[Closed] CRC security issues?

What a complete T"""""R!!!

I got my card cloned. It was the only transaction on it. And was told by some rude women on CRC on the phone my internet security on my home PC was the reason i'd had my details obtained by a 3rd party.

When i advised i only use a PC from a multinational organisation with a multi million pound IT infastructure she ran out of things to say.

I would not even be annoyed about my card been cloned. The only thing that has annoyed me is her attitude towards me. It was plain rude. And now this arse treating his client base like monkeys.

CRC never getting a dime off me again,,,

I HOPE THEY FLOOD AGAIN!!

All this trouble with credit card fraud doesn't help when Chain Reaction send out your items with somebody else's invoice showing all their particulars!
I had to phone them direct today and tell them of the problem and explain that someone else has probably received their item with my invoice showing my particulars!
They apologised for the problem and blamed the warehouse staff, but that doesn't really help us all! 🙁

Hi Folks

We do not condone or support any attempt to influence the cycle community in any underhand way and we hope to give you as much honest, clear and accurate information as we can.

As our earlier statement says, we are taking this matter very seriously.

While we are confident that our systems are robust, we are taking nothing for granted and we have engaged with industry leading experts to fully investigate.

We will post updates as soon as we have more factual information.

We appreciate your understanding and support while we continue to investigate this issue.

Michael Cowan
CRC Senior Management

I went to a talk by someone from SOCO (Serious Organised Crime something) a while ago...apparently, the majority of incidents like this are caused not by criminals intercepting site traffic, but simply by them buying the details from a disgruntled, or underpaid, or greedy employee who has access to that kind of stuff. doesn't matter firewalls you have then

Twodogs - Member
I went to a talk by someone from SOCO (Serious Organised Crime something) a while ago...apparently, the majority of incidents like this are caused not by criminals intercepting site traffic, but simply by them buying the details from a disgruntled, or underpaid, or greedy employee who has access to that kind of stuff. doesn't matter firewalls you have then

Or a hacker gets contracted to do the dirty work. As I said in a previous post, don't assume their website was the entry point.

I’m coming in to this thread late, but had a letter from nationwide today. Called them up and someone has tried to spend £1 at an apple store. I used CRC Tuesday. ummm. Cancelled my card and luckily no money had been taken.

Lady at Nationwide said that CRC was the suspicious transaction. I think they know about a security breach... ? Perhaps.

Michael @ CRC

You have my sympathies at the position you as a company find yourselves in and I understand your stance but it has got to the point where people are starting to make their own conclusions. Above all I imagine that a lot of potential customers are not using your website until this matter is resolved.

The comments of drldan (AKA Daniel Loughlin before he changed his profile) are particularly unhelpful as he seems to be implying that all of the customers who have been victims of this fraud only have themselves to blame.

I hope you get to the bottom of this 'breach' and can issue a statement to set our minds at rest so that we can continue to spend money on shiny new bike bits.

It's ****ed things up big time for me. Missed card payments to the likes of Sky due to card being cancelled. I'd rather pay with sheets at my LBS than risk this shite again just to save a few quid.

Then to top it off I never made the link with CRC so shopped with them again when my new card came, so I'm going to have to cancel that one to be safe FFS !!!

And then some wisecrack blames the integrity of my firewall / antivirus !

Sadly this is all too common these days. I reckon that people will eventually go back to cash shopping and ride penny farthings with handlebar moustaches 🙂

I used the £10 chain reactions voucher last week and have been stung for £3.5k at John Lewis. I used my credit card....seems like using paypal would have saved me the aggrevation.

£3.5k

The scammers must have clocked up £10,000 by now?

You shouldn't worry too much about this kind of thing.

This kind of fraud has happened to me before (nothing to do with this example from CRC). I incurred charges too due for incurring an unauthorised overdraft thanks to the fraud removing funds I needed for legitimate debits, but got all funds back.

Banks don't like to shout about it, but you will be completely protected in these kinds of cases and will have your funds replaced/charges removed.

The banks are the ones that need to worry about this stuff, not consumers.

It's a fairly massive pain in the a55 tho isn't it? Getting your card cancelled etc...

The banks are the ones that need to worry about this stuff, not consumers.

All gets passed on to consumers at the end of the day. Wait, you don't think it comes of the bonuses do you?! 😉

Sure it all gets sorted and you get the money back, but it's a right hassle.

For the next week I now have to go the bank in person everytime I need cash.

Interesting that Mr Cowan didn't actually deny it was CRCs Daniel Loughlin who posted earlier.....

While we are confident that our systems are robust, we are taking nothing for granted and we have engaged with industry leading experts to fully investigate.

You may be confident, but I'm not having seen the number of people complaining about it on here and bike radar.

hhhhmmmm ... it happens too quick too soon to too many to say that their system is robust ...

Scenario one:

If someone has installed a rogue software in the system that is perfectly "legitimate" then no matter how good their system security is they are not going to find it.

Scenario two:

If their system is hacked then a sweep of their system will probably find it provided they employed the right specialist security experts. So I wonder who they are asking for help ... Clue why not ask those who writes security software?

[b]drldan[/b] AKA [b]Daniel Loughlin from ChainReactionCycles.com[/b] : CRC know there is no hole in their security but am sure they look into all these things regardless. The biggest security hole is the PC used to order. Servers have dedicated firewalls, secured networks, teams of IT people looking after them knowing what they are going etc. PCs have people using computers with no knowledge of security, surfing round the net and downloading stuff. All speculation, but if its anything related to the net, its by far most likely an issue with peoples PC...... Too many people visiting dodgy sites...

I am shocked by this patronising and bare-faced careless reply from a CRC owner.

Personally, I have a hardware and software firewall, along with a full and up to date internet security package, and am experienced in computer administration, and happy my computer is secure.

The number of people affected, and the commonality of the problem, points to Chain Reaction Cycles being compromised one way or the other.

Daniels comment means to me that CRC have not taken any steps to protect customers credit card details, and the problem therefore is still happening. I find this unbelievably careless, and will not be shopping at CRC again.

Just had my Card cancelled by the Bank and I purchased something from CRC last week!

I made the purchase from a PC in one of Finlands most secure Nuclear Power Stations as well. I wonder how CRC will explain this one away?

I made the purchase from a PC in one of Finlands most secure Nuclear Power Stations as well.

Cannot be that secure if they allow you to shop online from their facility.

...just saying.

I made the purchase from a PC in one of Finlands most secure Nuclear Power Stations as well. I wonder how CRC explain this one away?

thats a long way to go just to protect your credit card details, are you a Bond Villian?

 

[i]baldSpot - one of Finlands most secure Nuclear Power Stations as well[/i]

Homer, that you?

Fair play to Michael for coming on so quick and distancing himself from Daniel Loughlins comments.

This is a difficult time for CRC, it may be that they'll never find out what happened but, equally, people are expecting reassurances that changes have been made to prevent a reoccurrence (with , maybe, an admission there might be a CRC connection with all this) - not just random CRC staff creating logins so they can blame everyone else.

This wouldn't have happened if Andy@CRC was still here 😉

I still can't believe that's the Daniel Loughlin owner or CRC..... It would be a PR disaster for him to do something like that!! Just can't see it.

Cannot be that secure if they allow you to shop online from their facility.

...just saying.

your right, better tell the IT Dept. Thx.

[i]It would be a PR disaster for him to do something like that!! Just can't see it. [/i]

if it wasn't then I suspect;

1) Michael wouldn't have worded his response the way he did.
2) the user profile wouldn't have been amended
3) CRC would have denied it was him.

danger of letting a techie loose in a public arena...

Hi 7hz and others

I would like to make it clear that Daniel Loughlin/drlDan is neither an owner, shareholder or an employee of CRC. The comments of Drldan should not be attributed to CRC.

We at CRC remain focused on our investigations and as stated previously will provide more factual information as we have it.

Apologies for any confusion

Michael Cowan
CRC Senior Management

Thanks for clearing that up 😉

thanks for the clarification, Michael.

Michael @ CRC

I also have some sympathy. Keep us all informed and view it from the customers perspective - you may loose fewer customers that way in the long run.

You could also offer customers a 'CRC' credit card, then any fraud would be on that CRC credit card and therefore easy to spot/stop/refund. Just an idea.

A quick google shows that Daniel Loughlin is the managing director of Export Technologies who just happen to be the Ecommerce provider for CRC.

http://www.exporttechnologies.com/Clients.aspx

What a plank

Daniel Loughlin is MD of Export Technologies, who provide IRP - the e-commerce platform used by Chain Reaction. So I'm guessing it's a straight provider/customer relationship between him and CRC. So vested interests, but definitely not [i]representing[/i] CRC, as Michael @ CRC makes clear.

So you can smell the tension 😉

would be interesting to know if any of their other clients have similar issues - it would indicate a platform weakness if they were.

Daniel Loughlin - what a total plank.

Just how do you get to be an MD of a company and yet make such a schoolboy error by posting as you did. I would expect CRC to dump him like a hot turd.

So you can smell the tension 😉

+1 I can never understand what people like that think they're going to achieve by coming onto a forum and throwing a strop before they've solved the problem. I suppose if nothing else it gives an interesting insight into the 'management' approach used at Export Technologies. Maybe he needs to educate himself about the typical user profile on here and revise his communication strategy - a possible opening for some of the management consultants on here?

[url= http://site review of export technologies] http://www.sitejabber.com/reviews/www.exporttechnologies.com [/url]

Major LOL !!!

Ha ha, we need to check out the job pages on their website - soon there will be an opening for MD.

Finally this thread gets funny, very very funny !

drldan - Member
All speculation, but if its anything related to the net, its by far most likely an issue with peoples PC...... Too many people visiting dodgy sites...

Something tells me that CRC might be looking for a new e-commerce platform partner....

I honestly can't believe that someone would do something so stupid, unless it's a troll with a wicked sense of humour...

Quality - thread of the week !

Hopefully customers will all get refunded by their CC companys in due course and we will look back and laugh at this outcome.

The working from Mike@CRC suggests to me that Dan is exactly who he seems to be - I'm pretty sure that Mike would have made absolutely clear that Dan was absolutely nothing to do with them and not connected in any way otherwise rather than the carefully worded statement about what Dan isn't.

I would like to make it clear that Daniel Loughlin/drlDan is neither an owner, shareholder or an employee of CRC. The comments of Drldan should not be attributed to CRC.

be interesting to see if golf forums are reporting similar issues with 'golf store europe' who use the same Export Technologies
Can't bring myself to check golfing forums though, life is far too short

I'm LOLing mostly at the amateur private investigators and speculators.

would indicate a platform weakness

CRC is not the first, and won't be the last. Lush got taken out recently... TWICE! and given that they took their entire website offline, I'd speculate that they got hit by an OS or Webserver zero-day vuln rather than their e-commerce s/w.

Still checking my CC a/c...

Oh and that's another vuln 😉 I registered my CC for online banking last night. Only needed CC no., name as written on the front, etc. If a fraudster has my card details they can verify them online directly with my bank. Then go make a purchase, and they have a few days before my bank sends me the authorisation code by snail-mail.

andytherocketeer - sorry, I was bundling the whole app/db server architecture into 'platform' - it's unlikely that the Ecommerce supplier installs a complete different os/db/etc with each implementation.

If other clients of theres were suffering a similar level of fraud it woudl indicate a generic weakness somewhere in the implementation allowing an external person to access sensitive data rather than actions by an 'insider' at CRC (which has also been suggested).

I made the purchase from a PC in one of Finlands most secure Nuclear Power Stations as well.

I'm quite concerned about the unsecure nuclear power stations in a country with such a high suicide rate!