A string of comments has once again made its way on the never-quiet Facebook page “GSU Book Exchange”, after students had their financial information stolen when using Faulkner Media.
This time, however, it seemed it wasn’t the company’s fault after all.
Faulkner Media, an online publishing company, is used by Georgia State’s Counseling and Psychological Services (CPS) courses for online material. It provides access to the courses’ books, assignments and practice tests, but recently students have been complaining of the website’s compromising malfunctions.
Samuel Ademisoye, a Georgia State student, said the software’s interface of the company is outdated, and hard to navigate through.
“There are multiple windows within the software as you navigate from place to place,” he said. “You have to finish a practice test [and then] open up task manager to manually end the task and restart the program to get where you wanted to go.”
Dr. Franco Dispenza, coordinator of the online undergraduate program of CPS courses, said the number of students complaining about the software is always around five to ten out of the 1500 students he has every semester.
But there’s another component of the site that had raised students’ suspicions.
Georgia State senior Autumn Rice told The Signal she used her card for a summer class of CPS 3300 Interpersonal Communication. She said she used her debit card to register on Faulkner Media, but after a couple of weeks she found a total of $353.81 charges from iTunes and Sprint.
“I used my debit card because I had registered for CPS courses twice again in the past using my mom’s credit card, and we found suspicious charges on there after about a month,” she said.
Rice said she found charges on her mom’s credit card of around $600 over a span of a couple of months. She tried calling the company’s customer service line, but after staying on hold for a while, the phone kept hanging up.
“After our class had registered, our professor told us to keep an eye on our bank accounts,” she said. “It wasn’t just me; there were other people in my course that were getting their card number taken.
Rice followed her instructor’s advice, but once she checked a couple weeks ago, she said all the money from her account was gone.
“We had a handful complaints out of 1500 students,” Dr. Dispenza said, and added that this problem only came up for students registering in the summer sessions of CPS courses.
“We had multiple conversations with Faulkner Media about this,” he said. “[We told them] we had students reporting this problem and asked whether there could be something compromising on their website, and what other alternatives the students had for the payment process.”
Keith Dungan, spokesperson for Faulkner Media, told The Signal the company had nothing to do with the registering process and had no access to the students’ account numbers.
“There was never any data on our servers to breach,” he said. “The student financial data was immediately handed off to PayPal who processed it. It was never on our server to be compromised.”
After recent incidents, the company re-wired their registration process so that all payments go directly to PayPal. Dungan also said 5 percent of Georgia State students who took CPS courses last summer reported having their information stolen. The students’ names and dates of transaction were collected and they were provided with alternate forms of paying methods.
“Their [transaction dates] were spread over a 30-day period and were interspersed among hundreds of other transactions from multiple institutions that had no problems,” he said.
According to Dr. Dispenza, a lot of students that had charges on their cards were initially using PayPal as their payment method.
“I contacted PayPal as well, and PayPal was like, ‘that’s not our problem,” he said.
He said students were complaining of credit card fraud on Faulkner’s behalf, however, he did not think that was the case. He said they reached out to students to figure out what other purchases they had made in that time period.
According to Dungan, Faulkner Media had passed all of Georgia State’s PCI reports and had provided the data required to accept credit cards.
“Our system is safe and the university is doing their job,” Dungan said. “The problem seems to be, students are often misinformed about how credit card scams work.”
The company spokesman said students charged on their debit card should be able to contact their lenders and dispute the charge in order to avoid money taken out of their account. The key to doing so is checking their bank account often. The charges, he said, could come from any number of websites they visited and activities they performed on their device.
According to research from Boston College, computers can become infected with viruses every fifteen minutes, that put students’ personal information at risk. This can cause what is known as phishing, where students receive emails that look like it’s a reliable company, like PayPal, trying to steal their information.
Dungan said one of the most crucial steps to keeping information on your computer safe is avoiding public areas with insecure Wi-Fi connections.
“Credit card fraud does not happen to a small subset of system users. When systems are compromised, all the information is taken and sold,” Dungan said.