Forum menu
Never send credit card details by email. It is not secure. It is like writing them on a postcard and posting it.
Sorry I should have been clearer, I asked them by email to refund me quoting my name and order number. I never sent my card details by email, that's just asking for trouble !
kamina - Member
They should just be able to refund to the bank with the transaction ID that came from the purchase.
Yep. Most merchants can do a full or partial refund using the transaction id from when you purchased. Given there's no repeat billing at CRC, it'd be hard to argue that they need to retain card details.
and another one....
7 days after using card
sent this thread round my bike mates, one of them had their card scammed too just after using CRC. Seems to much of a coincidence really.
I used Merlin yesterday for an order that I would have placed with CRC before the current situation occurred. First class service from Merlin - order placed at 1pm yesterday, delivered to me at 10am this morning.
just got me 🙁
new credit card account, only just got my first statement, a few different transactions obviously but a limited number of possible causes of the fraud. Used CRC last week, they were my last correct transaction, then a fraudulent vodaphone top up saturday and more fruadulent apple i-tunes stuff yesterday....halfiax card services picked it up and called me today. Well done to them, I'm impressed they picked it up seeing as my account is only a month old so they have very little 'history' of my spoending habits.
Dunno if it matters my my crc order was only part shipped (item out of stock), the remaining item has now been billed (I assume it's on it's way) that was the last 'correct' transaction....so they must have held my card details to bill me in two parts.
I ordered some stuff from Chain Reaction last week and I've just missed a call from the credit card fraud people and my card appears to be suspended 😯
Just had a call from the fraud dept of my bank... no dodgy transactions but they said a whole range of card numbers is at risk of fraud including mine and they're going to replace it. Last CRC order was 11th Feb.
I just had the call too. Someone topped up an O2 payg phone. I've not read the whole thread but I guess that's easy enough from nicking the payment details and card address off an online shop like CRC. Last order was about three weeks ago. New card it is then...
Me too!
RBS secure detected fraud on my card on Saturday morning when someone attempted 2 x £15 O2 top-ups.
Only had credit card fraud issues once before, many years ago.
Previous correct transaction was CRC a couple of days ago!
In my line of work (medicine) we have a saying: "if it looks like a duck and quacks like a duck, its a duck". I'm convinced it's CRC and will be telling the card issuer ASAP.
CRC won't be seeing any more business from me.
Another one here, and a work colleague was also done.
I'd love to know how they are doing this. My mate got done but the O2 transaction was done in the same minute as his CRC transaction (according to his statement)!
I've just had my card stopped, they had flagged the O2 transactions at the bank and put them on hold but the same details had then been used to try a smaller charge overseas.
Its an absolute joke that CRC haven't warned people properly about this.
Have just 'phoned RBS secure. The chap I spoke to virtually finished my sentence off for me. He went on to say that they know it's CRC and have been watching them for a couple of weeks.
Any one on here work for CRC? You're going to need to give out some mighty generous vouchers to rescue this PR disaster.
(Anyway, I've found somewhere much cheaper for a lot of stuff: H&S bike discount in Germany. Have just ordered an Ultegra groupset, let's hope it turns up ok. They had UN54 BBs for 9 euros!)
It is more than clear in a week and 13 pages that there is fair amount of people falling victim to this scam and not just a 'small percentage' as we have been led to believe. It's also clear the banks are more than hot on CRC's case and CRC are simply failing their customers to open up and give us some facts.
I last brought from CRC in mid/late Jan. So far I have not been targeted but am I safe? I for one, and I'm sure there are many other out there, would like to know:
What has been stolen/leeched?
How long has it been going on for?
How long have they known?
How many customers could have been effected?
Are they going to inform their customers rather than wait for the customer to find out themselves (email, tel website)?
Are they still taking CC payments knowing they could be putting customer details at risk?
Now don't get me wrong, they are of course victims of crime themselves and I feel for them and I suspect there are a few people loosing more than just their hair over this.
Obviously they are pursuing an investigation but they are not some 'corner bike shop'. They are one of, if not the biggest online cycle retailer. Perhaps because of their size and reputation they are keeping mum about this but all in all the decent thing to do would be to be more vocal and keep their customers informed a lot more often or is that too much to ask?
They might find they will gain a lot more sympathy and perhaps, just perhaps, regain a bit of that lost trust.
This year, I shall mostly be shopping at Merlin 🙂
If one of the other threads can be believed, they are turning over almost £2.5M per week - and a profit of 10% of that. Do you really expect them to turn off that tap while they resolve the situation?elliott-20 - Member
Obviously they are pursuing an investigation but they are not some 'corner bike shop'. They are one of, if not the biggest online cycle retailer. Perhaps because of their size and reputation they are keeping mum about this but all in all the decent thing to do would be to be more vocal and keep their customers informed a lot more often or is that too much to ask?
Got a phone call from my bank tonight about suspicous activity on my account. Ordered something from crc sunday, hey presto some twunt tried it on, luckily bank was on the ball.
druidh - Member
If one of the other threads can be believed, they are turning over almost £2.5M per week - and a profit of 10% of that. Do you really expect them to turn off that tap while they resolve the situation?
So, according to those figures, in the past 2 weeks they've stood to make £500k profit. PROFIT! Man up, take a hit and get it fixed! but as I've already replied in a previous post they could easily channel payment through other gateways if the profit is that important. Besides, what is the issue with that when...
wors - Member
Got a phone call from my bank tonight about suspicous activity on my account. Ordered something from crc sunday, hey presto some twunt tried it on, luckily bank was on the ball.
...the scam is clearly still going on ^
I was hit for over 2k in the end as mentioned earlier in the thread. I have a couple of vouchers I want to use so that I can finish things with CRC. Prob is even though the total to pay is £0 you still have to put in card details! Attempting to use Paypal as the checkout also fails presumably as £0 so I will have to add to the order.
I presume using Paypal is still ok as it forwards to that site where you enter your credentials so no danger of CRC getting them as well?
cheers
Hadn't seen this thread, but I too used the 10 quid voucher for some bit's n bobs. Then 1 week later I get stung for a fraudulent purchase of 303€ with some on-line flight company in Barcelona. Thankfully I get an SMS for anything over a certain amount so I was straight on to the bank.
Similar story, last use before was with CRC. Now I have to wait for another new card. Only had this one for about 3 weeks after the last was swallowed by a hungry ATM.
My Visa got cloned late Feb, saw this thread and checked the account, used CRC 48 hours prior to the fraudulent transactions starting. Probably no coincidence?
Just spoken to my credit card company, someone spent £200 of my money on Tesco.com this morning. It's an absolute f@cking joke that ChainReaction haven't mentioned anything, the silence from them is deafening.
It's outrageous that they're still trading with no mention of it when there is clearly a leak in their system. They've got some serious making up to do or I'll be closing my account.
Just hope CRC will reward everyone for their co-operation after so much hassle.
Oh ya if they cannot catch the scammer(s) then they fail big time.
druidh - Member....they are turning over almost £2.5M per week - and a profit of 10% of that. Do you really expect them to turn off that tap while they resolve the situation?
Sorry, but yes. Definitively yes. If I knew that my online payments were being regularly and massively comprimised, I'd inform each and every client and keep them updated on the situation.
The very second your clients lose faith in your ability to operate in a transparent and honest fashion, your clients will go elsewhere - as has been evidenced in many of the posts above.
I cannot fathom why any business, gargantuan or tiny would choose to hang a "Business as Usual" sign over a disaster like this.
This is getting very serious, too many people on here now for it to be a coincidence. The worst thing is the lack of an official statement from CRC, mistakes happen but it's how you deal with them that sets you apart. Burying their head in the sand is not the answer.
Another victim here, back from holiday to find a lovely delivery from crc but also 2 payments made to O2.
WackoAK, CRC have actually posted up on this thread, so they have replied. They have also spoken to some people who rang/emailed. I dont see what else they could reasonably do - unless you want them to pop over and say sorry in person. I dont think they did it on purpose, they are the victims of some sort of theft. It can / will happen to any website.
Not all of their customers have suffered, sure quite a few have, but they will be refunded by their CC companys in due course.
Perhaps a comment on their web page would make some feel better, but it wont actually do anything. A lot of customers will not have been affected and wont get the comment if its posted. Until they have found the reason for the problem there is not much anyone can do.
Or am I missing something ? What would you suggest ?
In the meantime people can suffer the complete misery of placing a free call to request a replacement CC. Shocking I know, but you will live.
It will have the knock-on effect of highlighting the ease at which this sort of crime can take place - that may make people look at their CC statments more often or tighten up website security. All good things in the long run.
In the meantime you will most likely be refunded. Im not defending them, just commenting that I dont think they have entirely buried their head in the sand. Im sure any company that sucessfull will be busy trying to sort it internally.
What would you suggest
An email to every recent customer making them aware of the risk and asking them to check their statements would be a good start.
Not every customer reads forums or will be lucky enough that their bank will pick up dodgy transactions.
Trimix - a post on their website would be a start. Not everyone who shops there will have read this thread and the post on here is vague at best.
In the meantime people can suffer the complete misery of placing a free call to request a replacement CC. Shocking I know, but you will live.
Try a 30 min call as it was me who spotted the fraud, not my bank. I then had get get my overdraft increased as they had wiped my account and until I get a new card I will have to vist the bank in person to get money. Not really a big deal but still a pain.
Just a me too.
Got a call from the CC company to say they'd blocked a transaction trying to buy a £15 O2 top-up. I used the card to buy from CRC around the time of the last £10 voucher email.
No idea if CRC has been compromised (looks that way), but I'm definitely wary of buying anything from them.
Natwest one is 20p/min.In the meantime people can suffer the complete misery of placing a free call to request a replacement CC. Shocking I know, but you will live.
e: I was on the phone for over ten minutes, so going by the amount I saved on my last purchase from CRC I may as well have bought from elsewhere. Only used them for the convenience and pretty much guaranteed next day delivery.
Trimix I'm pretty amazed at your comments, over £200 gone out my account but it's ok because I'll "probably be refunded". It's an unbelievable breach of security for such a large company and they CLEARLY should have emailed every single recent customer explaining that there has been a breach and to check your statements.
What about people who've paid by debit card? They won't be refunded. What about the people who have lost money but not realised? You don't think that ChainReaction have a duty to make them aware?
In the meantime people can suffer the complete misery of placing a free call to request a replacement CC. Shocking I know, but you will live.
Or suffer the humiliation of just having tanked up a car only to find they actually have no way to pay.
PS At least petrol went down 0.02 here today (and I need a tankful).
In the meantime people can suffer the complete misery of placing a free call to request a replacement CC. Shocking I know, but you will live.
There's one guy on this thread who has had his card cancelled the day before he flies off to the States on holiday for 6 weeks
Trying to hire cars/bikes/pay for motels etc. is going to be a bundle of fun for him
oh, how he'll laugh
Just last night I discovered some fraudulous purchase with my credit card: Only a small amount of € 8,90 for "SNCF internet".
I directly called my credit card company ING to have my card blocked. The guy I spoke to, told me that there had been more purchases in the last hours of several hundreds of Euro's.
Guess what? I have been shopping with CRC February 25. Irony was that I had received the voucher while processing my order. CRC was so kind to refund me the 10 pounds anyway, when I explained so. It was my first purchase with CRC and I was very happy with their fast delivery to the Netherlands and swift respond of their customer support.
I have to admit that I've been purchasing on the net a lot last weeks, also with Evans Cycles, Melitta, and Rose Versand, so I cannot be sure if CRC is the weakest link. First I suspected Evans because I had been so stupid to send them my credit card data through e-mail for some refunding, but after talking to them they pointed out to this thread.
I only use my credit card for online purchases and paying hotel rooms (mainly for business). I never use them at shops, gas stations etc..
The hassle isn't in the phone call to have your card replaced, its in being without a card for 8-10 working days. I can't even transfer money into another account without my debit card and it will take a couple of hours to go down to the branch and sort it out.
Of course people are commenting on their web page, why shouldn't they?! CRC are an internet-based business, they are quite happy to push social networking for advertising purposes, now they are finding out that its a 2 way street. Its up to them to communicate better with heir customers, acknowledge their mistakes, and make some effort to keep custom of the people affected.
All good points - franksinatra, your suggestion is a good one. Im not sticking up for them, just wondering what they could really do.
stuboy2uk - I thought the bank would refund Debit Card fraud ??
The only time I had to call the bank about fraud took five mins to stop and reissue a card. Not good if your experience is otherwise.
Perhaps CRC are weighing up the balance of an email to everyone vs the bad publicity. But threads like this will grow bad publicity anyway.
Hopefully they will have been workikng on the issue and can come back with a report that will satisfy most of us.
Just been called by MBNA - I put a big transaction through yesterday with Torq (legitimate), and they blocked it and gave me a call. Card is being cancelled and replaced even though I've not had any fraudulent attempts, because they've been informed by Visa that the card has been used in the past six months at a retailer that may have been compromised.
Card is being cancelled...because they've been informed by Visa that the card has been used in the past six months at a retailer that may have been compromised.
I've been waiting for that to happen. It could get even messier now...
I just popped into my branch and got my card stopped and a new one ordered. I was getting very bored of checking my account a few times a day!
I think they can forget about [url= http://www.chainreactioncycles.com/News.aspx?NewsID=1386 ]making it 11 years in a row[/url]
I'm almost reluctant to post this for fear of being accused of some kind of bias, when in fact I'm trying my hardest to be totally objective. I've spoken to CRC and they are currently deep in an investigation that involves an outside agency (that they have asked to investigate) I'm making no judgement on CRC at all either for or against but a bit of googling has revealed a few issues that are maybe worth us having a look at, even if at the end of the day the weight of available evidence is not altered.
So I offer this link (which is just a single source) for consideration.
http://www.bl0g.co.uk/o2-uk-ltd-prepay-slough-mobile-phone-scam.html
This next link at least backs up the 'lax security' issue aimed at O2
http://www.pardoe.net/cellnet/precis.htm
While that precis is quite ancient, this page of the same site was updated a few days ago..
http://www.pardoe.net/cellnet/index.html
Mark - you're right, the O2 top-up scam is a way of testing the validity of generated card numbers, but also a way of testing the validity of stolen card details.
The fact that CRC have an outside agency investigating, combined with people reporting that their banks are volunteering the information that there are "issues" with CRC, does suggest that we're not seeing randomly generated numbers being used here.
So yes, you're also right, you are 'in danger' of being accused of bias, but I think you've covered yourself well enough 😉
That's all very well but the fraud against my card did not involve payments to O2...
No problem so far. But I cancelled my debit card as a precaution.