LBS for me too! Cheaper than CRC a lot of the time too… i buy all my stuff there so they value my biz. They also build great wheels too and are always happy to help if they ever need a quick “tweek”…A big up for good old Marshalls Cycles in Herts. I first went there cos of all the support they had given local racing. On line stuff might be easier in terms of delivery etc but if it goes wrong like some of those guys have, its a nightmare!!

CRC – Is it safe to start ordering again yet?

That’s what I asked CRC after >£1000 attempted fraud on my card over easter. They haven’t responded yet so I haven’t used them again yet.

Ah – that explains why my bank cancelled my credit card a couple of weeks ago! No amount of pushing would get them to reveal the reason – but now I’m confident it was CRC that was the leak! Lucky my most recent order went to Wiggle instead…

what I can’t figure out is that if the extent of the fraud is really this bad (which it appears to be) then CRC’s merchant acquirers will be looking to CRC to refund the fraud loss. It usually works that way – the banks always look back to the merchant – especially in this case where CRC’s total lack of control and non-compliance with PCI-DSS has been admitted.

I reckon:
1. prices will go up at CRC to cover a few extra %age points on txn fees
2, or CRC’s insurers will be hit hard for the fraud loss – resulting in higher charges
3, or CRC will go bust when the banks try to recover the fraud loss amount.

Paypal here
had a load of hassle with debit card
never again 🙁

DO NOT USE CRC!!!

I just used them on Saturday last week. It was a debit card i had never used before and the next day £400 was taken and then £250 on the monday. Cleaned out my current account.

It had to have been CRC because the fraud was in sterling and I havent purchased anything else that would have been in sterling. All my other transactions are in Euro.

Be careful. Paypal only in future.

Arrrrggghhh, I figured it must be fine now, I just placed an order earlier with my CC, I will keep an eye on my statement and will see what happens!

ohhhhhhhhhhhhhh. that explains it. not been on here for ages so not seen anything about crc probs. It would explain the attempted £3k on my card just after I bought some stuff a few weeks ago. Thank you for the unintentional help!

what are you finding bez? and how did you find someones password? thats scary.

Had my card done again but this tome it wasn’t CRC as been using paypal.

Have you let them know what you’ve found? Personally I think that trading whilst knowingly putting your customers at risk is a kind of fraud in itself.

Hi bez

Can you drop me an email to Michael@chainreactioncycles.com

With the regards to forgotten password feature, regardless of any on screen messge, the website will only email the password to the email address associated to that password. Therefore you can only use this feature to retrieve a password if you also have access to the email

Drop me a mail anyway and we can discuss further.

Thanks

Michael

Sounds worrying if Bez is right….

I hoped it was ok by now so used my card with them last week, will be keeping an eye out…. I had the 2x£15 O2 voucher fraud on my debit card a few months ago, can’t be sure it was CRC. Real pita but bank sorted it with minimal fuss.

Bez, it can only be foolish posting such stuff on an open forum.

First, you may be wrong.

Second, you should be contacting CRC first instead of publicizing an exploitable weakness to everyone (if you are right, and I have my doubts).

I’d suggest the mods should take this thread down in case Bez is right and is publicizing an exploit.

As I said, the instructions are on CRC’s own site. I’ve said nothing that fills in any blanks.

I would add my concern to CRC. Great company, great price, GREAT GAFF ! I got contacted by my bank about unusual activity. My money was save by the bank (god knows why I should praise those crooks !) and the fact that the card details taken did not get by the sounds of it the last 3 digits on the back. Again these details are store with CRC and recent purchases point to CRC. The bank stop the card. But I must admit I need to check now what other details CRC have !

DO NOT USE CRC!!!

Be careful. Paypal only in future.

Bit contradictory there?

I’ve used CRC for years with only this little hicup – with the exception of the hacking their shop and staff have always been good and much better than most LBS’ in my area. Granted I’ve not been scammed for large quantities yet but I’ve now changed the way I online shop

I used paypal fortunately, since they haven’t yet dispatched my order of 31 March and then tried to ask for more money to do so. My suggestions that they were in breach of distance selling regulations by hanging onto my cash and my goods were just ignored, they gave me a revised date that has come and gone and they didn’t bother replying to my last posting on the paypal dispute.

So we’ve moved to a claim….

I’ve received a reply from Michael at CRC and they are on the case. Indeed I’ve checked back on the website and the specific vulnerability I tested has now been removed.

I’ll remind everyone else of one important thing in Internet security. Do not reuse login pairs of username/password or email address/password. Ideally do not reuse passwords at all, especially for important logins such as your email accounts or anything financial.

I should perhaps add that I have been a regular customer with CRC for a number of years and have had no significant issues with their service in that time, in fact on occasions it has been excellent.

I had the 2x£15 O2 voucher fraud on my debit card a few months ago

It may be a coincidence but my bank highlighted O2 top ups as one of the declined items as well.

Sounds like some free consultancy there Bez, surely worth some CRC vouchers 🙂

The O2 thing is very common, loads of threads on it. I believe it is how they test they have a valid card number, before they try a major fraud

So is it now safe to use CRC? I’ve been avoiding them for a while, but need to get some tyres.

Wish i looked on STW before i ordered from crc last night- bank just called to say that someone has cloned my card and now the account is frozen.
So no- its not safe….

Wow that is a nightmare.

This has been going on for what, 3 months now?

I haven’t bought anything else from Chain Reaction since this incident (took me three changes of credit card!)

on the contrary, i ordered on monday via paypal and my account hasnt been drained. item hasnt turned up yet either, but thats another matter 🙂

Ordered from Chain Reaction 23/5, unusual card activity started 3/6. Bother.