Crisis management is a topic I address with frequency on this weblog as I realize that all companies mess up and have bad things happen, but how they respond, that’s the big difference between success and failure. I’ve also written about McDonald’s (NYSE: MCD) backed DVD rental startup Redbox before too.
Apparently the company had someone install a credit card skimmer on one of their devices and found it. Not good at all! What’s important is that I haven’t seen this news show up in the mainstream media (or blogosphere yet), so seeing how the company has notified its customers – even the vast majority of their customers who are unaffected by the problem – and is aggressively dealing with the issue is quite informative. Read on, this is the entire email sent out, then I have some additional commentary at the end…
To Our Valued Customers:
A few days ago redbox detected and removed an illegal credit card skimming device at one of our 7,400 locations. At the same time, redbox also discovered evidence of skimming attempts in two other locations. Skimming involves the placement of an illegal device above the credit/debit card reader on a vending machine, ATM, or in this case a redbox. These devices are used to illegally read or store personal credit card information.
Even if your redbox was not targeted, it never hurts to pay a little extra attention and check for any unusual activities or changes at your local redbox. If you suspect your redbox has been tampered with (click this link to see pictures of skimmer devices: http://www.redbox.com/creditcardsecurity/ ) please call 866-REDBOX3, e-mail alerts@redbox.com , or notify the store/restaurant manager of your concerns immediately.
Although there is no evidence currently that these skimming attempts were successful, consumer security is a top priority for redbox. Reviewing transaction records, there is a possibility that up to 150 customers may have been affected. Although only a small percentage of the millions of customers who use redbox each month, redbox has notified the major credit card companies so that they can monitor the situation. The redbox team is also working with local authorities to investigate the incidents and ensure your security.
Skimming is not new (click this link for more details: http://www.uboc.com/ ). It has been attempted numerous times on ATMs, gas station pumps, and now redbox has been targeted. Redbox has been aware of these industry threats and has spent significant time and resources to prepare for them. The 7,400 redbox locations are visited frequently by redbox associates to maintain smooth operations and an optimum customer experience. In this case, a redbox associate found evidence of skimming attempts and initiated the actions in the team’s response plan (including this e-mail message).
Redbox greatly values our customer relationships. As a result, redbox is open and direct in our communications about this type of situation. The redbox team also utilizes industry-leading technology to ensure you have a safe shopping experience and aggressively combats attempts by criminals to defraud customers. Please see the questions and answers below for some additional details on skimming and how redbox ensures the safety of your account information.
Sincerely,
Trina Graham-Hodo
Director, Customer Service
Bill Caputo
Director, Security
Additional Questions / Answers:
Q. What is credit card skimming?
A. Skimming is the theft of credit card information used in an otherwise legitimate transaction. It often involves the placement of an illegal device above the credit/debit card reader on a vending machine, ATM, or in this case a redbox. For more info click these links:
http://en.wikipedia.org/wiki/Credit_card_fraud#Skimming
http://www.uboc.com/about/main/0,,2485_703976951,00.html
Q. What does redbox do to protect consumer credit card information?
A. Redbox employs state-of-the-art security technology to ensure the privacy and security of our customers’ data before, during, and after their visit to our kiosks. Customer credit card information is encrypted the moment it’s swiped through our readers. Redbox uses further layers of encryption to protect all data transfers, too. Kiosks are also actively monitored and regularly inspected both on-site and remotely. Redbox never moves or stores unencrypted customer information. Credit card information can not be accessed by outsiders or even by redbox employees once the card is swiped at a kiosk.
Q. Where can I get more information on credit card skimmers?
A. Please use these links to get more information on credit card skimmers:
http://en.wikipedia.org/wiki/Credit_card_fraud#Skimming
http://www.usatoday.com/tech/news/computersecurity/infotheft/2007-07-31-gift-cards_N.htm
http://www.uboc.com/about/main/0,,2485_703976951,00.html
Q. How do I know if a skimmer is on my redbox?
A. Redbox credit/debit card readers are standardized for all locations. Click this link for pictures of the two approved readers and some examples of skimmer devices: http://www.redbox.com/creditcardsecurity/
Q. Who should I call if I have questions?
If you suspect your credit card information was improperly used, contact your financial institution immediately. If you have specific concerns related to this incident and redbox, please visit http://www.redbox.com/creditcardsecurity/ or call 866-REDBOX3. Please do not reply to this email.
So what do you think? Did they address the situation calmly, professionally, thoughtfully and effectively? I think so.
Dave,
Assuming Redbox is truthful in that they are sending a notice to all customers after only finding 3 instances in 7400… I think this is an appropriate, even inspiring response.
If they had waited until 1000 units had been compromised (or there are already 1000 but only reporting 3), then they need to be shot, tarred, feathered, and compromised in other ways themselves 😉
Jim
I would like to know how can I become a Redbox
vender?
Thank you,
et
It happened last Saturday, July 5th, at about 09:30 PM, on my way out of Save-Mart located in Seaside (Sand City), I made the decision to rent a movie at your Red Box vending machine, it happened that it was my first time using that machine, I follow the instructions and i chose 2 movies, The Eye and P2, after I scanned my credit card, I saw the screen saying “your movies have been vending”, or “your movies are being vending”, after this nothing happened, my movies never came out of the machine, suddenly, I realized that there were another movie blocking, or on the machine slot, on the way that the movies come out of the machine, it looked like somebody tried to return that movie but did not do the whole procedure and left the movie stuck thru the slot on the machine, that was the reason my movies never came out of the slot. I reported this happening to the store and they told me that the are not have authority over this machine, then I call you number and left a message, or voicemail, explaining what happened, I have not heard from you and I do not feel like I want to be charge for something that I never got.
Please call me Tomas Duran at (831) 521-2218, or (831) 394-6541 and let me know what it’s going to happened
Has anyone had a problem with REDBOX stating that a rental was not returned. Had one situation with REDBOX and haven’t rented from them since. Problem is still not resolved.
Upon returning the DVD the person in front of me was upset that a certain movie was OUT. I told them that I had the movie and was returning it. I returned it, then that client rented it immediately. IRONIC that a month later I have a 25.00+ charge on my credit card. REDBOX says it was never returned. I would like to know if there are any other situations like this so that I can pursue my refund effectively.
THANKS
I have had redbox charge my Debit card over 58.00 dollars, Unauthorized, One month after a rental of 2 movies which were returned, One on time, the 2nd movie the next day. they never charged me for the initial rental, just debited my account 21 days later. Still not resolved.
Schenectady, NY
As anyone figured how to delete your account. I have alreaday unsubscribed because I no longer ue this account but how do you delete your personal information from the account. I emailed them and they said they had to contact someone else for that…i find that odd….
I would like to see these companies get away from a credit card because of theft problems. One possibility could be a membership card used at the machine that attached to a account that you could pay for monthly. You could even pay in advance similar to a debit card.
Or add a bill pay slot. Dollar bills only. I remember when I first used one I actually looked for a bill pay slot.
I have been hit by a skimmer 3 times this month and been through three credit cards. I paid in cash everywhere except the redbox after being forced to replace my card the second time. I got hit again. This in fort myers florida. I have even called to notify redbox and they said they do not have a redbox at that location. ugh
I would check with the store owner where the phantom Redbox is located, personally, and possibly the sheriff too. Very strange.
I just had two debit cards compromised. One is used exclusively at Redbox. I called them and they offered no assurance and no help at all. I will not be using Redbox any longer. I do love their service but feel that they are not doing a good job at protecting my credit information.
Evelyn, almost every time I read about credit card skimmers, it seems like they’re at Redbox locations. I think it’s possible that’s what happened to you: You swiped your card and not only did the Redbox unit get the data, so did a separate recording device that was then used for fraudulent transactions. If you know which Redbox you were using, you might call the police and have them check it out.
After using redbox at 4900 W SR 46 (on 7/2), I started getting fraudulent charges on that card. I have reported it to cc company and dealing with the charges, but now have a major inconvenience, must cancel old card and wait 7 to 10 days to get replacement. I live in FL and fraud charges from New York. So card was either scammed at redbox, or worse yet, your system (database) has been compromised. Please let me know the outcome of this. At this point I am unsure if Redbox is a safe (secure) system to use.