Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blu-ray Update Sent To User Via Credit Card Records

Posted by CmdrTaco on from the allright-that's-just-plain-scary dept.

wmoyes writes "Back in September I ran into a Best Buy store to buy a Samsung BD-P2550 Blu-ray player. I didn't give the clerk my name, telephone number, or address, just my debit card. The player has sat happily in my living room without ever being networked or registered. Today I was shocked to find a package waiting for me at home from Best Buy — inside was a firmware update CD for the player. I used to think Windows Update was scary, but Samsung's update service tracked me to my house using the mag stripe from my bank card. Has this happened to any other Blu-ray owners?" Or is there a simpler explanation?

14 of 526 comments (clear)

  1. Cash by Anonymous Coward · · Score: 4, Insightful

    This is why I use federal reserve notes for everything I can. I bought my Wii with federal reserve notes. I bought my PS3 with federal reserve notes.

    --
    End The Fed

    1. Re:Cash by ultranova · · Score: 4, Insightful

      You should switch to Liberty Dollar's (http://www.libertydollar.org/) to show your contempt for the government as well.

      No, you shouldn't. They aren't money until they're accepted by Wal-Mart because that's what money is: a medium of exchange. So either get stocks, which are backed by the manufacturing/service capacity of the company issuing them, or if you want to hold wealth in silver, just buy silver bards directly. Why bother with a private currency, which inevitably has overhead costs ? What's the benefit ?

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    2. Re:Cash by Chaos+Incarnate · · Score: 3, Insightful

      As quoted, that just says that Congress can coin money, but doesn't restrain others from doing so.

      --
      Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."
    3. Re:Cash by Rastl · · Score: 5, Insightful

      Did you forget that the Constitution is there to specifically state the rights granted to the federal government? So if it wasn't there they wouldn't have the right to coin money?

      Banks and states printed their own money for a lot of years. There's nothing illegal about it unless you're trying to counterfeit existing currency.

      Currency is just convenient bartering, if you look at it objectively. "This wooden token is worth three chickens" is perfectly valid currency if it is accepted to have value.

      Back on topic.

      I'm not surprised that vendors and manufacturers are digging into the credit/debit card records for purchase histories. They're desperate since no one fills out their marketing, err, warranty cards. They need some way to track a customer base for stockholder reports. Sales histories aren't enough any more. They want to find out how to sell you more of their crap.

      I hope the OP filed an official complaint with the bank and his state. Privacy laws may be in effect here since there was no legal reason for them to mine that data.

    4. Re:Cash by monoqlith · · Score: 3, Insightful

      What's comical is not that you're so paranoid that you'll only use Federal Reserve notes to complete purchases. Well, that's pretty amusing, but what's even more amusing is that your sig contains a link to a site dedicated to ending the Federal Reserve.

  2. Prior use? by Iphtashu+Fitz · · Score: 4, Insightful

    Have you EVER used that debit card at the same store and provided your address or phone number? If you've ever done that then they have that information readily available.

  3. Re:Customer information sharing by b4upoo · · Score: 4, Insightful

    I tend to believe that sometime in the past you ordered something from Best Buy and perhaps gave them more information at that time. Perhaps you even had a home delivery of a bulky item.
                If they are doing data mining at the level you think that they are I tend to say congratulations to them for "going modern".
                The joy of data collection is that the general public should have the same power to collect data as companies do. Putting information in the hands of the public is sort of like putting Al Franklin in the senate. One knows that a shoe is about to drop.

  4. Re:Don't panic. by wmoyes · · Score: 3, Insightful

    Yes, it was Best Buy who shipped the update DVD, not Samsung. But still... an update service who ships updates to you based on your mag stripe. Scary.

  5. Re:Don't panic. by Speare · · Score: 4, Insightful

    But even that's wrong. There's no reason for Best Buy to know your address. They know the creditor's address, and the creditor has certified the transaction. If there's a problem with the funds, that's between the creditor and you. Best Buy is out of that loop.

    --
    [ .sig file not found ]
  6. Re:Customer information sharing by Score+Whore · · Score: 4, Insightful

    The package in the OP was from Best Buy for a Samsung player. Best odds are that Samsung knows absolutely nothing about this guy, they just told Best Buy that "hey, here's a firmware update for player model xyz."

  7. Re:Customer information sharing by skuzzlebutt · · Score: 5, Insightful

    Yes, highly unlikely...the magstripe doesn't store that info, so they would have to get that info from the card issuer (not Visa or Mastercard, the issuing bank) recursively. The card acquirer isn't even privy to that info unless there is a chargeback case or something where the consumer needs to be contacted. Card-issuing banks are beholden to regulations that would make most industries not even want to get out of bed in the morning and turn on the cash register; and they are extremely careful with what they do with cardholder info (lest they lose their charter with Visa/MC and have to close shop).

    Also, consider it from a business standpoint: even if you can get around the regulatory stuff, the CC issuer isn't going to pass that info along for free (they would have to have frame circuits or encrypted FTP channels or some secure way to send batches of data safely from the issuer to BB and then to Samsung--and no, it's not going over the same pipes that the authorization and capture are being passed through...that's going to be a totally different environment, likely through a third party processor; then there are operational expenses, etc...nobody does this stuff for free). How much is that data really worth to Samsung? BB has to be in that loop, because the cardhlder didn't by the device from Samsung; the issuer doesn't care that it's a Samsung device, they aren't a part of that transaction chain, so the data would have to go to BB directly. And is BB going to go through the expense to do that for just Samsung? If not, are enough companies going to want this to make it worthwhile? Again, strains credulity from a business standpoint.

    And even if they did have some kind of affiliate info-sharing deal with BestBuy (which, again, is highly unlikely), they aren't going to go through he expense and trouble so that you can get firmware updates for your Blu Ray player.

    Samsung got that info some other way, like a rewards card application or rebate submission that BB was able to link to an address via one of the many data aggregators out there.

    All credit card industry stuff aside: yes, that is indeed scary as hell. I wouldn't be happy at all.

    --
    My debut novel AMITY now available: http://jeremydbrooks.c
  8. Re:Customer information sharing by somersault · · Score: 4, Insightful

    There is most likely some other thing at work here.

    Maybe it was aliens? Or little toys come to life? The guy bought the player at best buy. He received a package from best buy with an update. It doesn't take that much to figure it out.

    Do best buy do anything like customer reward cards where they would have your address on file? Still, the guy says he only used his debit card. The simplest and most logical assumption would be that buying one of these players automatically puts you down to receive updates and they take the address from your debit card. Privacy nuts may hate that idea but I think it shows that Best Buy cares ;)

    --
    which is totally what she said
  9. Re:Customer information sharing by DamnStupidElf · · Score: 4, Insightful

    Credit Card numbers are quite reliable and for 1 dollar we would get *all* of the information on the card holder. This included name, address, age, spouse's name and age, children's names and ages, your income, and various demographic information for your neighbourhood.

    So, uh, basically everything you'd need to impersonate the person whose card number you have? No wonder credit card companies are so eager to do chargebacks and eat the loss on fraud... There's actually negative personal security by having a credit card.

    Just how choosy was the company you were doing lookups with? Can any cheapo web store get an account with them?

  10. Re:Customer information sharing by WhatAmIDoingHere · · Score: 3, Insightful

    " Today I was shocked to find a package waiting for me at home from Best Buy"

    Looks like Best Buy didn't share the information with anyone. Looks to me like Samsung asked BB to send out the updates to everyone who bought the player, and they did so without sharing that information with anyone else.

    --
    Not a Twitter sockpuppet... but I wish I was.