who hasn't paid for a purchase in cash. Even those cash purchases are tracked if the person uses a rewards zone card. They know which credit cards you have used at each location, they know if you are a sucker for warranties, and they know if you have a tendency to bring stuff back after a few weeks. They digest every piece of identifiable information that you have so they can target you, the consumer, in a more profitable manner.
Once people get used to this, what keeps naughty people from sending out legitimate looking upgrade disks that scramble your player or install software that lets them use your network connected player as a spam server? Urgh, basically virus laden spam for snail mail.
I Am My Own Worst Enemy
You purchase an item on Credit you're entering into an agreement to pay for something they are going to want to know your billing address so that they can verify payment. If you're that concerned about your privacy you need to not enter into such agreements and pay for everything with cash (which protects both sides). As a side note isn't this potentially a good thing that they sent you an update? You can decide not to use it if you fear its updating drm as opposed to improving the product.
I wonder if this is a violation of the very strict Payment Card Industry policies.
Your mom probably filled in the product warrantee card and sent it in.
P.S. She's fat.
Help! I'm a slashdot refugee.
Is ALWAYS PAY CASH!
I have a merchant credit card account for V,MC,D, you know the telephone swipe box that sits on the store counter.
It's pretty easy for the merchant, BestBuy whoever, to get your name and address from it. Samsung asked BestBuy to pass on the update to whoever purchased the SKU. It's a tremendous courtesy, actually.
There is no privacy. Get over it. No matter how much the Planned Parenthood robots babble about the "Right to Privacy" whenever abortion is discussed. I know where my customers live. And Planned Parenthood rents its mailing lists to (mostly) liberal interests. Except for the one time it rented them to Newt Gingrich's Contract With America. Hey, it worked.
You have no clue about mailing lists. I hope I scared you.
AMEX, Mastercard and Visa are more than happy to give the merchants your data - fees vary, if any. And there's nothing preventing Best Buy from sending Samsung a list of everyone who bought the product for any reason. Don't like it? Pay with cash.
A similar thing happened to me. I bought a blu-ray player, then one day I came home and found my house ransacked and my blu-ray player was gone. I'm still waiting for Samsung to send my blu-ray player back with the updates. I don't have any problems with these companies being vigilant about their update services. I just really wish they wouldn't spraypaint swastikas on my furniture.
I have nothing compelling to say
Check you card for any bill BB wants $30 to do this.
http://consumerist.com/5122504/watch-out-for-firmware-shenanigans-at-best-buy
Since your name is on the card, it is also probably on the mag stripe. When they scanned it, they got your name. Then they probably looking it up in some database which also contains your address. Where did they get that address? It could be a catalog mailing list, it could be a rewards program, or it could be you had given them your address for a rebate once. Maybe they found you in the phone book, even.
dom
I purchased the p1500 about 3 months ago (piece of crap) and returned it 24 hours later (it was incapable of playing the iron man bluray). I upgraded to the ps3 and haven't had a problem since. LIke the original poster I didn't give them a name or anything other than paying with my debit card (which apparently is tantamount to giving them your name address date of birth, ss#, eye color, height, weight and sexual orientation), about a month after i returned it, i received a letter in the mail from samsung asking me to complete an online questionnaire about my experience with the p1500. Not the same as the OP, but samsung still knew where i lived even though i gave my debit info to best buy. So who's to blame here, samsung or best buy?
Steve Wozniak (the other founder of Apple) used to keep a special book of US$2.00 bills that he had made from bills that hadn't been cut. He then had them perforated so that he could tear them out like checks for payment.
You can read the full story in his words here: http://woz.org/letters/general/78.html
For a birthday present last year, my parents renewed my Sirius subscription. This year, after the merger, they sent a notice in the credit card statement for my parents that they were consolidating payments for all the radios I have into one payment. I am not sure of the exact wording, but that is close enough. So it is not just Best Buy the credit card companies are helping out.
I would have preferred an email, as Sirius has my email address, and they also have my physical address so they could send me the attenuators for the FM transmitter in their radios. I see no reason for them to have put this in a credit card statement.
Why, without your clothes, you're naked, Miss Dudley!
A few years ago there was an interesting device being sold that acted as an email dumb terminal. The device was sold sans any real license but the expectation by the vendor was that you would sign up for their service since otherwise the hardware was "useless". Except that folks figured out how to hack it and turn it into a remote terminal for various OS. I was interested....
I trotted down to my local Circuit City only to find that many others were also interested and that they were sold out. No worries, they let me go ahead and buy one and would let me know when stock arrived so that I could pick it up.
Meanwhile the company figured out what was going on and began trying to stop efforts to repurpose their hardware - unsuccessfully. I got a letter in the mail from the company a few weeks after I had made my purchase at CircuitCity. The letter was informing me that they had decided to change the license terms on their hardware - after my purchase, that signing up for their service was "mandatory", and that if I did not do so within X number of days or receiving my device they would CHARGE MY CREDIT CARD.
Now, I had never contacted this company, I had no intentions of ever dealing with them or of buying their service, and I had not shared my contact information with them. CircuitCity however HAD shared my name and home address with them and if the letter was to be believed was also willing to share my credit card account information to facilitate a charge! I trotted back down to the CircuitCity, canceled my order, and demanded an explanation - naturally they had NO clue.
I was beyond angry to say the least and fired off a letter to CircuitCity HQ. Their response was that no way did they share my CC information with this 3rd party but they said nothing about having shared my HOME ADDRESS! I let them know that I would never shop in their stores again and have told this story more times than I can count - it's been YEARS and I have held true to my promise not to give them a cent. Seeing them go under warms my heart - the jerks. The sad thing is that I nearly made this purchase with cash, I wish I had!
As a side note, the CircuitCity I went into was one I'd never visited as it was closer to work and not my home. When I gave them my phone number they had my complete address on file! Turns out that my girlfriend's daughter had shopped there about 3 years prior and made a single purchase. They STILL had our address on file tied to that phone number when I made my purchase. So yeah, these companies do cough up data and they also hold onto it a REALLY long time - thank you TJMax!
Build it, Drive it, Improve it! Hybridz.org
I dine out at a local eatery and they give change in 50c and $2 bills as appropriate based on your order. I tend to re-use the bills at other local places, and usually get some combination of NOOP and Cool! I've never had any issues, but also don't tend to hand them to someone who may die due to drooling on themselves.
What are these Federal Reserve Notes you are talking about?
Where do I get them & can I pay for these Federal Reserve Notes
using my Credit Card?
When I worked in retail sales in the early nineties, Computer printers were making good enough images to encourage some idiots to try passing home-made bills as real. One easy way to distinguish the fakes was by rubbing a piece of white paper over the "bill", then checking the paper for ink transfer. Treasury ink never fully dries, and even old funky bills will transfer a little green smudge to the white paper. Brand new bills, like the Twos that we stocked in the slot between the Ones and Fives, would make a major smear if you tried that, even though most of them we had were printed in 1976. I learned how fun it was to baffle the ignorant with the unfamiliar money, and usually get $100 or so in Twos when I get cash from my bank. I think they are especially useful for tipping service providers, it seems to help them remember me favorably on subsequent interactions.
The cost of that cleanup, of course, will be borne by taxpayers, not industry.
No, Best Buy wants $30 to install the update for you. It's a service for people who cant follow simple instructions on how to do this update. Think of the $30 as a stupid tax.
Best Buy cant just mail you things and bill you for it.
And to think that people used to be worried about personal information being gleaned about them through their IP address when they were surfing porn.
We all got that CD. The rest of us just had the good sense not to post it to /.
"Oh, you hate your job? There's a support group for that, it's called everyone, they meet at the bar."
Numerous companies either breach the policies or work around them.
Tthere was a big flap last year when the parent company of Winners and Home Sense was found to have been capturing all their customer's credit card numbers, which are supposed to be passed directly the the banks' clearing house without ever being seen by the retailer. See http://www.cbc.ca/money/story/2007/01/18/winnersbreach.html
Yes, they got stolen (;-))
--dave
davecb@spamcop.net
Look, it's very simple. You probably did something at some time that associated your name and address with a purchase. Perhaps not this purchase, but with some purchase in the past.
Have you thought of simply asking Best Buy how they knew who to send the update to?
Proverbs 21:19
I've received product recall notices for items I bought with my credit card. Another example: I returned an item to Target recently - they scanned the item, handed me the receipt, and said "XXX dollars is now refunded to your card, have a nice day!" So they know from the bar code who bought that item, and they retained the credit card information associated with it.
Since they have all the card info, maybe those mail in rebates can be deposited automatically when they receive it. Hah!
Shameless plug alert: Game server control panel
US Debit cards use the credit card networks, and as such can obtain the same information as required/optional by the credit card network.
Yes, every purchase you buy with your credit or debit card the credit card, they know your billing address.
Here's why though, the system will compare the name/billing address of the card to the name/address at the point of sale, and will warn on some systems that there is a mismatch (at this point, at retail they should ask to see matching ID, but many people don't like confrontations.) If over the phone however, they can't ask for more information because they have no way of verifying it.
Now in Canada, which uses the Interac system instead, I'm fairly sure does the same thing, as the Interac network is practically the same thing.
Bestbuy here isn't above sending stuff to the address you give them at point of sale, but I've noticed that most sales reps no longer ask for it unless I'm buying something that they can offer a product service plan on.
It amuses me when people use a credit card and assume their identity will remain a secret from everyone and anyone involved in the transaction. In my mind, it's akin to people complaining about the lack of privacy on Facebook. If you want privacy, don't use it. If keeping your identity secret is _that_ important to you, pay for things with cash.
Couldn't simply have done a chargeback? It should be an open and shut case. It would be easy to claim ignorance and say 'WTF, I'VE NEVER HEARD OF THIS COMPANY THAT'S ON MY STATEMENT.' To win the chargeback, they'd have to cough up a record of your signature for that specific purchase.
Use chargebacks, it's one of the reasons credit cards>>>debit cards.
How do these articles get approved? This is clearly either the banks fault *OR* much more likely, bestbuy has his information already stored and sent out the update to that address. *sigh* can I have my 2 minutes back that were wasted reading this article?
ImagePut - Free, Simple, Fast Image Hosting
It's nice that Best Buy decided to provide this as a service to its customers. The concern, though, is that if they use a credit card for anything other than obtaining money, then in all likelihood they've still got that card number lying around somewhere. That means that any hacker with a grudge against Best Buy (!) has the ability to get my perhaps improperly secured card number and have a field day.
As far as I'm concerned, it's a matter of risk vs. reward.
There is this thing called cash. You can use it anywhere MasterCard is accepted. If they want your name, you can tell them that your first name is Fuck and your last name is You. It's nobody's business what disk player you have and what version of firmware is running on it.
This is an obvious Twin Peaks reference, which is apt, considering how surprising it is to see a manufacturer mine our sales receipts for information.
A retail outlet must obtain consent from you to give your personal information to a third party, and no clear consent was given in this case.
This is a job for that quirky Special Agent Dale Cooper, who possibly moonlights for the EFF.
The dangers of knowledge trigger emotional distress in human beings.
Know a DBA that wrote the software Target uses to keep track of every single purchase made by people using credit / debit cards. This database does not get emptied, they will always know everything you bought, it can even report your buying habits for toothpaste to try to predict how often you visit the store...
An I.T. motto in the hands of an idiot is a dangerous thing...
If you want your firmware updates to go smoothly leave out some milk and cookies for him. It keeps them happy. After a bad update I went a step further and started leaving out a shot of whiskey at night and that seemed to cure the problem. They really need to cover this stuff in the manual. A well fed and slightly drunk Gnome is a happy Gnome and they'll keep your electronics running smoothly.
I once (and only once) bought an expensive Hermes tie at a shop in a Las Vegas casino's mall, paying with a credit card. I never gave them my address, so it had to come from my credit card info. Ever since, I've been getting Hermes catalogs in the mail. They're expensive things too, zillion-color offset printings on expensive paper, stencil cuts, etc. By now, whatever profit they made on that one tie has long vanished in the costs of producing and sending me that catalog.
Between Credit Card records and Google, you have no secrets.
Credit card records are how companies are getting around HIPAA regulations. They look up what drugs you bought via credit cards.
I am seriously starting to think like my father, who has hated using credit cards since they were invited. And he worked in the banking industry most of his adult life.
Be paranoid, be very paranoid.
Think Deeply.
Clearly you need help...but as long as you keep cranking out creepy, funny posts like this one, I'm certainly not going to give it to you.
Just once I'd like someone to call me 'Sir' without adding 'You're making a scene.'
http://bluraysucks.com/
the latest offering from the company that brought you the famous Sony rootkit...
+1 Funny to the submitter who paid with a debit card and then whines about losing his privacy.
When you use a debit card, your using Visa or MasterCard's good name and network to check with your bank to see if your account has the appropriate funds for the transaction.
If your bank account does have enough funds, Visa/MasterCard requests the transaction amount to be placed on hold on your account until such a time as when the funds can be actually transferred from your bank account to the merchant's account with a credit card merchant office (e.g. Nova). This transfer can happen instantly during business hours or can hold as pending until the next available business day if done during off hours or weekends.
You sign/confirm to an agreement that the funds will still be there when the transaction electronically resolves itself. If you don't have the funds, Visa/Mastercard can come rape you. If the merchant sold you damaged goods and will not issue you a refund, you can use Visa/Mastercard's thugs to force their hand. If you didn't make the purchase (identity theft), your bank can use Visa/Mastercard's thugs to track things down, issue you a provincial credit, and other fun things.
Anytime you pay for something electronically, your info will be made known to the merchant and Visa/Mastercard. How do you think Visa has that promo for debit cards allowing you to be the big mystery winner just for using your debit card to make purchases?
Up, Up, Down, Down, Left, Right, Left, Right, B, A, START
And drive off.
It is a debt and they either accept payment or don't.
If they don't accept you paying for it, you aren't stealing anything.
I had a digg.com account from about 4 years ago registered to one of my email addresses. I have since moved on to another email address. For some reason my account was banned (I didn't follow the leftist groupthink on digg? I seriously did nothing wrong). Then 3 days ago I get an email at my current address telling me someone became a fan of me.
So how did they get my new email, and know it's me? I hated digg anyways (it and reddit are far too polluted now to bother wish), this is even worse. They somehow got my new address, and updated my old account's email to it. Can I sue? I don't want companies doing things like that.
I purchased something from the Apple store (brick-and-mortar, not online), and after the guy swiped my credit card, he asked if I wanted the receipt emailed to me. I said "sure, do you need my email address", and he said "no, we have it". And sure enough they did, because I got the receipt in my email. I assume they have the information from my iTunes account.
It wasn't Best Buy it was the Blu-Ray Player itself.
You see each one has a GPS tracking unit installed in it. When they are plugged into the wall they broadcast the GPS coordinates of the player and the make and model of the Blu Ray player to top secret CIA satellites in space which then bean it down to FBI headquarters in Arlington, VA. The Coordinates are then cross referenced against the United States Postal Service Database, where they can determine your address. After obtaining your address, they can also get your name from the USPS database. They then do a credit check through experian and this information is sent to the MPAA. They then inform the manufacturer if they find a player that is hackable and sue them to send you a firmware update disc.
Get the tinfoil, and hide your daughters.
Tsukasa: All I really want, is to be left alone...
Am I the only one that sees the word "Debit" and not "credit". These are two different cards. A debit card is very different from a credit card.
Stay tuned for new sig...
IT IS YOURS to do with as you please. Imagine that, a firmware updating utility (nudge nudge). No worries about licensing, copyright, or patent.
Lucky bastard.`
.ria eht ni cisum syawla s'ereht dna ,gnos ytterp a gnis sdrib eht .kcab dneb smra ym semitemos tub ,reh wonk i ekil leef i
Join the Free Software Foundation
yesterday i got a message that tmobile pushed a performance update onto my @home linksys router. i was thinking about trying to reverse it and discover how i can push my own firmware onto others @home linksys routers..but then i figured i'll just let the cat out of the bag and let someone else do it......
Did you use your reward zone card (which has your address associated with it) or send a rebate in after you purchased it for free Blu-ray movies or to get some cash back. Both are plausible causes that wouldn't require a conspiracy theory to define.
Buy with the cash, dude.
"XXX dollars is now refunded to your card, have a nice day!"
Those are done based on Transaction ID's, not your card number.
Maybe it was some kind of phishing thing? Yeah, I know how that sounds, but from what you said even if digg did update their system, you were banned anyway so why would you get a mail? Why would they update their dbase if you were banned?
So the scammers try to phish some digg accounts. The people that do fall for that phishing attempt are then sent a real phising attempt - one for the person's online bank details.
Car analogies break down.
Read the original article folks - it was a debit card, not a credit card.
Best Buy has a loyalty program. I forget the name of it, but they often stick flyers for it in my bags when I buy junk there. If you have their loyalty card, there you go.
Get off my launchpad!
A while ago I had gone to San Francisco for a conference. While I was there, I had stopped in to The Container Store and made a small purchase with a debit card.
Fast forward roughly a year and a half (and living in another state), I get a notice of a class action lawsuit against The Container Store for violation of some California consumer data protection statute.
I was pretty shocked that they were able to track me down like that. I didn't even have the account for that card anymore.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
I was at BB and had bought an item with my debit card and did not give the clerk any info other than my card. A week later I needed to return the item, but had lost the receipt. I went into BB and by using just my phone number, the clerk was able to find the transaction and reprint the receipt for the purchase. I have bought ESP/EPP plans in the past with that card so that's how they got my phone number, but it just shows that they are actively collecting every purchase you make even if you don't give them any personal info other than your CC number.
I've stopped shopping at stores that use my credit card as a way to get me on their mailing list. On vacation, we bought some chocolates at Harry & David. When we got back, there was a catalog from them in our mail with my name (not "Resident") in the address.
I'm not saying you're wrong but you do realize it is far more likely that they got your name and address from a local mailing list vendor than from your credit card? Especially around the holidays. There are countless services available that can target promotional mailings for a fee. There are all sorts of public sources for this information including housing records. (seriously - buy a house and you will get spammed with more refinancing offers than you can imagine)
I get Harry & David catalogs too (no I don't want them), with my name on them and I've never purchased anything from H&D. They also will send you catalogs if someone else buys you a gift from H&D.
That's not to say they don't use credit card into. I never give a zip code, phone number or any other info when checking out because it can be cross referenced. I nearly called the cops on the guys at Jiffy Lube once because they drained the oil in my car and then insisted they needed my address to put oil back in. They do have a legal right to ask and can refuse service if I don't provide the information but then I have a legal right to shop elsewhere as well.
I used to work for a moderately sized ski resort in Vermont, when I was in high school back in the 80's. This was back when credit card impressions were made on multi-part carbon paper receipts. Customer got one copy, merchant got another.
At the end of the day on a busy weekend, there would be thousands of credit card swipes, and the receipts locked in a vault in the offices. Part of my job was doing data entry at night during downtime. I'd check out a box of credit card receipts and enter the last name (from the signature) and the phone number (written by the customer on the slip) into a terminal. That was sent to a company in Ohio in batches of 50-60 thousand names. They matched name with phone number and sent back full addresses for our marketing department.
In 1989.
So, it's not at all surprising that they were able to piece this info together, and like others have pointed out, it's very possible they're matching your info to past purchases, returns or warranty information.
It's not that hard to do - credit card companies make big money selling lists of customers. they probably got it from your card issuer.
Most, if not all retailers maintain a database of products purchased with a credit card and even zip code. The CD was sent using the same information they already use often enough to inform purchasers about recalls and defective product. You are making this way more then it is.
Your credit card itself has several "Tracks" of data on the magnetic stripe. Your name is part of that data. It's more then likely the flow od data went:
1) PRODUCT HAS UPDATE\DEFECT THAT NEEDS TO BE COMMUNICATED
2) QUERY PRODUCT IN DATABASE JOIN WITH LIST OF CREDIT CARDS USED TO PURCHASE SAID ITEMS
3) GET FROM CREDIT CARD INFO USER NAME JOIN WITH CUSTOMER INFO WHERE NAMES MATCH
4) PRINT LABELS FOR THOSE ADDRESSES BUNDLE WITH CD
5) SHIP UPDATE DISC TO CARD HOLDER'S LAST REPORTED ADDRESS
6) TELL MANUFACTURE YOU DID DUE DILLIGENCE TO CONTACT CUSTOMERS THAT PURCHASED SAID PRODUCT
Seriously this stuff happens all the time, nothing evil, nothing with the credit card company leaking unauthorized info. You authorize the merchant to read your data tracks on the card every time you hand it to them. You address, zip code, and phone number are not protected data last I checked.
Relax folks, nothing new here since 1950s, big brother isn't involved on this, just a standard cross-reference query in a database matching product to credit card used to purchase said product.
-=[ Who Is John Galt? ]=-
See subject.
You probably at some point in time had given your address to BestBuy for a past purchase and they had your card linked to it. I know when I shop at Microcenter here in NY, each time I use my credit card my name and address I had given them when I first shopped there shows up. Purchased a laptop from them a few months ago and received a Thank You letter from them for buying xyz laptop.
It seems whenever I make a large electronic purchase at the big electronic stores like Future Shop or BestBuy they always ask for my name, address, postal code. When I ask why they need this information the cashier either doesn't know, or makes up some excuse about helping improve their quality of service. Sometimes when I refuse to provide the information, they claim they can't complete the transaction. To which I usually break down and provide my name as St. Nick and the Postal code of H0H 0H0, aka The North Pole (Or at least the department at the post office that deals with letters to Santa =P) The sad thing is, half the time the cashiers don't even catch on to the joke.
I'm starting to wonder about how many of these "upgrades" have actually been sent to the middle of no where =P
The midget in the back seat of the Lincoln crawls in your basement window at night, and takes inventory of your firmware revisions on all your hardware.
Do you: Follow him by foot. Turn to page 63
Forget about it and call your insurance company. Turn to page 48
push him back into the trunk and lock it. Turn to page 82
I went into Microcenter after they first opened, used my AmEx and puzzling enough, they had my former employers address attached to my AmEx.
Well, I thought about it, and the only place I used my AmEx with their address was buying tires for my work truck.
Thanks Discount Tire, now tons of junk mail that would normally come to me because I shopped somewhere goes to my former employer. Now that's progressive!
Aha! That makes sense. Thanks.
I was one of the 15-20 people who bought the XBOX360 HD-DVD add-on a couple years back. Last spring I received an envelope from Best Buy that contained a $50 Best Buy gift card and a letter. The letter noted HD-DVD's demise and that Best Buy's records showed that I purchased an HD-DVD player from them. I'm a member of Best Buy's customer loyalty program ("Best Buy Rewards") and figured that was how they found me. I can't say that I much cared how they found me, as I was happy to have the Best Buy cash that I didn't ask for.
Not true. There is a separate debit/ATM network. When they ask you "debit or credit", they're asking which network you want them to run the card on. If it's "sponsored" by Visa or Mastercard, you can run it as credit, you'll sign the receipt (or touchscreen gizmo) and it'll take a few days to take the money out. (They'll authorize it immediately, which puts a hold on the amount, though.) If you run it as debit, you'll enter your PIN, and the amount will be immediately removed from your account. This works with all debit cards, not just Visa/Mastercard ones.
(source)
ttuttle is a rankmaniac
Did you use a Reward Zone card? If so, they might have done this as a courtesy to their loyal customers and if would not matter how payment was made, as your personal information is on the reward zone account information.
When I worked in retail sales in the early nineties, Computer printers were making good enough images to encourage some idiots to try passing home-made bills as real.
Seems to be the majority of counterfeiting nowadays:
http://www.schneier.com/blog/archives/2009/01/trends_in_count.html
It's high time for Big Ed and the Bookhouse Boys to take care of that midget once and for all.
So, if you can update the firmware using a CD rather than sending back to the vendor, does that mean you can load whatever firmware you like using the same method, providing you can crack the keys signing the update?
What happens if you try to purchase a new Blu-Ray player at Best Buy with cash?
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
Grocery Stores do this.
I have never written down or given my information to Albertson's other than swipe my card. They then say thank you for shopping at Albertson's Mr. (Variable). The receipt has my full name on it and the last 4 digits of the card on it. Also the coupons on the back of the receipt are customized to what I have been buying. i.e dogfood etc.
I love how people think that by using cash, you're in some sort of safe haven of anonymity. So what you're essentially saying there is that you think that using a check/debit card to make purchases invades on your privacy somehow? Well I got news for you, it's unavoidable. Unless you plan on paying for a house, car and every other purchase EVER with cash, every time, then I got news for you...just one instance of borrowing money (mortage, lease, etc) and its over. It doesn't matter if one agency or eight has your address.
Go ahead and go out of your way to waste your own time, stopping at ATMs, paying fees, waiting in line at the brick and mortar bank to withdraw money every day, JUST so you can avoid having your address being sold to a marketing company. Yeah that's a great use of your personal time. I'll embrace the technology, use my check card, never carry cash again and when it's all said and done, I'll have saved tens of thousands of dollars in fees, completely mitigated the risk of having my cash stolen from me and saved months of time over you. Enjoy!
One thing I noticed while traveling to the US is the different meaning of a debit card. Up here in Canada, a debit card is a bank card used for Interac transactions. This does not exist widely in the United States. We also have credit cards, which are issued by Visa/Mastercard/etc. Down in the states, a debit card is a credit card.
Nah, I think he is a reg Best Buy customer and they have his profile on record. Fry's and Apple Store know who I am via the credit card.
"So they know from the bar code who bought that item,"
no they don't. Ever item of that type has the same damn barcode. Learn how barcodes are used.
You missed something.
Did they scan the receipt of the item? the could [print a different barcode per receipt, or have a barcode number the is assigned to you in there db they print on the receipt.
Your one of those people that thinks the price of an item is embedded in the printed barcode, aren't you?
The Kruger Dunning explains most post on
Pay cash if you want to have the slightest chance at an anonymous purchase. Use of a CC or debit card is 100% easily tracable by the store, the distributor, the manufacturer, their marketing department, their relatives, and anyone between them and Kevin Bacon. Duh.
Make their pictures look washed out and junky.
Boycotting Sony is just the start. Then the economic sabotage starts.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Who has friends at VISA? I suspect that Best Buy is in dire need of a PCI Compliance audit.
See that "Preview" button?
I sick and tired of how paranoid everyone is these days.
They do not have this information from your debit card or credit card but most likely, they collected your address information for marketing and warranty purposes when you purchased the device. Collecting that information also helps protect you from credit card fraud/theft.
Jesus was a compassionate social conservative who called individuals to sin no more.
Or it may be as simple as you signed up for a BDLive feature and the system identified you as owning a Samsung player. Or you completed a product registration card. Or someone else in your house requested it. Orrrr.... blah blah blah.
Who knows.
Everyone got one. But it's not an update; it installs AOL.
[tinfoil-hat]
I suspect things don't operate that efficiently unless someone has a stronger than usual motivation to get the update out. A serious hole in the DRM code seems like it might do it...
[/tinfoil-hat]
Erm, have you asked them how they obtained your address?
Hi all..
I used to work at Best Buy. They have a system which I believe was called Customer Contact Manager or something similar to that. Essentially if you give them your info for say a service plan it stays in the system (they ask for name address phone email etc). Or if you sign up for the Reward Zone card or credit card they have your info. Now lets say sometime you buy something and use your VISA card and either use your RZ card or give them your phone number it automatically ties all the info together. So that next time you use that VISA card even if you don't give your phone number or use a RZ card it links it all together. This actually makes it a lot easier if someone wishes to make a return and doesn't have a receipt. They can look up the customer by either phone number, name, address any of those and find all their past transactions/purchases. I guess its a little scary but its actually also pretty convenient. After all this guy probably guy a firmware update because of it.
Just goes to show you that you should have used a stolen credit card,
Proudly Butchering code for 20 years
today that during heart surgery they implanted a shunt with a RFID tag, explains the black helicopters.
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
We've known that a shopper has no privacy for a while now, retail chains, credit card companies etc are watching your every move through any distinguishing information they can possibly find, discount cards, rewards cards, credit cards and even debit cards, this surprises nobody that is not living under a rock. The difference is that here, the companies in question sent this guy a firmware update disc. The upshot of this is not only does he get to upgrade his firmware on his Blueray without any additional effort, but things like this serve to remind shoppers that they are not anonymous unless they are extremely careful, which is a damn good lesson.
When Argumentum ad Hominem falls short, try Argumentum ad Matrem
Don't forget the soundtrack playing through this hazy montage is Blue Velvet
If the story as told is true, this blows my mind. Not to wave the 'in MY country' flag too much, but in Canada this is horrendously illegal.
Federal privacy legislation states that a company that collects information
1) must only require information necessary for the business at hand;
2) may not deny service just because you refuse to provide specific information that is not required;
3) must disclose the reasons they need to collect your information; and
4) must never, without your consent, share or disclose your information other than for the purposes for which it was collected.
So if the bank gave his address info to Best Buy or if Best Buy had it already and gave it to Samsung, then this is a pretty clear-cut breach of privacy.
That's no midget. That's a trunk monkey!
I must be missing something here, because I don't understand the OP's concern. When you handed the clerk your debit card, a record was created of the transaction. That's part of how a store like BB protects itself from fraud. You may have chosen not to give the store any extra information for their personal records, but there's no reason to think BB wouldn't automatically log your information off the debit card. At some point, Samsung asked Best Buy to send out an update. Here's what I'm really not getting. It's been a generally known fact for decades that using a credit card is a sure-fire way to give federal law enforcement a paper trail to follow. If you want to disappear (or at least maximize your chances of disappearing), you pay cash. I'm assuming the OP is aware of this...are you upset because a corporation essentially did what federal/state/local authorities could also conceivably do?
or was this not a "Twin Peaks" reference.
So what is the going rate for a zombie?
"I assumed blithely that there were no elves out there in the darkness"
Just because Best Buy doesn't have your info from you today, doesn't mean they never acquired it before. Saving your credit card data to do marketing research and for these types of things "For your convenience" is simple if you've entered your info into a database at some point or another... Further, it doesn't need to be Best Buy themselves who collected it, just someone from a larger parent company. 5-10 years ago before you were security conscious is probably when they got the info from you, and now you can't get it off their records.
I was replying more to the spam part than the naughty people part. Given the many makes and models, going for a brute force attack would probably be best using demos for fake programs like Antivirus 2008 or, well, AOL-esque free trial discs. CDs, envelopes, printing, and postage would add up quickly.
For directing attention at one person, you'd need a good surveilance setup to find what stuff they have or a fake burglery or access to credit card records or garbage hopping for recipes.... It all just seems a bit much.