Credit and Debit Cards Compromised, Traced to ‘the Marketplace’
ALERT: Dozens of Crown Heights consumers are reporting that their credit cards have been fraudulently charged as recent as this week and going back over a month ago. One common denominator is that they all shopped with their cards at ‘The Marketplace’.
Reports of the fraudulent activity began cropping up almost a month ago, consumers began getting alerts of suspicious charges from their credit card companies. Charges were being made in nightclubs as far away as Italy, restaurants in Brazil, and at online merchants such as Amazon.com.
Social media sites have been flooded with messages alerting consumers to the fraud.
A common place that nearly everyone had swiped their cards was at the new Crown Heights supermarket called ‘The Marketplace’, which seems to be the source of the massive security breach.
“If you recently (in the past 2 weeks?) shopped in The MarketPlace and swiped your card there CHECK YOUR CREDITCARD STATEMENT” proclaimed one woman on Facebook, adding that “[Their] system was hacked and someone got a hold of all our creditcard info. The hacker CREATED replica CARDS on new plastic pieces.”
CrownHeights.info spoke with Marketplace manager Shloimy Gelbstein who said “we are not sure that we are the source of this breach.” Gelbstein explained “we cannot see customer credit cards on our own server.”
One Marketplace customer told us that he had shopped at the Marketplace on Friday, February 1st, and sometime the following week American Express alerted him that a charge was made in a nightclub in Italy, that they refused the charge and that they will issue him a new card. This past Friday he shopped at the Marketplace once again and yesterday he got the same call from AmEx.
This consumer was lucky since his card provider stopped the charge before it was even billed, but others have not been as lucky. Some of the cards stolen were debit cards which, when swiped, take the money out ones bank account as the swipe is made, and many debit cards don’t have any fraud protection and can leave a consumer footing a fraudulent bill.
Many consumers expressed anger over the Marketplace management not alerting customers to the potential compromise. When asked why they did not notify their customers Gelbstein said “we don’t know which customers were affected, nor do we have how to notify them.”
Gelbstein added that they have taken precautionary measures and have deleted their credit card processing server and installed a new one, hope that this will prevent future cards from being compromised.
Wireless
One of the leaks is common to new more advanced establishments is the Wireless systems.
hard enough to secure a Wired establishment But Wireless is impossible to secure.
re wireless
Re Wireless:
You are poorly informed. A WPA (either 1 or 2) secured wireless network, or encrypted traffic streams like HTTPS are impossible to get into. (I know that WPA version 1 had a security issue which allowed hackers to be able to add seemingly real packets to the encrypted stream. but it cannot read the info in the network)
If you have WEP or an open access point thats another story.
Don't put eggs in one basket
Just as you don’t invest all your money in one stock or security, same thing with money in the bank or other locations. Have only what you need when using your credit or debit card, especially when travelling.
Have the rest of your hard earned (even otherwise) money in another account. That way, if your credit/debit card is compromised, the other account should be okay. No, not guaranteed, but certainly, a better risk.
Milhouse
What does that mean? It doesn’t make any sense. This story is about credit cards. You don’t have money in a credit card! The credit card is used, and the money is charged to your account, which you then have to pay. So how is your advice at all relevant? It’s gobbledegook.
Shopped there
I shop there for the first time about two weeks ago, and the next morning my card was used fraudulently.
Thanks for the PSA
Thank you for posting. This happened to me as well. I got a new card the next day.
marketplace sucks
they knew about it did nothing to tell anyone causing major headaches for thousands
I will not shop there again
former worker at the marketplace
Someone from the inside allegedly might have been selling the CC info and the owners allegedly did nothing
empire kosher
looks like ill stay at empire kosher. i don’t need the glitz or the glitter. plus i think they have more specials.
Good customer service?
They may not have the phone number of everyone who used a CC, but they DO have the numbers of everyone who gets deliveries.
The mentchlich thing to do would be to call the number listed on everyones account to give them a heads up that if they used their card their recently they should carefully review recent transactions in case their number was stolen.
If anything, that would give people confidence to shop their in future, knowing that the MarketPlace is on top of the situation. They could even put up a sign, or issue their own PSA, letting people know that they are aware of the situation.
Instead, they hide behind their glass doors and pretend that nothing happened, until people start making a big deal about it on facebook.
Sruli Bryski
“Gelbstein added that they have taken precautionary measures and have deleted their credit card processing server and installed a new one, hope that this will prevent future cards from being compromised.”
If they are the source of the breach simply re-installing their processing server will not solve the problem. They need to investigate the root cause before being able to adequately protect their customers. If The Marketplace experienced a breach and fail to mitigate future breaches, they will run afoul of PCI DSS requirements. At that point, credit card companies may prohibit them from accepting credit cards altogether. Back to EBT and food stamps it is…
simple
They should put up a sign at every register telling people that there is a risk when using your credit cards
who are these people running the store????
who are even these people running the store??? where is benavu??? is he behind the selling of the numbers??
and what does this mean that gelbstein didint know how to contact customers???
he forgot how to use the local websites, facebook, emails etc.????
this will definetly happen again. i will never shop there!!!! period.
not hoinest people!!!
BS
Did Empire kosher pay you to put this up?
In response to #2 from Sgt. Snapcracker
#2, you are un-informed. One can easily crack WPA1 or WPA2 with BackTrack. Once something is on a computer connected to the ‘net, it is no longer safe – and if it is, it’s only until someone smart enough, with enough time and processing power, cracks the encryption.
Nobody
WPA1 and WPA2 are not crackable by reading the wireless stream, provided that the password is strong. BackTrack will not break a strong password protected encrypted WPA stream.
Security isn’t about a black and white “this is good, this is not.” You can have WPA with a lousy password, or you can have a dishonest employee (this is the most likely source, you can sell credit card numbers online) where all of the paranoid someone on the internet will crack it view won’t help a bit.
In a situation like this, your security has to be better than most other stores. Then real criminals move on to easier targets.
And your system has to be audit-able so that you catch employees.
LEAH
HAPPEND TO ME TOO ALMOST 400$ OYYYYYYYY
Dave
I run a store too. If CH”V it would happen to me, I would:
1) Apologize to all my customers.
2) Offer everyone affected a 10% off coupon towards their next order
3) Take cash only until this was properly resolved.
This is what they should do.
But so far there is silence from the MP………
look beyond the glass
I feel that it may be the cashier workers who were behind this, someone is covering their tracks!
Feds
The Feds should be called in and all those involved should be put in prison more than 27 years. They are worse than Rubashkin.
Anon
Relax. Let them sort out the situation first. And, if nothing comes of it then call the feds.
miriam
happened to me. A fraudulent charge was made in a bakery and in Dominos pizza. Luckily the credit card company called me and alerted me to the charges. They cancelled my card.
Anonymous
they are usually great with customer service, but should have taken steps to alert customers to the “possibility” of fraud. Of course they don’t want to accept liability, but could have found a way to let people know. When they want to advertise, they know how to get the word out
It should not have taken so long, and come from another source
sara
Things like this happen all the time relax people it was a mistake im sure their not trying to steal your money and plus the specials there are great
declasse' intellectual
One thing to be aware of is that debtit cards are more suseptale to fraud. Best, is to check statements as soon as receivwed and then act, Also, services like lifelock etc can provide assistence in case of fraud and so forth
Empire kosher
FYI empire kosher and the market place and kol tuv are owned by the same guy. If u only shop at empire kosher and not the market place the money is still going to the same place. LOL
Anon
I don’t know about everybody else, but I did not know this. Thanks.
Milhouse
Usually this has nothing to do with the processing system, and everything to do with a dishonest employee, who copies people’s credit card numbers. The business doesn’t know about it until it’s too late. This happened to me years ago at the Gap. I used a brand new credit card, and the next morning someone had used it to charge $4000 worth of leather and electronics.
dovid
the marketplace chevra, zevi, yoli from bakery,and the meat guy are great offer outstanding service…my problem is and what throw me off from shopping is the sky high price of the takeout namely the cold cuts 25.00lb from cornbeaf? the prices are never the same for instance if there is a special for pineapple for 1.99 when its scanned its 3.99 this happened on quite a few items…its frusterating….i now stick to empire kosher and still go to kollel abd rubashkins for cold cuts …cant beat that….I would still like to give benabou credit for putting together such a nice store…he deserves it…hopefully he will figure it out that its still about great prices that attract…
EXCUSE ME!!!!!!
The story went viral on Facebook. A whole bunch of women who got fraud charges figured out they all shopped in MP but MP never came back and posted anything to make people feel it wouldn’t happen again. They for sure knew about the multiple threads and many many comments but they never once said anything. How do we know it’s all fine and dandy? Just because you guys asked them???
Instead of being defensive MP should have signs up near the cash registers telling customers it has been solved and how. We aren’t stupid we can read. They need better customer service.
Add me to the list
It’s from the Marketplace – same thing happened to me the day after I made a purchase on my credit care. I hope they have a good insurance broker that offered them “Cyber Liability/Data Breach insurance” and that the owner was smart enough to purchase it. If not this could cost them a mint, besides any loss of business. I’m an insurance broker and will spare you the details, but that’s the bottom line. I feel so bad that they put so much gelt and coichos and made such a beautiful store and now they have this to deal with. What a shame!
EHEM
STOP N THINK.
IT IS EASY TO ACCUSE.
THE MARKET PLACE TOOK THE APPROPRIATE RESPONSIBILITY. THEY ARE CLEAN. IT HAPPENS…
customer
I have never shopped at the market place with a credit or debit card and my card was used for on-line purchases about a month ago. Don’t jump to conclusions. It could be anyone from anywhere
me
happened to me, my credit card called me 2 weeks ago BUT i did not shop at the market place, it was also hacked into. Some one used it in Kentucky for a few dollars and then bought something big and they called me and stopped it right away .
Please shopper
B”H
I shopped there and my card (Thank G-d) was not frauded.
declasse' intellectual
#28″ I used to work as a masgiach–before I semi-retired–in a chain of stores etc. One of them was a butcher shop where they made their own cornbeef and it went at $21.00 per pound, but it was top of the line that puts the stuff they sell in CrownHeights to shame. Rib steaks off the bone was $21.95, but it was premium quality-quality that you do not see here. Price is relevant, but what upsets me is there should have been a warning sign by the cash register that the company was hit by card hijakers. The place where I used to supervise, they did it.
Misunderstood
To Milhouse (no 4):
Maybe I was not thorough enough. No 1, Debit cards, which I mentioned (“Credit/Debit”), were affected. So, my suggestion, correct me if I’m wrong, is relevant.
” one of the cards stolen were debit cards which,
when swiped, take the money out ones bank
account as the swipe is made, and many debit
cards donโt have any fraud protection and can
leave a consumer footing a fraudulent bill.”
What I should have said is this: Have two accounts, where the debit card you use for shopping, travelling, etc., doesn’t have to have so much money on it. Add money to it from the other account when you need it.
Credit cards: Have a credit card with a low credit limit and use that. If you need more money on it, can add to that too, can’t you?
Not a customer
i have never shopped in that store, shop at Empire Kosher, but I don’t see why everyone is blaming the store. I too had to change my card after I was notified that someone was using it. The same day my daughter who doesn’t live in CH, was also notified that her card was being used. In both instances a small charge was first put in and when that went through a few hours later a larger item was charged. This is quite common, you need to keep checking, not wait for a statement, any small amount, a dollar or even a quarter, if it is not yours, notify the credit co. immediately.
frustated consumer
I shopped and used my debt card on Sunday Feb 17 at Empire Kosher I spent $5.32 I then had a charge of $5.32 show up the same day at the Presse Hotel in France. I also shopped at the Market Place and used my debt card there for a different amount. I also shopped at other stores in Crown Heights that day with my debt card. Since Sunday I had 6 fradulent charges with a total of $1,349.57 on my debt card.
qkfngers
I work in the legal/criminal field and have had many many cases of credit card fraud. this is rampant all over the world. everyone is vulnerable. it is almost impossible to protect yourself if you use a credit card. There are many many devices and systems these thieves use to get the info; it does not mean it’s an inside job. it’s even extremely likely the perpetrator/s are in a different country.
Be careful, always check your accounts, and be alert.
kol tuv
the owner of this place is horrible!
im gonna switch from the shuk to koltuv bc the owner of shuk is sooo bad but koltuv has a awesome owner!!
One more victim
I too got nailed by this but my card company caught it and I’m not out of pocket just waiting for the new card.
How can you charge there again?
high risk credit card processing
High risk credit card processing services from Trust Payments allow high risk merchants the processing solutions that are essential to any successful company.