Supervalu Getaway Breaks/Loyaltybuild Payment Information Compromised

vicwatson

allthedoyles wrote: »

So anyone know what is the solution to this problem ?

Supervalu apologise - they advise to contact bank as soon as possible .

I called into bank today - they had no info on this and were more worried about the ATM skimming / scamming .

I took it upon myself to cancel my card and now have to wait 3-5 working days for new Visa Debit Card.

I'd be surprised if you get new card within 3-5 working days.

vicwatson

shamrock55 wrote: »

We used a cc for one of those super value breaks last year but i have never noticed any suspicious activity on my cards (yet)
if i ring the cc company and ask them to cancel my cc and issue a new one with new acc no and security no etc will they do this and will that sort this problem

Yes and yes, but it might take some time to get new card

shamrock55

vicwatson wrote: »

Yes and yes, but it might take some time to get new card

Ok thanks

vicwatson

I spoke with loyaltybuild and was advised that if you made bookings with supervalu breaks from January 2011 to February 2012 that potential fraud on ones card can only occur from Oct 23th (or 25th?) 2013 onwards.

They said that fraud I had back in April 2013 was coincidental and must have been from a different source.

Anyone got updates on this?

theedude27

vicwatson wrote: »

I spoke with loyaltybuild and was advised that if you made bookings with supervalu breaks from January 2011 to February 2012 that potential fraud on ones card can only occur from Oct 23th (or 25th?) 2013 onwards.

They said that fraud I had back in April 2013 was coincidental and must have been from a different source.

Anyone got updates on this?

There is mention of a third party being involved in the security breach. I wonder if this third party was actually contracted to Loyalitybuild and if they are the source of the breach then they may well have sold on your sensitive data to other hackers via underground forums or even posted the information to the likes of pastebin.com (just for some kudos!!). I've seen this kind of thing happen before and it gets pretty nasty, literally anyone's financial details can end up on some mainstream or underground site:(

firemansam4

I also had fraudulent attempts carried out on my dc in November 2012, I could never figure out how my details got compromised as the only times I gave my details online was via paypal or axa leisure breaks, and i am normally very careful at ATM machines. seems to much of a coincidence that it wasn't related to this.

I have since had that card replaced in November 2012, I have used the axa leisure breaks since then on my new card so I wonder is my new card compromised now, although no sign of it yet. And so far they are saying the affected period is between January 2011 to February 2012 when bookings were made. I wonder will these dates change like all other details seem to have so far.

bren2001

My gf had fraudulant charges on her card earlier this year. We had used her card to book Supervalu Getaway breaks. I do find it a bit odd that there seems to be a fair few people (here and on other forums) where fraud has been committed on their card late last year early this year after using one of the lesiure breaks.

I got a new card there a few weeks ago as my old one stopped working. The card number stayed the same but everything else changed CVV, Expiry etc. I just rang the bank and cancelled my card and they are issuing one with a new card number. That would be my advice for everybody who is unsure.

It only takes a week for a new card. If there is any doubt, cancel and get a new one. Only takes a few days.

RangeR

There is a freephone number being advertised now, rather than the premium rate one - 1800 303 689

The Getaway Breaks booking system will remain off-line, pending a thorough investigation of the Loyaltybuild system. We apologise for any inconvenience this may cause and if you wish to speak to a customer service representative you can do so on
1800 303 689 (freephone).

SpaceTime

On a related topic, I was very concerned when I used my credit card in a major DIY retailer the other day as I didn't understand why the were swiping it through their till system and then inserting into a chip and pin terminal to get payment.

I don't like my card details being captured by a second device like that and I don't understand why they're gathering that kind of data. It didn't make a lot of sense to me.

Any idea why this is done?

There seems to be very few standards for how these things are done.

a_ominous

I did same as a few people here and ordered a new card, new number. Had same credit card for 20 odd years, so time for a change, methinks. I've bought several Supervalu deals, trips on Stena on-line. Why aren't the companies who do on-line transactions forced to use the like of Verified by Visa? I know there are people who would have bought breaks, trips over the phone so this won't work. But that's up to the credit card companies to fix.

Hotblack Desiato

SpaceTime wrote: »

I don't like my card details being captured by a second device like that and I don't understand why they're gathering that kind of data. It didn't make a lot of sense to me.

That happened to me in a petrol station a couple of months ago, about a week later several spurious transactions appeared. Of course, I can't prove anything :rolleyes:

GerardKeating

SpaceTime wrote: »

On a related topic, I was very concerned when I used my credit card in a major DIY retailer the other day as I didn't understand why the were swiping it through their till system and then inserting into a chip and pin terminal to get payment.

I don't like my card details being captured by a second device like that and I don't understand why they're gathering that kind of data. It didn't make a lot of sense to me.

Any idea why this is done?

There seems to be very few standards for how these things are done.

This two swipe approach (which is frowned upon by the card schemes) is typically done because the till system does not support Chip and pin, so they swipe first in the till, so that the accounts dept know how the transaction was paid for and then a second time to actually make the payment.

allthedoyles

You will have heard about the recent cybercrime attack on Loyaltybuild, who manage our Getaway Break scheme. SuperValu is contacting all of its customers to provide an update and to apologise for any inconvenience or worry this may have caused.

Firstly, this issue only affects those who have booked a Getaway Break. Therefore if you have never booked a Getaway Break this issue does not impact you in any way. In addition, we would like to clarify that payment by card for your grocery shopping in-store or online is not affected.

For those who have booked a Getaway Break in the past and whose payment details have been compromised we have already contacted you directly.

However, while the investigation continues we would also like to forewarn anyone who has booked a Getaway Break to be vigilant and assume your contact details may have been compromised. Therefore treat any unsolicited communication with caution.

We have suspended the Getaway Breaks programme until further notice, pending a thorough investigation of the Loyaltybuild system. Please note all Getaway Breaks bookings made to date have been processed and completed.

If you have any further queries, please contact the Getaway Breaks helpline in the Republic of Ireland at 1800 303 689 or in Northern Ireland at 0800 0390 910

This is email update from Supervalu

fortunekb

Hi guys,

I was wondering what appeared on your bank statement when money was taken out??

My grandad's said slimming juice or
Something ... Anyone have anything similar? Or
Something we should watch for.

Thanks

RangeR

fortunekb wrote: »

Hi guys,

I was wondering what appeared on your bank statement when money was taken out??

My grandad's said slimming juice or
Something ... Anyone have anything similar? Or
Something we should watch for.

Thanks

Seriously? I don't mean any disrespect but you watch out for anything you didn't purchase.

fortunekb

RangeR wrote: »

Seriously? I don't mean any disrespect but you watch out for anything you didn't purchase.

He didnt purchase that .

NIMAN

This hack or leak of personal data will probably be remembered when they try to launch their banking and credit card services next year.

SpaceTime

I honestly think it's time the credit card model was changed completely. It's a fundamentally flawed technology that relies far too much on trust.

At this stage consumers should be able to push payments to retailers without revealing vulnerable details that can be stolen. The technology is there and we all carry complex smartphones that could easily facilitate something far more secure than dumb credit cards.


The banking industry hasn't really done anything to prevent this kind of fraud. Everything they introduce retains the old broken system. Chip and Pin (retained the magstripe so cards can still be skimmed). Online verification schemes like Verified by Visa only protect the retailers using them from taking fake cards and they're not universal or compulsory so can't work to cut out fraud.

It's only going to get worse and worse with more spectacular hacks as the whole concept of giving some one basically uncontrolled access to debit your bank/credit account by handing over 16 digits and an expiry date is just so stupid that it makes no sense.

The banking industry obviously makes so much money it doesn't care about the losses.

The current system is as safe as putting your keys under the mat at the hall door.

I'm actually thinking of switching over to using virtual cards online like entropay or 3V vouchers. I no longer feel secure using my cards, particularly my debit card as it could result in my current account being cleared.

Hotblack Desiato

The current system isn't the problem here, it was failure to implement it.

SpaceTime

Well, that wouldn't explain the regular hacks, phishing, skimming and seemingly endless card fraud.

The system isn't fit for purpose and the cost of fraud is being absorbed by interest rates and fees rather than being eliminated technologically.

We've basically got a payment card duopoly and it isn't innovating fast enough.

If getting access to the card numbers was of no value to any criminal gang, then there wouldn't be any hacks in the first place. The system is fundamentally flawed and shouldn't be so vulnerable to data theft in the first place.

All that's going to happen is these kinds of attacks will rise and rise until the banks eventually reach a tipping point where they do something about it.