As some of you may have seen across a number of different bike website forums, there have reports of some kind of card fraud which has been linked with Chain Reaction Cycles and purchases from its site .
We’ve been in contact with CRC regarding the accusations and they have told us that they are taking the matter seriously and going through every conceivable process to ascertain whether there is a problem with either their internal systems or that of an outside provider. Currently nothing has been found.
Here’s CRC’s statement from our own forum
Hi Folks
Just want to give you an update as you may have missed our earlier statements.
What do we know?
We know that some of our customers have experienced credit card fraud after placing an order with CRC.
When did we find out?
Senior staff in CRC were alerted to forum comments on Sunday 6th of March. We immediately began our investigations enabling [us] to release information via community forums on Wednesday the 9th, acknowledging that we were actively investigating the situation.
How big is the problem?
So far, we have been contacted by customers who purchased in February and the beginning of March. The contacts we have had both directly and via forums equates to under 0.1% of on-line orders placed In that same time period. However, we understand that for those effected this is of great concern and as we take our customer’s security extremely seriously we are taking all the steps we can to understand what has happened.
What steps have we taken?
CRC has employed one of the UK’s leading internet security companies to carry out immediate and full forensic investigation into CRCs infrastructure. This investigation has so far uncovered no evidence of any breach. We are also fully engaged with our card processing companies and the card schemes. This investigation is still underway.
Card Re-issues
Purely as a precaution, Card Issuers may make the decision to reissue new cards to recent CRC customers. If your card is reissued it does not mean that your details have been compromised but the banks take an ultra cautious view on this as the cost of re-issuing a card is much smaller than resolving any potential issue in the future.
When will CRC have more information?
We are working round the clock to get an understanding of what has happened; as we get greater understanding we will continue to keep you up to date and intend to issue a further updates over the next week or so.
Can you order safely?
So far the investigation has uncovered no evidence of any breach but if you want to order on CRC without CRC being in contact with your credit card details then choose Pay by PayPal and checkout using your credit card via the PayPal express checkout.
Please contact us directly
We want people who have been directly affected to contact us so we can personally update you by email. Please contact us on +44 (0)2893343758 between 9am – 5.30pm or email enquiries@chainreactioncycles.com and we will be glad to help you.
Thanks again for your patience and support
Michael Cowan
CRC Senior Management
Singletrackworld forum thread is here
If you’ve got any comments, it’s probably better to join in on the existing thread than to add them here, or start a new thread.
Comments (14)
Comments Closed
I think CRC have handled this all very well. I was one of the ones that got stung and still wonder whether it was through email with the £10 voucher deal.
Click the link and goes via “a hacker’s website” before getting to CRC website, which then gives them access to the saved debit card data on your computer. somehow?
Anyway, glad CRC are being public and noting it despite it being such a small percentage.
Despite spending the equivalent of the national debt of a small 3rd world country with CRC I’ve never had a discount code from them. I’m now secretly happy with that fact if what you suggest is right.
I got stung, didn’t use a voucher FWIW
I didn’t use a voucher or code – someone got hold of my details and used the card
Got me too. And I used the voucher.
The voucher’s a red herring.
I do like the title “possible link”- when I spoke to my bank it turns out they have a team dealing with “the chain reaction frauds”. It’s only a “possible link” in CRC’s heads.
I find it extremely difficult to believe that a bank has a ‘team’ deling with ‘the chaninreaction frauds’. In fact, I don’t believe it. As a proportion of a banks customer base, those who use Chainreaction must be absolutely miniscule. I could accept that within a fraud team, possible Chainreaction card fraud is one of many, many subjects of investigation.
“Click the link and goes via “a hacker’s website” before getting to CRC website, which then gives them access to the saved debit card data on your computer. somehow?”
Er, no it doesn’t – I just checked the html source… it goes to the CRC website.
Add me to the list as well – used the voucher to buy tyres at the end of February and a week later someone tried to buy an ipad from Argos using my card details. Fortunately picked up straight away by Barclaycard and stopped as item was to be shipped to another address.
If the items are being shipped to somewhere other than the cardholders address couldn’t PC Plod hide round the corner and nick the scumbag when they come to get their swag – or would that be too easy??
I take back my previous comment in light of others suggestions. Just at the time it seemed to go through more re-directs than i thought necessary. One of those things that catches your notice. I just carried on without another thought though. However when I clicked on it again the other day it went straight to the website – much quicker than before. Anyway, i think it’s an isolated outbreak and will no doubt be shopping there again very soon.
Well dispite all this, they still have loads of stuff I want and make it very easy to buy.
PayPal + CRC = new shiny stuff to keep my happy.
Used the voucher and paid using Paypal –
no problems here.
Pish, just checked, me to, 1 o2, followed up by 5 vodafones for 20. Barclays failed to spot it.
I just got asked for my credit card details over the phone from CRC about a back order because my last credit card had been cancelled because of fraud (not saying it was CRC but I am a regular user). In many websites now you don’t even see the credit card number at any point, it just gets passed form the website to the bank. Until they sort this they will always be at risk of fraud from roguae sales assistants copying down the number.