Burned By Aldis

[Purseval]

I hate debit cards, always have and would never get one. My wife had other ideas. She goes to a few places that want cash or debit only in order to get discounts so she opened a separate account and got herself a debit card. since she doesn't leave a 4 mile radius around the house and only used major chains for business I figured it couldn't hurt. I figured wrong

About 2 week ago we got a call from the bank saying that someone in Los Angeles had used her debit card to withdraw $500. Since we live on the East Coast they called and asked about it. They said since it was an obvious fraud they would replace the money and issue her a new card.

I couldn't figure out how anyone could get her info since she used it so infrequently and in so few places. The best I could come up with was that we might have pulled into a gas station on the way to Orlando that advertised a low price but when you pulled in you found it was only with cash or their specific company card so she used her debit card to pay.

Well today we found out how it happened:

http://www.ajc.com/business/aldi-customers-banking-info-653565.html

In a press release issued Friday, the chain said card readers at some Aldi stores have been tampered with, enabling unauthorized individuals to capture a customer's name, account number and PIN number. The theft of information occurred in June and August.

Aldi does not accept credit card payments, but customers may use debit cards and EBT cards.

There are about 20 Aldi locations in Atlanta. Stores in 10 other states are believed to be affected.

If you use a debit card at Aldis check your balances carefully, odds are you could get nailed also. Since it was basically the wife's mad money that got stolen it didn't affect us. I'd hate to be one of the many people on this forum who use a debit card exclusively

 

[Michelle and crew]

That stinks! You can get shady employees anywhere. My information was stolen from my University...twice.

Glad it is getting cared for quickly.

 

[Dismom55]

Sorry you had such a bad experience. That would of killed us if done at a critical moment during the month. I use my debit card quite a bit, but as a credit card so I never put a pin # in, except at the bank teller machine of course. I use cash at aldi's because I guess I never trusted any of those little machines having my pin #.

Hope others avoid that trap.

Thanks for the heads up, another reason to continue to use cash at Aldi.

 

[disneymom3]

At our Aldi's you don't have to put in your PIN. (Which I don't get but that's how it is.) I tend to stick with cash there anyway. Thanks for the warning.

 

[C.Ann]

Same thing happened recently at a very large supermarket chain..

I was also reading an article not long ago about many ATM machines - no matter where they are located - having these types of problems with all sorts of cards..

It can happen anywhere - and does, eventually.. After 6 years of no problems, I had an unauthorized charged via the internet.. Fortunately it was a small amount, I caught it right away and everything was resolved in record time..

The only way to be 100% sure that these things won't happen to you is to use cash.. I have several options of making purchases, but never, ever leave myself in a position where I don't have cash on me..

Glad you caught the problem - but it's not just Aldis that you have to worry about..

 

[kaytieeldr]

Okay, I understand it happened to/at some Aldis card readers, but I wouldn't say "burned by Aldis" is necessarily a fair title. A few years ago, TJS systems were hacked (not the same thing, I know), and thousands and thousands of accounts were compromised. Yes, they could have been more careful, but they weren't aware there was a problem. If the thieves weren't using the typical equipment, nobody would suspect anything. I'm positive they'll inspect regularly in the future.

 

[C.Ann]

Okay, I understand it happened to/at some Aldis card readers, but I wouldn't say "burned by Aldis" is necessarily a fair title. A few years ago, TJS systems were hacked (not the same thing, I know), and thousands and thousands of accounts were compromised. Yes, they could have been more careful, but they weren't aware there was a problem. If the thieves weren't using the typical equipment, nobody would suspect anything. I'm positive they'll inspect regularly in the future.

My thoughts exactly.. There have been hundreds of stores and banks compromised in the past year (hasn't there even been incidents at WDW with the hotels as well - including CC's?).. It's not really fair to single out "one" particular store - as though it doesn't happen anywhere else..

I think the OP just doesn't like debit cards - and possibly Aldis either - and thus the title.. Although informing people to check their past receipts and transactions isn't a bad idea - but people should be doing that regularly anyhow - debit or CC's..

 

[Purseval]

Okay, I understand it happened to/at some Aldis card readers, but I wouldn't say "burned by Aldis" is necessarily a fair title.

My thoughts exactly.. There have been hundreds of stores and banks compromised in the past year (hasn't there even been incidents at WDW with the hotels as well - including CC's?).. It's not really fair to single out "one" particular store - as though it doesn't happen anywhere else..

It didn't happen anywhere else, hence no "Burned by Walgreen's" in the title. If you want to make excuses for Aldis that's your business, I won't. We fulfilled our end of the bargain by paying for our groceries. They didn't fulfill their end and we lost $500.

I think the OP just doesn't like debit cards - and possibly Aldis either - and thus the title..

Aldis is just another store. Debit cards are a risk. Besides the $500 taken they tried 2 other times. They essentially could have emptied her account and she may or may not have got the money back. As said originally it wouldn't have mattered either way for us since it wasn't money we depended on. If we did it could have been a disaster.

 

[MsDisney23]

I love shopping at Aldi, I have one very close to my home and we have had one for about 20 years. One of the very first ones in the country. I will continue to shop there and use cash only.

 

[Purseval]

I love shopping at Aldi,... I will continue to shop there and use cash only.

We haven't been to Aldis since we found out what happened, not because we're avoiding it but we only get a few items from them every couple of weeks. It will be interesting to see if they have posted any notices about the security breach in the stores that were specifically hit so their customers can start checking for fraud. This is what they posted on their website:

http://www.aldifoods.com/us/html/co...?WT.z_src=banner&WT.ac=Banner-without-Alt-Tag

Notice to Our Customers

October 1, 2010

ALDI Inc. recently learned that, from approximately June 1, 2010 to August 31, 2010, tampered payment card terminals were illegally placed in some ALDI stores, enabling unauthorized individuals to fraudulently obtain payment card information from a limited number of our customers. The tampered terminals were capable of capturing information such as name, card account number and PIN. We believe some terminals in a limited number of stores in the following areas may have been impacted:

*
Connecticut (limited to greater Hartford area)
*
Georgia (limited to greater Atlanta area)
*
Illinois (limited to greater Chicago area)
*
Indiana (limited to greater Indianapolis area)
*
Maryland
*
New Jersey
*
New York (limited to greater Rochester area and Lower Hudson Valley)
*
North Carolina (limited to greater Charlotte and Raleigh areas)
*
Pennsylvania (limited to greater Pittsburgh and Philadelphia areas)
*
South Carolina (limited to greater Charlotte area)
*
Virginia (limited to greater Washington, D.C. area)

The crime was immediately reported to federal law enforcement authorities, we began an investigation, and we conducted a thorough review of all stores nationwide and removed terminals we believe may have been affected. In addition, we ensured that the relevant payment card brands were notified. We also implemented additional security measures to prevent this type of crime from reoccurring.

We take our obligation to safeguard our customers’ personal information very seriously and we regret that this incident may affect you. We encourage you to remain vigilant and to carefully review and monitor your debit and payment card account statements, as well as your credit reports. If you believe your payment card was affected, we recommend that you immediately contact your bank or payment card company, and local law enforcement authorities. You are entitled under U.S. law to one free credit report annually from each of the three national credit bureaus. To order your free credit report, call toll-free at (877) 322-8228 or visit www.annualcreditreport.com. The Reference Guide below provides details on these and other steps you may wish to consider, including recommendations by the U.S. Federal Trade Commission on how to further protect your personal information.

If you have any questions or would like additional information about this situation, please call (877) 412-7152 toll-free, Monday through Friday, between 9 a.m. CDT and 4:30 p.m. CDT.

We sincerely regret any inconvenience this may cause you.

and from their FAQ:

1. Is it safe to use a debit or other payment card at ALDI?

We have conducted a thorough review of all stores nationwide and immediately removed terminals we believe may have been affected. We also have implemented additional security measures to prevent this type of crime from reoccurring.

 

[Green Tea]

It can happen with a credit card, a debit card, a student loan, or an account at a local credit union. Thieves burned you. I'm sure Aldi corporate didn't set out to hurt their customers.

 

[Purseval]

Thieves burned you. I'm sure Aldi corporate didn't set out to hurt their customers.

Call it the law of unintended consequences. By telling their customers they had to use a specific method of payment they set the table for thieves to take advantage of that method. It would be like a car dealership putting up a sign stating that they would sell cars at a discount but customers must pay cash then being surprised to find out that armed robbers were hanging out near the entrance looking for customers.

For those of you who aren't familiar with how debit card thieves work nowadays it's a lot more sophisticated than the robbers at the car dealership. They collect numbers and PINs for a while then, instead of exposing themselves to the risk of trying to cash them in personally, they sell the numbers to third parties. A lot of numbers would have been collected in that number of stores during the time frame mentioned so it may be months and months before the numbers work themselves down to the point where some junkie in LA is withdrawing cash from a card stolen in Georgia. If you shopped at an Aldi during the time referenced in the notice my suggestion would be to check your account carefully for suspicious activity then ask your bank to issue you a new card with a different number, rendering your old card worthless just in case.

 

[Mickey'snewestfan]

It didn't happen anywhere else, hence no "Burned by Walgreen's" in the title. If you want to make excuses for Aldis that's your business, I won't. We fulfilled our end of the bargain by paying for our groceries. They didn't fulfill their end and we lost $500.


Aldis is just another store. Debit cards are a risk. Besides the $500 taken they tried 2 other times. They essentially could have emptied her account and she may or may not have got the money back. As said originally it wouldn't have mattered either way for us since it wasn't money we depended on. If we did it could have been a disaster.

Did you lose $500, I thought that the problem was resolved, presumably because Aldi helped with the investigation.

I'm scratching my head a little at the thought of someone spending their "mad money" at Aldi's. I've never been, but I've always pictured it as the least exciting, most practical store in existance.

 

[Purseval]

Did you lose $500, I thought that the problem was resolved, presumably because Aldi helped with the investigation.

We were notified by the bank because of the unusual nature and amount of the transaction. Aldis had nothing to do with finding the fraud. At this point all they can do to help you is put a big sign up at the entrance to every store that had a known security breach and let you know that if you used a debit card at that location you had better get rid of it and have your bank issue you a new number.

I'm scratching my head a little at the thought of someone spending their "mad money" at Aldi's. I've never been, but I've always pictured it as the least exciting, most practical store in existance.

We're for the most part unexciting, practical people. She doesn't want to carry cash and I don't believe in debit cards or ATM cards, never had either. We also carry little cash because we put virtually every penny we spend on our Disney Rewards Visa. She has a few places she frequents that steer you towards cash or debit cards. Rather than running to the bank every time she wanted to go to one of those places she made a new account, threw money in it and asked them to give her a debit card. I call it mad money because, unlike our other accounts which are set up for specific purposes (electronic bill pay, collecting interest, etc.) this is just so she can spend it on stuff and as her way of getting cash for our weekly yard sale trips. That's what made it so surprising when we found out her number had been stolen because of the tiny number of places and the solid reputation of each place she did use it at, less than 5. They were so reliable, in fact, that the first places I though of as possibilities were either on our way to or in Orlando.

 

[mookie]

I totally feel the OP pain. I shop at Aldi's once a week, and just this past week went to take money out of the ATM and got denied. I went into the bank, and saw that I had plenty of money in my account, but Chase decided that since I shop at Aldi's a lot and also do a lot of internet/Ebay shopping, that my account was at risk. The thieves didn't even REMOVE any money from my account (yet) but the bank froze my account before they would allow that to happen. I now have to go into the bank on Monday, verify all charges from my account in the last month, and then they will issue me a new debit card. While I'm happy that Chase is being proactive in all of this, it's a huge pain because I have a lot of auto-debits tied to that account, so it's going to take a lot of changing things around for something I didn't do, and that's precautionary. But, I guess it's better than losing $500....good luck, OP.

 

[crisi]

Its pretty common at gas stations, where a part to capture the information necessary to the transaction can be easily installed into external pumps - and it doesn't need to be an employee - it can be done by anyone with five minutes of unsupervised access to the pumps. Video cameras are in place, but that doesn't mean they are looked at.

 

[debbi801]

Sadly, it's happening everywhere these days. And I shop at ALDI at one of the listed states. :-( In the last month or so, this same situation has happened at a local Q'Doba and a Shell Station (gas statiion). The theives are getting smarter and smarter. It's not ALDI's fault, any more than it is Q'Doba's, Shell's, etc.

 

[MrsToad]

In the statement that OP posted from Aldi's website, the company mentions that they've taken steps to prevent this type of theft from happening again. I guess my question would be, were these steps "best practices" steps that the Aldi company should have taken before the problem, or were these extra steps only available to them after they found the problem?

With these kinds of information thefts becoming so common, I could understand being mad at a merchant who didn't take reasonable precautions from the beginning if, for example, the merchant didn't want to pay extra costs for those reasonable precautions. If, though, this particular incident was something new, then maybe I could cut the merchant some slack. Is there enough information available to determine which situation applied in this incident?

 

[kaytieeldr]

It sounds like, somehow, some of their existing payment machines were replaced with 'new' ones that were able to transmit name/card/PIN information to the criminals.

Number one on the steps to prevent this from happening again would be, I don't know, identification verification from anyone replacing such security-related equipment? Like, who they are, the source of the equipment, who ordered the work, why...?

 

[undertheradar]

This was being done at BofA atms in our area. Even though the bank caught your "odd" transaction, you cannot prove that Aldis is where the info was captured from. Look at the security breach at Countrywide, thousands of customers credit histories were accessed and sold.