Students in the last three semesters of the online course Survey of Jazz have experienced unauthorized credit card charges, and some are linking the problems to textbook purchases from the company Faulkner Press, whose owner said there had been no breach of personal information.
Like many online courses, Survey of Jazz includes a virtual component — in this case, the textbook, Jazz: The Great American Art Form. Upon purchase, the textbook is available for download to the student’s computer.
In a Facebook post to the USF Class of 2019 page, dozens of students have come forward to say their credit or debit card information was compromised, and unknown charges have appeared on their bank statements.
In many cases, the banks declined the charges and notified the account holder, giving students the first indication that anything might be wrong.
“I got a notification from my bank sometime last week that there were weird charges,” a Survey of Jazz student who wished to remain nameless said. “So, I thought it was from a gas station skimmer — I hear about that all the time — so, I just kind of scolded myself.”
She said she didn’t think much more of it until a friend mentioned a similar incident shortly after using her credit card information to buy the software.
Thinking it might just be a coincidence, the student went to the USF Class of 2019 Facebook page. In a post, she found dozens of comments from students whose information had been compromised and whose accounts had been charged varying amounts of money in cities across the world.
In comments under the Facebook post, students claimed charges appeared on their accounts from as far as London and Germany. Another Facebook user claimed $8,000 was charged to her account. Many comments were from students saying there seemed to be a correlation between buying the book and the appearance of unauthorized charges on their credit cards.
When the student went to University Police, she said they told her they hadn’t received any prior reports, and she would need to sign an affidavit with her bank.
In an email to the Oracle, Faulkner Press CEO Keith Dungan said “there never has been and never will be a data breach of any kind at Faulkner.”
“If you did research on credit card fraud, you’d know that 6 percent is the credit card fraud rate at this point,” Dungan said by phone Tuesday. “If you take a large class, and you statistically look at that class, there’s probably going to be a number of students who have credit card issues, but it has nothing to do with us.”
Dungan called the accusations by students coincidental.
According to NASDAQ.com, the U.S. is responsible for 47 percent of the credit card fraud in the world. Of that, 45 percent of reported incidents of credit card fraud occurred online in 2014.
In the comment section of the Facebook post and in a Reddit thread from a course at Georgia State University, several students referred to similar unidentified charges discovered after purchasing software from Faulkner.
In Georgia, the accusations were proven false, according to Survey of Jazz professor Jack Wilkins.
According to Dungan, the card information entered on the website is sent to PayPal. However, while the page that asks for credit card information has a link to use PayPal Express Checkout, under the “Credit Card” heading it does not indicate that PayPal will handle the transaction.
In an email sent to all of its account holders, PayPal sent a notice of a class-action settlement reached after plaintiffs accused the company of inappropriately dealing with disputed transactions, among other things.
Wilkins said he received several emails from students, and one informed him of an email correspondence between students in the section. Wilkins said he reached out to the company for some clarification on a possible breach.
“I was assured there couldn’t have been any information leaked,” he said.
Meanwhile, university administrators were not aware of the situation.
“This appears to involve a third-party vendor, Faulkner, who is outside the university,” the university said in a statement. “USF does not host, operate or have any role in securing their site.”
Dungan suggested apprehensive students get a gift card, temporary card number or PayPal account to make online purchases in the future. In its statement, USF stated students should immediately report suspicious activity to their bank.
In the meantime, the aforementioned student reached out to the local FBI office.
“Because it’s a cybercrime, it’s more their jurisdiction than the police,” she said.