Questions Surround Some 8,000 Macy’s Debit Cards That Got Charged Repeatedly
Written by Fred J. AunWhen Macy’s distributed a very cryptic statement on December 23 saying that “some” debit card customers had been charged “multiple” debits for single transactions, it went virtually unnoticed.
Much of that had to do with the very quiet way Macy’s shared that knowledge—by E-mailing it to a handful of reporters, many of whom were on vacation. Unlike the typical way Macy’s—and others—make statements, nothing was issued to any of the major news release wires nor was the statement placed on the retailer’s own news release page. However, it was ideally handled if a company wants to say that it “announced” something but have no one know about it.
It wasn’t until January 2, when an Associated Press reporter saw the E-mail and filed a report, that coverage commenced. But the normally curious media that covered it didn’t seem curious about a plethora of odd things about the statement.
For example, retailers have specific systems designed to catch multiple identical transactions from the same account. Why, then, didn’t the Macy’s system catch anything until some accounts were charged two and even three times?
Here’s what the Macy’s statement said, in its entirety: “Macy’s had a system issue on Saturday, December 20 from 1-2:45 PM at stores in Macy’s Central and East divisions which may have caused multiple debits to some customers’ checking accounts. The problem has been identified and corrected. Macy’s has communicated with customers’ banks. The banks will credit customers’ checking accounts.”
Various Macy’s spokespeople couldn’t—or wouldn’t—address the most basic questions, even something as seemingly mundane as “Macy’s Central and Macy’s East are in different timezones. What timezone is being used with the 1-2:45 PM reference?” And, “did this impact in-store only or were any online debit transactions hit?”
One Macy’s manager familiar with the incident said that 8,000 transactions—and presumably about 8,000 customers, given the relatively short time span—were impacted.
That manager also said it involved a Macy’s payment processor and that the connection with the processor “was experiencing a slowdown that day due to traffic or systems issues. When that slowdown occurred, that’s when the double charges occurred. Once we identified the systems problem, we went in and corrected the slowdown and that stopped the double charging.”
Questions about how a slowdown could cause multiple billings were initially unanswered. Could it have been either software or an employee who, due to the slowdown, assumed transactions hadn’t gone through and tried putting them through again, thereby causing the multiple charges?
The same Macy’s manager also said that not only was the situation limited to specific geographies but it wasn’t even every store within those impacted geographies. It wasn’t clear why the debit card issues impacted only select stores, unless it was simply that not every store in those regions during that timeframe had any debit charges. That’s certainly possible, although a Macy’s is likely to be seeing a lot of transactions the Saturday before Christmas.
-Marc
January 8th, 2009 at 10:45 am
Evan, being the cynical person you are, I’m surprised that you didn’t speculate whether it was 1 p.m. Central to 2:45 Eastern (making the actual time an hour longer that it would first appear).
January 8th, 2009 at 10:51 am
If consumers had the Visa debit card that my company represents, they would NEVER experience any breach. We have the only card of any kind that can be ‘turned on’ and ‘turned off.’ My Visa debit card is always OFF (or disabled) until I turn it on — all via my cell phone. Even if you had my card number and PIN, you could never access the funds on my debit card. As a matter of fact, I was in a very long line at a Macy’s counter when the salesperson swiped my card that I had authorized for one transaction only. There was a problem with an incorrect price, and she asked me if I wanted the item anyway. I quickly agreed (with the long line), and she swiped my card again. Of course, it was denied and a message instantly appeared on my cell phone screen advising me of the attempt on my card. I simply called the programmed number in my cell phone, and turned my card ‘on’ in seconds, and the authorized purchase was completed. Everyone in line wanted to know how to obtain such a secure debit card — Please go to my website: securityassured.us and apply!