PulseTV, a popular online store in the United States, has revealed a large-scale credit card fraud scheme. And over 200,000 shoppers have been affected, according to the notice letter shared with the Maine Attorney General’s office.
On March 8, 2021, the platform received notification of a suspected breach from VISA, which alerted them that fraudulent credit card transactions were taking place on their site. PulseTV could not find any concerns on its e-commerce website after performing security checks and malware scanning.
However, law enforcement approached them a few months later about payment card hacks that looked to have originated from pulsetv.com, indicating that the problem had remained. The company retaliated by conducting a second round of inquiries, enlisting a third-party expert’s help.
On November 18, 2021, the investigators “learned that the website had been identified as a common point of purchase for a number of unauthorized credit card transactions for MasterCard.”
“Based upon communications with the card brands, it is believed that only customers who purchased products on the website with a credit card between November 1, 2019 and August 31, 2021 may have been affected” – PulseTV
The potentially compromised information includes customers’ full name, email address, shipping address, payment card’s number, payment card’s expiration date, and payment card’s security code (CVV). This information is necessary for card-not-present transactions, commonly used for online buying.
Customers who purchased from PulseTV during the indicated breach period should closely check their bank accounts for any fraudulent activities. The platform also stated that it is switching payment systems, implementing two-factor authentication (2FA) across all accounts, and implementing endpoint protection solutions for better network visibility and attack prevention.
PulseTV states that its investigations found no evidence of a system compromise. They were, however, the focal point for a slew of unauthorized transactions. This makes it difficult to tell if a well-hidden skimmer was installed on its site or whether the cards were taken from other merchants and solely used for buying on PulseTV.
Stolen credit cards are sometimes used to purchase products delivered to package mules and then sold for cash. When asked for further information about the types of fraudulent transactions on their e-shop, PulseTV is yet to respond.