CRC security issues?

http://www.bikeradar.com/forum/viewtopic.php?p=16801436#16801436
Heads up –
Possible chain reaction security breach?

This happened to me, 4 attempts by t mobile to take 2 quid. Basically checking the card to see if they can bleed it dry. My bank alerted me straight away and cancelled my card.

This has cropped up on here every six months or so. After a spate of fraud I used to be V susiciously of CRC / Wiggle but it turned out to be a local BAA parking machine had a skimmer installed.

This was from the days I used to work in the CC IT world (a few years back). I seriously doubt CRC / Merlin / Wiggle etc (there were rumours about all of these) are allowed to store any CC info in the clear. All transactions are transferred to big name players : Worldpay etc.

Ultimatley, pay by Credit Card – you’ve got very little to worry about.

Your local petrol station is FAR FAR more likely to be skimming your details than a bike shop.

couldashouldawoulda – the likes of CRC etc are able to take partial and/or delayed payment. That being the case, they must be holding on to the card details somewhere and only presenting them to WorldPay (or equivalent) when the goods are ready to be dispatched?

Couldasoulda
I’ve had card fraud tracked back to both amazon and a shell petrol station in the past
Both times it was known to mbna, I wasn’t the first
No idea in this case if there is genuine Crc link but thought I’d best just warn people in case I know alot of people got a voucher and used Crc last wrk so could be concerned

I only pay using Pay Pal on CRC .in the hope that it is safer than putting my card details in..

Just checked my online banking and had £30 O2 prepay taken out yesterday. I also took advantage of the £10 voucher from CRC…

Looks like i’ll be calling the bank 1st thing 🙁

are you safe using paypal?
guess so as they dont send over your details?
always makes me cringe when i checkout on the ‘mobile’ site

This could well be true. Had 4 unrecognised transactions go out in one day this week after a CRC order, 2x £10
O2 top-up cards then stung for over £600. A call to banks fraud department, card cancelled and money refunded in 24 hours

Hmmm this is interesting.. I had 2 fraudulent transactions on the credit card this week. The transaction before these… Yep you’ve guessed it… Chainreaction!! 😡

I ordered from Chainreaction last week and guess what???
I’ve not had any fraud on my account

Druidh. Re: delayed payments, if you do these properly then you still don’ t need to hold the credit card details, world pay or whoever still handle it all, I’m building a site at the moment that does exactly this. Not saying that crc do, do this but they don’t have to.

I too ordered from CRC using the voucher – and no fraud on my account. I did use paypal though.

If your vouchers worked then they were probably genuine as they were verified by the CRC site.

Nothing in this thread constitutes proof either way.

Just checked as used CRC a fair bit laterly. There’s loads of indiscriminate payments been taken off my card, few £ here looks mostly on pointless rubbish. All of them me.

mahowlett – care to explain how that works?

I was called by HSBC fraud detection dept on Friday. £210 taken fraudulently, they then attempted a similar amount again which was then declined. I’d used the card for the first time at CRC a few days before.

Beej: nothing to do with dodgy vouchers.

Not proof in anyway, but I will be mentioning CRC when I speak to the fraud dept tomorrow.

I took advantage of the CRC £10 voucher on monday, thursday two lots of £15 were taken out of my account for O2 prepay.

Could be coincidence but I was thinking it would be something online rather than having my card swiped. I’m by no means the only person being relieved of their money for O2 prepay in slough.

Debit card now blocked, money being refunded and new card being sent out.

Druidh, they’re called deferred payments, and I think most of the major gateways support them now basically you send all the details to the gateway in the normal way and the transaction is authorised as usual but the gateway doesn’t actually put the payment until you send them notification that it should be paid. This has to be sent in a relatively short timescale though to stop you taking payments months after authorising them, I think the limit is in the order of a few weeks.

Who holds the gateway?

The reason I’m asking is that we do a simple re-direct to WorldPay when the order is placed – and the customer has to just pay up-front. We never hold any card details (it’s illegal to do so in Scotland), whereas many of these other sites do hold them – to save the customer having to re-enter them each time.

Hmmm, also had my card done a day after putting through a CRC order- £30 of o2 top-ups.

Not a new thing – I had O2 top ups on my card after using CRC over a year ago, despite never having an O2 phone.

i used to work at RBS, internet companys do this all the time, they pay their staff min wage and then wonder why shit like this happens!

Druidh, worldpay is the payment gateway, you’ll need to go to their support site to see how it’s done on their system, it’s illegal for a site to hold cc details unless they are PCI complaint, something which is quite hard to get and potentially means you could be liable for loads of cash if a card is used fraudulently,

Me too, Used the CRC voucher Monday, has 2 O2 Prepay debits of £15 in Wednesday. Gits!

i have had exactly the same, twice, in the past. had never made a CRC link, but they both made o2 prepay things. i guess crc may have a hole? off to check my accounts

Another order to CRC last week and like everyone else here had £30 of O2 top ups taken from my account and an attempt to send some form of online fax! Props to the bank for acting quickly, stopping the card and refunding the money. Also used the voucher and thought payment would be fairly secure using paypal!

MMm just read this and have checked my account. All fine at the moment having used the voucher last week, so am guessing prob OK. Thanks for the heads up though.

If hundreds or even thousands of card details were harvested, I doubt that they’d test absolutly everyone they’d gathered.

This is only the 2nd time that an internet retailer has been the prime suspect for any fraud on my account, usually it’s petrol stations.

I can’t say for definite that my details got into the wrong hands via CRC, but there does appear to be a pattern emerging.

Bank have canceled my card and the fraud team have been prompted to call me tomorrow. 🙂

my debit card was cancelled last week by my bank, no fraudulent transactions, but it was 3-4 days after I placed an order at CRC as well…

Had a call from my CC on Fri. Suspect transaction, someone tried to buy something from Apple.

As I now live abroad and the locals don’t like CC, I only use this card online. I keep this card for bike stuff, so for the last year or so it has only been used for Wiggle and CRC.

Card canceled and new one on its way.

I hate to say this but I win.
Spent the voucher and more on Sunday,payed with Debit card, and on Thursday. . . £1,305.95 gone out of my account to John lewis.
And no, it wasn’t me! :oops:Now in the process of getting my funds back off TSB.

Yup me too, order to CRC Monday night. Call from bank Saturday saying some one had attempted to buy O2 prepays. FWIW didn’t use a voucher.

And are CRC looking into this in any way? Any official comment from them?

Stocked up on brake pads last week using the voucher. Paid on a seldom used credit card. Call on Thursday from cc security re 2 x £20 Vodaphone top-ups, 2nd of which they refused. Card cancelled.
Having read the above all seems very suspicious: as per BoardinBob would anyone at CRC care to comment?

Me Too!

Just checked my account and £15 O2 top up debited. Called and cancelled card etc etc!!

Would be interested to hear what CRC have to say…….

I have used the voucher recently and no apparent problems but I paid through paypal….is paypal a lot more secure then direct cc???

Me too, bought some grips on CRC last week, Saturday morning credit card company phones me to say I have been diddled, 3 times £20 vodaphone top ups, £15 O2 top up and money to a charity in the US? Card cancelled and new one in the post, big thums up to mint for being on the ball!
PJ.

has anyone contacted crc about this?

in the light of them being ‘the worlds largest online bicycle retailer’ thats potentialy a lot of people scammed
http://www.bikeradar.com/mtb/news/article/chain-reaction-cycles-behind-the-scenes-29496

thankfully i use paypal as i have ordered from them quite a bit lately

The snapper from bike radar… Snooping around the offices a few days ago….he’s got to be suspect number 1……

http://www.bikeradar.com/gallery/article/chain-reaction-cycles-behind-the-scenes-29496?img=36&pn=chain-reaction-cycles–behind-the-scenes&mlc=news%2Farticle%2Fimage

Bought a few things off CRC over the past 2 weeks. First time used Paypal, second time used a combination of £10 off voucher, gift vouchers and Paypal. Don’t seem to have a dodgy transactions on my bank account.

and money to a charity in the US?

My gf had this a few months back, some family support charity in Texas 😕 Got the $20 back though