Forum menu
their 0.1% figure may be based on direct contact, not us lot bitching on here.
they said up there ^^^ [i]So far, we have been contacted by customers who purchased in February and the beginning of March. The contacts we have had both directly [b]and via forums[/b] equates to under 0.1%[/i]
I'm sure I read somewhere that they despatch around 6000 orders per day, so over - say - a 10 day period that would be 60 complaints
well spotted, i doubt they have trawled through all the forums though
to be honest i'd like them to take the HUGE PR hit and send out an email to all account holders. not everyone reads the forums or checks the cc bills regularly.
I've just got an email from CRC, with the same content as the post above. Looks like you got your request mrmichaelwright 🙂
Amazing that a site such as El Reg reports it before STW.
Not amazing at all. Reporting on CC fraud is one of the things they tend to report on, along with compromised websites, unencryted SQL DBs left lying around on webservers, disgruntled webmonkeys walking out with files or refusing to handover root/admin passwords etc.
If anything, I was amazed they hadn't reported sooner.
to be honest i'd like them to take the HUGE PR bonus and send out an email to me offering a 100% discount for life
worth a try....... 😀
I hadn't bothered to directly contact them as my bank dealt with it pretty efficiently, but now I have.
CRC should put a note on their front page with their various statements and some advice on what to look out for / who to contact - it's pretty shoddy of them to be posting on message boards but not on their own website.
Report is a bit strong, they basically said 2 sites forum members reckon there's somthing dodgy going down. Hardly l33t investigative journalism.Amazing that a site such as El Reg reports it before STW.
they have, got mine 15mins ago.to be honest i'd like them to take the HUGE PR hit and send out an email to all account holders.
so it seems
not had mine yet though
Just got the email from CRC too. Glad to have some confirmation that they're looking into it.
I don't think they would actually lie about the 0.1% becuase if investigated they would end up in quite a bit of legal sh*t. I'm going to take their advice and pay via pay pal on future transactions until they come out with a statement saying that security issues, if any, have been resolved.
I was on the phone to them for 20minutes on a big rant. still doesnt help! i'll be getting my shiny parts from somewhere else in future.
If anyone is interested, there are 158 individual reports on this thread of fraudulent transactions being spotted on accounts.
If anyone is interested, there are 158 individual reports on this thread of fraudulent transactions being spotted on accounts.
Oh thank god. I was worried it was serious for a minute 8)
... equates to under 0.1% of on-line orders placed ...
Quick someone please start another on-line bike retail store as the market is big enough ...
Astonishing if there is no breach at CRC but yet so many are affected so this I want see.
Got ripped by the fraud , bank refunded , new card etc
Bottom line , started using LBS more
Actually not as bad as I thought
Net result = CRC loose another customer
and this makes it ok does it?... equates to under 0.1% of on-line orders placed ...
If anyone is interested, there are 158 individual reports on this thread of fraudulent transactions being spotted on accounts.
..and if you apply the "only 4% actually post" metric then that is a LOT of fraud
DavidB, 3950???
And that is only on STW
and add in all the other forums.....
No, you can't apply the "only 4% post" rule in this case as a loss or fraud is an incentive to post. It's liable to be many more %, but who can say how much? Only CRC. There are likely to be thousand of incidents, I guess.
To give CRC a fair whack, they have responded on the forum, they are working with a security company - and it's hurting them very much indeed I guess.
[i]and add in all the other forums..... [/i]
except that people will quite likely post on more than one forum, may not use the same user-name for each one so you end up double counting.
It's always the complainants who shout loudest so 99% of the people who have bought off CRC with no trouble at all are probably
a) not aware of any issues
b) even if they are aware they probably don't care cos they're OK
c) people liike me who did buy off CRC, had no issues but cancelled my card anyway as a precautionary measure. Better safe than sorry! 😉
I'm not saying there isn't a problem, I believe (from reading this forum alone) that the relationship between shopping at CRC and subsequent fraud is too high to be coincidence but, as yet, there isn't a reportable story on it and as Mark stated, this forum gets far more views than the front page news.
If there's one thing that's going to get lurkers coming forward and posting it's being ripped off by a fraudster. There are many victims who have posted on this thread for who this was their first post.. If you were a lurker who had bee ripped off, would you keep quiet after reading this thread? There's even a clear example on here of someone from France registering a new account just to add their case to the total. So the 4% rule doesn't count.
I think it's clear there are hundreds of cases. Which is an awful lot and quite clearly a total that requires a thorough investigation coupled with a public explanation once that investigation is complete, which from our contact with CRC is exactly what they are doing right now.
except that people will quite likely post on more than one forum, may not use the same user-name for each one so you end up double counting.
Sure there will be a bit of double posting but not all that much as people arn't gonna sign up to other forum just because of this and forum users tend to be loyal to the one that interests them most, there will be exceptions but not many.
Let me first note that I don't - yet - assign positive blame on CRC. There is CRC, there is, presumably, some company which carries out payments for them and there is cyber-space in between; the culprit can lie in any of these.
Having said that, 0.1% doesn't seem too plausible now, does it? They refer to a ~40 days period and we can safely (?) assume there are circa 1,000 cases reported here and there so far (am I exaggerating?). Then the 0.1% implies CRC has taken something like 1,000,000 orders in that period of time. That's like 25,000 orders per day. Does anyone buy this figure? Is there an error in my math?
On the other hand, even if the 0.1% is a truthful figure, it does not necessarily correspond to the actual number of compromised CCs. It may very well be that the fraudsters are on finite resources, a fact which may have prevented them to sting more cards in such a short period of time.
CRC are never going to be honest about the problem
"They have found no evidence so far" - Unlikely
I had attempted fraud happen on both my cards used - one original, one the replacement for the original, im on my third card now and avoiding crc, tks
Is there an error in my math?
Well, there is one in your English! 😉 Mathematics, not mathematic. HTH.
😉
Another here.
Have a John Lewis Credit card..
they called quite fast after an itunes US transaction.
Odd.
Anyway.. long story short.. last purchase was a set of forks at you've guessed it..
Bit of a pain being without a card.
I don't think anyone knows how many orders they take a day, but you could make a decent guess with a few assumptions.
2009 turnover was £77m. Assume a low average order value of £50 gives 4300 orders a day, a high average order value of £400 gives 500 orders a day.
No idea what actual average order value is, but less assume its somewhere between the above. That means they take 500 to 4300 orders a day.
Let's assume the period they are talking about (Feb and early March) is 40 days, that means during that period they've taken somewhere between 20,000 and 172,000 orders.
Using their quoted 0.1% of orders affected means that they've had reports of between 20 and 170 cases of fraud.
Clearly there's more cases reported here than the lower estimate above but it gives you an idea of the orders of magnitude.
Anyone with better idea of average order value could do better.
.
Well, there is one in your English! Mathematics, not mathematic. HTH.
Cut me some slack; I'm Greek and my English is actually American. Which makes "math" - instead of "maths" - right. Bah, I should have used "calculations"... 🙂
???????, ???? ??????!
🙂
[i]2009 turnover was £77m[/i]
but that probably includes Hotlines and all the brands they own that sell to LBS's etc?
I did think that perhaps - not sure how it is structured - I don't think CRC is a group company? Not sure. Hotlines although owned by same people is separate company?
If you assume it does though then number of orders is obviously lower which makes their 0.1% claim look spurious.
CRC turned over £77 million in 2009. This is information in the public domain.
I have no idea how accurate the following is so it's totally open to debate but we can play with some of the numbers and use them to narrow down to the unknowns. Then we can play plug in made up numbers and see if the answers meet our expectations.
Around £6 million a month in orders
Average order value say £25... or £50... or £100 ? Lets take these 3 and see what happens.
6 million/£25 = 240,000 orders a month.
@ £50 = 120,000 orders
@ £100 = 60,000 orders
0.1% of 240,000 = 240
0.1% of 120,000 = 120
0.1 % of 60,000 = 60
We have on this site 158 complaints. That sits between average order values of £25 - £50 but we can't assume that those 158 are all the complaints. There will undoubtedly be more.
The largest unknown is the average CRC order. I could be all over the place with my guess. Maybe a straw poll of readers last purchase values will help us narrow that down to a more accurate figure. Anyway, I think the method is sound if not all the figures within it. The other unknown is how representative our 158 complaints are of the total complaints. These two figures are open to debate and supposition.
err did you just copy my maths?!
This seems to suggest around 30,000 orders/month
Another lurker stepping forward here.
CRC order placed in the relevant period, followed by call from credit card fraud dept last week - dodgy activity on card, card blocked and now reissued.
Ah.. I posted that and it seems the same sort of calculation has been done already. Good to see we are on the same general lines though. Did CRC own Hotlines in 2009? 2009 accounts will also refer to the period that ended in 2009 so depending on when the end of year is it could include most of 2008.
Mark what I still don't understand is how CRC (who say they still don't know what the problem is how the information was stolen) can be confident of quoting any percentage of total order value/numbers of orders as being affected?
If they can be certain that only 0.1% are affected then they must have a very clear idea how the information was obtained and what percentage of their orders left the channel used for CC traffic open to abuse?
If they're just going by numbers of reported incidents to them then they're relying on people tellign them? I wouldn't - I know they know they have a problem.
@uplink - that article says 30000/week not month?!
yeah sorry my typo
It bears out my other post though of 6000/day
@mark - was just joking.
Taking a look at the accounts they actually quote the number of orders and average order value (kindly).
Orders: 1042878
Ave Value: £72.43
So thats 114,000 orders in 40 days. And 0.1% of that is 114.
Of course that data is a couple of years old now, and they've grown considerably since.
What this is doing, of course, is ensuring that there's not a cat in hell's chance that I'll buy anything from CRC in the forseeable future.
I suspect I'm far from alone........
there's not a cat in hell's chance that I'll buy anything from CRC in the forseeable future.
If the price & stock is right I'll still buy - I did yesterday [via Paypal]
What this is doing, of course, is ensuring that there's not a cat in hell's chance that I'll buy anything from CRC in the forseeable future.I suspect I'm far from alone........
I suspect that this will also, hopefully, drive a few more people back to their LBS.
wwwas,
The CRC statement says the 0.1% figure comes from reported case AND those reported on forums. Now it's true that there is probably an unknown quantity of victims out there who have neither reported directly to CRC or on a forum - this is another unknown value in the big equation. Slowly we are gathering enough data to plug in numbers to these variables though and as we do a fuller and more accurate picture is emerging of the scale of the problem.
So far, the numbers we have played with are at the very least in the same general area that makes CRC's claim of 0.1% not an unrealistic claim. 'Hundreds of victims' is still a lot and needs investigating, even if there are by our own collective calculations hundreds of thousands of order a month.