[Closed] CRC security issues?

I'm quite concerned about the unsecure nuclear power stations in a country with such a high suicide rate!

I'm quite concerned about the unsecure nuclear power stations in a country with such a high suicide rate!

No need to worry! - I just made that bit up 🙂

'e-commerce platform' generally means the whole bundle - network, OS, hardware, and application software on top.

Judging by the length of time (a month or so?) that the attack has happened, not just a single short sharp attack, I would lean towards inside job.

Perhaps one of the IT staff, who has access to the data?

Pure speculation of course...

I got stung for 2 O2 top-up card payments on Saturday. Contacted the bank and the money has been refunded. It is just a pain in the arse, new card not here until Monday/Tuesday next week. I do feel a level of sympathy towards CRC. However, it does cloud my confidence with paying for stuff online, which I do a lot of. I needed more parts this morning, so just called and placed my order over the phone. Maybe Niavely, I have assumed they wouldn't use their online system to process the card details rather than directly with the card system?

Niavely, I have assumed they wouldn't use their online system to process the card details rather than directly with the card system?

Your details (name, address, CC, email, etc) would be stored in a database.

The same one used for payment processing 😉

[i]name, address, CC, email, etc[/i]

it's becoming quite unusual to store CC details locally - mostly you just setup the card for continuing auth with the acquirer and store a ref number locally - when you want to take further payment from the same card you just say '£10 from the card with ref abc123, please' and they deal with the rest of the transaction with the bank.

Your details (name, address, CC, email, etc) would be stored in a database.

The same one used for payment processing

The card was a different card from the one I normally use for CRC payments. So, those new card details are now stored with them?

I also got done for two O2 payments, and have started the refund process. Will queue up at the counter today to get some weekend cash.

If there is a positive it is letting me physically see how much money I am handing to various people and companies over a weekend... silver lining?

Perhaps we should resort to using cheques.

Just adding one.

4.6 euros test transaction + ~400 euros tickets (to where I wonder)
charged on my card days after my CRC order.

Transactions blocked / card canceled

Maybe I should fly all the way there and pay up. I'd still be cheaper than buying locally. Damn...

Question - are people who have made purchases in the past few days still experiencing fraud or is it restricted to purchases from, say, before this week?

My last transaction before the fraud took place was at the end of February and the 2 fraudulant transactions took place on the 5th March.

Question - are people who have made purchases in the past few days still experiencing fraud or is it restricted to purchases from, say, before this week?

Just phoned my credit card company after buying some stuff on Monday (turned up Wednesday with the free delivery option, very pleased with service and price, gift vouchers welcome etc 😉 ). No further transactions on my card but I'm guessing that this is only happening to a small percentage.

Off to buy a rear light this afternoon... from my LBS.

My last transaction was tuesday.
Card cancelled following morning by the bank. The inference from my last post was that the bank cancelled the card not because of any actual attemps to take money on it, but because by using a 'certain retailer' it was comprimised. So I take it that the banks have this as an issue even if the 'retailer' doesn't.

Oh and by the way, bank-girl on the phone, answering my very specific question, said that they have had multiple CC fraud attempts in the past few days, the common denominator almost always being CRC. She sounded really puzzled and asked me what is this chain reaction; I told her the truth: it's a facility for recycling and reselling second hand nuclear weapons for DIY terrorist attacks. Her mild response to the joke probably shows a better sense of humour than mine.

My last transaction was 26th Feb & the dodgy payments were taken yesterday (10/3/11).

Card cancelled yesterday. Annoyingly I need it to pay the balance on a pro 2 evo wheelset from 18bikes (when they get them delivered). I'll be avoiding CRC until I'm satisfied that they've plugged the hole.

ooooh just spotted this

£350 attempted transaction on nespresso.com, allerted by bank

i don't feel so paranoid now.

[Dons deerstalker hat]

hmmm, so lets assess the known facts eh? build up an image of the scoundrel..

Just got done - 02 prepay and vodafone - £50 in total

Called them up and someone has tried to spend £1 at an apple store

have been stung for £3.5k at John Lewis

I still can't believe that's the Daniel Loughlin owner or CRC..... It would be a PR disaster for him to do something like that!! Just can't see it.

From this we can deduce that we're dealing with a fellow who:
a) likes to chat
2) enjoys the cheaper bits of apples - shall we presume a working knowledge of these new fangled apps?
iii) frequents the "classier" range of department store
fore) is a master of disguise / disinformation / foreign accents

I suggest it's not too far a leap to presume that this man is primarily a motorist, maximising the schadenfreude potential of his crime by targeting his nemeses. a white van man? a bus driver? lorry driver? or.. taxi driver?

Find the man who fulfils these criteria and you, STW, have your villain:

[img] [/img]

book 'im Danno!

[lights pipe, splutters away into the sunset]

£350 attempted transaction on nespresso.com, allerted by bank

bah! a red herring. the culprit thirsts only for tiffin

If all this is true then somebody wants owning with a warehouse full of Bombers.

Nespresso is a bit 'niche' isn't it?

I keep laughing out loud to myself at Daniel Loughlin's post combined with putting his name and location in his profile.

Either I'm about to be sectioned or it really was an epic FAIL on a monstrous scale.

He really needs a STW award for total numptieness. Can we post this outcome to his company - they could frame it and give it to the new guy who takes over as a lesson in what not to do.

Looking on the bright side, once they've got this sorted CRC are going to have to offer some pretty stonking deals to get people going back to them 😀

Actually I think most people will still use them, its way too easy to spend money with them. CC or Paypal.

Wiggle had a similar issue a while ago, they are still going strong.

.

I posted about this on another (skiing based) forum, and someone said that their bank has proactively cancelled their card 3 days ago because

"They told me an online retailer I'd used had their database "compromised" so my details were no longer safe."

This and a few posts above makes me think that the whole thing is now a "known Issue" with chain reaction amongst the Banks, and CRC would do much better now to fess up. To say:

1) we know there is a genuine issue related to our customers
2) Our database of cards from ..... to .... (dates) has been compromised.
3) If you purchased from us using a CC during this time please check your transactions regularly
4) You may wish - if having a functioning credit card is vital to you in the next few weeks - to ask you bank to cancel your current ones and issue new ones.
5) we apologise and accept responsibility.

But I think we'll have to wait some time for that, let alone a mention of it on their homepage, given that it seems this has been a known issue for a while now...

Not good management.

Just had a phonecall off Egg to say my card had been used fraudulently. Ordered off CRC earlier this week.

2 payments were as mentioned above - £1.01 to 02.

😡

Just had a call from Natwest and a card cancellation due to a £20 O2 phone card being bought this morning. Not used the card since buying my son a helmet from CRC a week and a half ago(Wasn't even for me!!). The woman on the end of the phone says my call was one of many linked to a certain bicycle shop today.

well, i got a call this morning, £1305 spent in John Lewis yesterday as i was leaving work...
the ONLY time i have used my CC in the last year was on CRC last week.

Another one here.

CC used on CRC last week. A couple of tesco top up testers & then a couple of large value transactions that failed to go through. new CC on the way. CC is only 1 month old.

Just happened to me, £15 tester to O2, caught it just in time with the card cancelled etc. CRC used last weekend also. I'll be queing with the rest for weekend cash.......

Based on the above - I think if I'd used a card there in the past 3 weeks I'd be getting a bit pro-active and cancelling it before it got used, it does just seem like a matter of time.

I got stung for £200, Crc will have to offer some pretty good deals to get me using them again. Used to get all my small bits from them if I needed them
For the weekend. But recently I've been using [url= http://www.biketart.com ]Biketart[/url] for all my small bits and it's always been delivered next day. Generally cheaper then crc too.

£15 O2 prepay here - blocked by Natwest thankfully.

I've emailed them in the past about their returns system sending out mass emails with 100+ other people's addresses in the 'To' field. Never got a response - obviously not a patch on snaffled CC details, but I perhaps should have taken that as my warning.

Just got off the phone to CRC (they called me) they have had a problem and will hopefully have it resolved next week. have a major fraud team involved..
Not good for them.

It'll take more than a £5-off-when-you-spend-more-than-500-quid voucher to get me risking them again. Very angry that they'd expose their customers to such lax security.
Spent £1000s with them over the years - they should have suspended ordering at the first sniff of a breach of security.

[i]they'd expose their customers to such lax security.[/i]

to be fair to them - without knowing how the data was obtained it's not clear that security was lax, just that it was inadequate. If they've followed industry 'best practice' and still got done then it's not necessarily their 'fault'.

Their reaction once they knew there was a problem is an issue though - if they've carried on acceptign card details knowing they were continuing to be compromised then that's unacceptable to say the least.

Maybe it's time to pay your LBS a visit. I did and they gave my boy a cake. 😀

In the time it took him to eat it they did get me sat on a Trek road bike that I now [b]NEED[/b] and offer me interest free over 12 months or a healthy discount for cash. I only went in for an £8 light!

I just hope they understand what a ballache it is to be without a credit card until christ-knows when. At the weekend too!

daver27 - Member

Just got off the phone to CRC (they called me) they have had a problem and will hopefully have it resolved next week. have a major fraud team involved..
Not good for them.

Would love to find out if my theories are correct.

Frankly I've got bored of keeping an eye on my CC account. I'm going to get through this weekend then cancel the card first thing on Monday. It expires soon anyway so it'll just pre-empt that by 3 months or so but I'm just not prepared to risk it and I don't always have access to be checking my CC account.

Going on holiday soon and the last thing I want is to be stranded abroad with no credit card for use in emergencies.

My monies gone back into my account today, just waiting on a new card now. Hoping it's here tomorrow, as I'm down to £4 and working tomorrow so can't make it to a bank!

I'm going to get through this weekend then cancel the card first thing on Monday

Going on holiday soon

PS am I the only one that's thought... "I wonder what I can buy and then deny all knowledge" ? 😉

I assume if you used Paypalto crc you are ok?

Someone from CRC called me today in response to an email I sent them yesterday. They said they were investigating but weren't sure it was definitely their issue. I suggested they take a look on here as the anecdotal evidence is pretty compelling! What did irritate me slightly was that the chap suggested using paypal in the future as it was more secure. I pointed out if you are a company that sells exclusively on the net all of the methods of payment should be secure really. Anyhoo, he has said he would let me know the results of their investigation and I will relay them on here. If you have been nobbled and haven't done so already, ping them an email.