Oh god, I just ordered some parts from them!
Bike Forum
CRC - Is it safe to start ordering again yet?
-
Posted 1 year ago #
-
Just had a call from my CC provider as it may have been compromised. Card stopped, new one issued. Haven't used CRC since November last year.
It might not be CRC that is the problem - could be any manner of other transactions, but interesting nevertheless having missed the previous thread about it.Posted 1 year ago # -
Called them this morning as I got done as well. Was told it's safe now, but will be using paypal from now on.
Posted 1 year ago # -
Been using them quite a bit but been using paypal to pay for things. Add and extra day or two on to usual arrival times etc but it's safer.
Posted 1 year ago # -
Add and extra day or two on to usual arrival times etc but it's safer
Because of using paypal? It shouldn't, as it's just as instant a form of payment as CC - people on ebay seem capable of getting stuff to me next day when I pay that way. What you're actually seeing is that CRC don't normally do next day delivery any more.Posted 1 year ago # -
LBS for me too! Cheaper than CRC a lot of the time too... i buy all my stuff there so they value my biz. They also build great wheels too and are always happy to help if they ever need a quick "tweek"...A big up for good old Marshalls Cycles in Herts. I first went there cos of all the support they had given local racing. On line stuff might be easier in terms of delivery etc but if it goes wrong like some of those guys have, its a nightmare!!
Posted 1 year ago # -
CRC - Is it safe to start ordering again yet?
That's what I asked CRC after >£1000 attempted fraud on my card over easter. They haven't responded yet so I haven't used them again yet.Posted 1 year ago # -
Ah - that explains why my bank cancelled my credit card a couple of weeks ago! No amount of pushing would get them to reveal the reason - but now I'm confident it was CRC that was the leak! Lucky my most recent order went to Wiggle instead...
Posted 1 year ago # -
what I can't figure out is that if the extent of the fraud is really this bad (which it appears to be) then CRC's merchant acquirers will be looking to CRC to refund the fraud loss. It usually works that way - the banks always look back to the merchant - especially in this case where CRC's total lack of control and non-compliance with PCI-DSS has been admitted.
I reckon:
1. prices will go up at CRC to cover a few extra %age points on txn fees
2, or CRC's insurers will be hit hard for the fraud loss - resulting in higher charges
3, or CRC will go bust when the banks try to recover the fraud loss amount.Posted 1 year ago # -
Paypal here
had a load of hassle with debit card
never again
Posted 1 year ago # -
DO NOT USE CRC!!!
I just used them on Saturday last week. It was a debit card i had never used before and the next day £400 was taken and then £250 on the monday. Cleaned out my current account.
It had to have been CRC because the fraud was in sterling and I havent purchased anything else that would have been in sterling. All my other transactions are in Euro.
Be careful. Paypal only in future.
Posted 1 year ago # -
Arrrrggghhh, I figured it must be fine now, I just placed an order earlier with my CC, I will keep an eye on my statement and will see what happens!
Posted 1 year ago # -
ohhhhhhhhhhhhhh. that explains it. not been on here for ages so not seen anything about crc probs. It would explain the attempted £3k on my card just after I bought some stuff a few weeks ago. Thank you for the unintentional help!
Posted 1 year ago # -
what are you finding bez? and how did you find someones password? thats scary.
Posted 1 year ago # -
Had my card done again but this tome it wasn't CRC as been using paypal.
Posted 1 year ago # -
Have you let them know what you've found? Personally I think that trading whilst knowingly putting your customers at risk is a kind of fraud in itself.
Posted 1 year ago # -
Hi bez
Can you drop me an email to Michael@chainreactioncycles.com
With the regards to forgotten password feature, regardless of any on screen messge, the website will only email the password to the email address associated to that password. Therefore you can only use this feature to retrieve a password if you also have access to the email
Drop me a mail anyway and we can discuss further.
Thanks
Michael
Posted 1 year ago # -
Sounds worrying if Bez is right....
I hoped it was ok by now so used my card with them last week, will be keeping an eye out.... I had the 2x£15 O2 voucher fraud on my debit card a few months ago, can't be sure it was CRC. Real pita but bank sorted it with minimal fuss.
Posted 1 year ago # -
Bez, it can only be foolish posting such stuff on an open forum.
First, you may be wrong.
Second, you should be contacting CRC first instead of publicizing an exploitable weakness to everyone (if you are right, and I have my doubts).
I'd suggest the mods should take this thread down in case Bez is right and is publicizing an exploit.
Posted 1 year ago # -
As I said, the instructions are on CRC's own site. I've said nothing that fills in any blanks.
Posted 1 year ago # -
I would add my concern to CRC. Great company, great price, GREAT GAFF ! I got contacted by my bank about unusual activity. My money was save by the bank (god knows why I should praise those crooks !) and the fact that the card details taken did not get by the sounds of it the last 3 digits on the back. Again these details are store with CRC and recent purchases point to CRC. The bank stop the card. But I must admit I need to check now what other details CRC have !
Posted 1 year ago # -
DO NOT USE CRC!!!
Be careful. Paypal only in future.
Bit contradictory there?
I've used CRC for years with only this little hicup - with the exception of the hacking their shop and staff have always been good and much better than most LBS' in my area. Granted I've not been scammed for large quantities yet but I've now changed the way I online shop
Posted 1 year ago # -
I used paypal fortunately, since they haven't yet dispatched my order of 31 March and then tried to ask for more money to do so. My suggestions that they were in breach of distance selling regulations by hanging onto my cash and my goods were just ignored, they gave me a revised date that has come and gone and they didn't bother replying to my last posting on the paypal dispute.
So we've moved to a claim....
Posted 1 year ago # -
I've received a reply from Michael at CRC and they are on the case. Indeed I've checked back on the website and the specific vulnerability I tested has now been removed.
I'll remind everyone else of one important thing in Internet security. Do not reuse login pairs of username/password or email address/password. Ideally do not reuse passwords at all, especially for important logins such as your email accounts or anything financial.
I should perhaps add that I have been a regular customer with CRC for a number of years and have had no significant issues with their service in that time, in fact on occasions it has been excellent.
Posted 1 year ago # -
I had the 2x£15 O2 voucher fraud on my debit card a few months ago
It may be a coincidence but my bank highlighted O2 top ups as one of the declined items as well.
Posted 1 year ago # -
Sounds like some free consultancy there Bez, surely worth some CRC vouchers
The O2 thing is very common, loads of threads on it. I believe it is how they test they have a valid card number, before they try a major fraud
Posted 1 year ago # -
So is it now safe to use CRC? I've been avoiding them for a while, but need to get some tyres.
Posted 1 year ago # -
Wish i looked on STW before i ordered from crc last night- bank just called to say that someone has cloned my card and now the account is frozen.
So no- its not safe....Posted 12 months ago # -
Wow that is a nightmare.
This has been going on for what, 3 months now?
I haven't bought anything else from Chain Reaction since this incident (took me three changes of credit card!)
Posted 12 months ago # -
on the contrary, i ordered on monday via paypal and my account hasnt been drained. item hasnt turned up yet either, but thats another matter
Posted 12 months ago # -
Ordered from Chain Reaction 23/5, unusual card activity started 3/6. Bother.
Posted 11 months ago #
Reply
You must log in to post.
