Forum menu
used crc on Monday and no problems as yet so maybe they have already sorted the problem.
buy a new chain top up your o2 mobile buy loads of tat in john lewis and going on holiday to canada with a suit case full of ladies clothes could be on the cards.
I dint think much of this thread until this week when I got a call from hsbc and my card had been compromised!
Boo
Philfive if you read back through this thread you'll find people who have used them after you and got fraud on their card, so I'd say no. Keep a close eye on it or perhaps think of having a word with your bank, they seem to be aware of this problem now so may wish to replace it as a precaution.
I ordered from Chain Reaction on the 3rd. I have had two £15 O2 debits from my account on the 9th and the 10th - this issue is ongoing.
DO NOT BUY FROM CHAIN REACTION.
Following a CRC purchase about 2 weeks ago I have had the O2 test transactions hit my account. LTSB did a sterling job stopping them and contacting me. this doesn't change the fact that CRC have been too reticent in my opinion and having a new card is an almighty pain in the ass.
Not impressed at all, it will be a long time before I forget this experience and shop at CRC again.
Just caught up with all this, I'm glad I've not bought anything from them for ages. Unsure why they didn't switch to a Paypal merchant site unless they have quickly identified the issue/disgruntled employee and taken action already.
On the plus side, I now have a telephone number for CRC if I need to chase an order...
neninja - Member
A quick google shows that Daniel Loughlin is the managing director of Export Technologies who just happen to be the Ecommerce provider for CRC.http://www.exporttechnologies.com/Clients.aspx
What a plank
and
Posted 23 hours ago # Report-Postjonathan - Member
Daniel Loughlin is MD of Export Technologies, who provide IRP - the e-commerce platform used by Chain Reaction. So I'm guessing it's a straight provider/customer relationship between him and CRC. So vested interests, but definitely not representing CRC, as Michael @ CRC makes clear.So you can smell the tension
Class! Pure Class. New website and payment system in 2 years time for CRC then... 😀
Aarrgh. I have now joined the ever-growing ranks of people with suspicious transactions on their credit card, not that long after having used it to purchase something from CRC. What adds to the frustration is that I have now had to block the card, whilst working away from home and preferring to have back-up cards. Cue a strongly worded email...
If that is the real Daniel Loughlin that has posted in this thread and not someones idea of a joke, then to me that is the worse PR blunder possible.
Unforgivable, how to alienate your customers.
I too have recently used CRC and have been contacted by my credit card company who have cancelled my card. There was an attempt to spend £500 on my card in Canada and some smaller transactions. This has never happened to me before and there is now considerable evidence to suggest that it might be related to a breach of security at CRC. I will not use the site again until they have taken steps to prevent I happening again. Disappointing that there has been no official statement from them .....
Reading this, seems some of the banks have done quite well to spot these transactions and stop them, thankfully! I've had my card replaced and £20 refunded in 4 days, but my confidence in CRC has gone at the moment, I'm amazed they don't have some kind of statement or news item up on their homepage.
I used CRC approx 2 weeks ago and just had a call from my bank, they have stopped an attempted £15 O2 transaction. Looks like I won't be using CRC for a while.
What a way to introduce myself as a new member of a forum 😕
Just checked my accounts after making purchases through CRC and found €1500 of fraudulent transactions on the account. Two through sites called houra.fr and telemarket.fr and the other through Planet Libert(y) ? What I don't understand is that I have never shopped at these places before and so surely they would only deliver to the card holder's billing address? Bank has blocked my credit card for me. Wife is at the gendarmerie reporting the fraud. Have emailed CRC to let them know it has happened to me, too.
Anyaway hi from France 😛
Yes me too now, luckily I didnt see anything dodgy on my account when I first read this thread, but as a belt and braces measure, I cancelled the card that I used at CRC recently. Since then I was contacted my my bank to let me know that the old card had been attempted to be used to buy something for £400 from Harrods online. Thank god I cancelled that card so it wasnt an issue, hats off to my bank for keeping tabs on my accounts (Lloyds TSB). And CRC really need to stop trying to absolve themselves from responsibilty for this. I will be not using them in the near future.
whinge whinge whinge. CRC best site in the world bar none. stop looking at porn and debug your pcs
😆
wiggle pants
Another card cancelled 10 minutes ago after a phone call from CC company and new one to be issued next week. Guess what the common denominator is...?
My debit card was hacked last week after buying something from Chain Reaction. Found out yesterday when my current account was emptied of 1500.00 quid
DO NOT USE CHAIN REACTION
Another card cancelled 10 minutes ago after a phone call from CC company and new one to be issued next week. Guess what the common denominator is...?
we're all members on stw! maybe it's not crc afterall
Still not had any issues from my purchase just over a week ago, but decided not to use them today so went to another online retailer, sorry CRC 😕
Let's be scientific and find out [u]when[/u] CRC was hacked. [b]Everyone interested in this thread post the following:[/b]
1. My last CRC purchase date: [i]16/02/2011[/i]
2. Have I been affected?: [i]Don't know[/i]
27th Feb 2011
yes, a lot
note to self: dont use debit cards online again
1. My last CRC purchase date: 27/02/2011 (package still not arrived 👿 )
2. Have I been affected?: Probably not. (Used my card today to renew sub for something)
If you don't want to be hacked...
DO NOT USE THE CREDIT CARDS ON THE INTERNET 😉
Have used CRC 3 times in last fortnight, no card molestation 🙂
01/03 crc shiny bits happy with the service etc
08/03 hello were canceling your card someones topping phones up and trying to buy crap in john lewis.
Apart from tesco and home base crc was only place id used the card. Bank seemed to think that crc was a fraudulent transaction had to explain that id bought bike parts from them and theyre a real company.
27/2 & 9/3 - via Paypal from bank account
no issues
As a consequence of all this, I think I'm gonna stop using CRC.
I've known for a while that they were no longer the best value for money but was always too lazy to trawl the Internet for better prices.
However, after a few minutes browsing Rutlands Cycles and H&S Bike Discount GmbH, I've now saved 33% combined of my next 2 purchases.
I guess every cloud has a silver lining 🙂
So, Thank you fraudsters; in an ironic twist you have actually contributed to saving me money!
I need a new 8 speed chain for my work bike & CRC seem cheapest... Hopefully all sorted soon as I'm a big fan of CRC.
I'm no expert but could this be more to do with CRC's bank payment gateway provider rather than anything to do with their website?
Last purchase from CRC on 7th March - call from the credit card fraud dept earlier today - rogue £20 vodaphone payment.
Okay, I do not work for the company but for one time payment life time license get this ...
In light of all the security issues I would suggest you get [url= http://www.malwarebytes.org/ ]Malwarebytes Anti-malware[/url] if you are contemplating buying a security software. Worth the money IMO as I am also using it.
Check this finding from ...
[url= http://malwareresearchgroup.com/2011/03/beware-of-new-banking-trojan/ ]Banking Trojan[/url]
[url= http://malwareresearchgroup.com/category/malwareproducttesting/ ]MRG[/url]
Perhaps CRC might want to enlist their help ...
🙂
This must be a reportable news story by now. I haven't bothered to add up but there must be more than 100 people on STW alone who have been affected by this. Other internet forums are listing hundreds more people who have lost money. CRC are the worlds biggest online bike company. If this was linked to Amazon it would probably be all over the media by now.
I'm amazed that there is nothing on the CRC website about this, there is an obvious risk and to continue to take orders and expose customerrs to this risk is poor form. They will have alienated a lot of customers, both those who have lost money and those who have not.
Do you seriously think that they are going to put anything on the website which might stop customers parting with their money?franksinatra - Member
I'm amazed that there is nothing on the CRC website about this, there is an obvious risk and to continue to take orders and expose custoemrs to this risk id poor form. They will have alientated a lot of customers, both those who have lost money and those who hav no.
I've stopped spending money with them anyway! If this is as big as it seems, and a quick google shows that it may well be, they they should take CC ordering down until it is solved. Would gain a lot more trust that way.
There are reports on forums going back to Jan with people being called by CC companies and being told that they are cancelling their card because they have been used at CRC and the CC company regarded this as a risk then.
Their website has definitely been compromised for being an easy target since they do not have a dedicated IT security people. I bet the company that builds their website is also not well verse in IT security issue which is a no no for on-line retailing nowadays. It needs a whole pack including security which in the past was not that crucial if you have a "secure" server.
If I were them and can afford it then I would stop taking order now but instead ask customer to pay direct into their bank account for time being until they sort out their security problem.
They have been hit by the banking trojna described above.
Also CRC might even be blacklisted by bank due to their weak on-line security.
😮
p/s: I remember asking several on-line retailers how they store the CC information but they couldn't answer me so I decided to use prepaid voucher to pay online instead. You can buy prepaid voucher from WH Smith. A bit of hassle but worth avoiding headache.
Oh ya ... just browsed through the website of the company that builds CRC website and they really missed out on one thing ... security. Big time.
I'm no expert but could this be more to do with CRC's bank payment gateway provider rather than anything to do with their website?
Depends how their e-commerce platform is encrypting card details. Eitherway they will be in the sh!t with PCI.
EDIT Chewkw beat me to it with a better explaination 🙄
Sorry not had time to read all 10 pages of this thread so forgive me if its already been answered but. Is CRC safe if paying with paypal ?
Need to order a few bits & they are a damn sight cheaper than anywhere else i can find em.
Cheers 😀
bigsi - MemberSorry not had time to read all 10 pages of this thread so forgive me if its already been answered but. Is CRC safe if paying with paypal ?
Need to order a few bits & they are a damn sight cheaper than anywhere else i can find em.
Cheers
Whatever you do you must not link your purchase to your CC details which means your PayPal must not include your CC details as well. My view is that PayPal might be an extra layer of protection before the nasty gets to your CC.
To be absolutely safe I suggest you change your password on PayPal once you've made your purchase.
That's overkill. Paypal is safe here because Crc never get any of your pp details other than email address and confirmation that you paid. Unless pp is compromised ( 😯 ) then it's fine.
Cheers Chewkw.
Worth the extra £10 IMO to save potential hassle & be safe so Wiggle wins the day.
[geek mode]
Also CRC might even be blacklisted by bank due to their weak on-line security.
There are a set of standards that retailers have to comply with otherwise the banks refuse card transactions from them. These standards are refered to as PCI (Payment card industry) Security Standards. Retailers have to appoint an Accreditor who [s]makes a lot of money[/s] reviews the retailers security and passes them as compliant. Compliance requirements include things like password protection and renewal, card detail encryption at point of entry, security of physical IT networks etc etc. Its a moving feast that changes all the time in response to flaw exploitation by criminals.
The best one I heard was the gang that installed radio transmitters in several hundred card readers in the factories in china. Only discovered by chance in the shops after they had been installed.
If their system isn't accredited by the banks for security then the banks would refuse card transactions from them to the banks so they would not be able to take card payment from customers at all. Its the bank that takes the hit on any fraud.
p/s: I remember asking several on-line retailers how they store the CC information
Probably a retailers most guarded secret, no retailer will disclose that due to the security risk.
[end geek mode]
I do feel for CRCs customers and think CRC should come clean about this, rather than turn a serious security breech into a PR & commercial disastor (they are a top 100 retailer after all).
clubber - Member
That's overkill. Paypal is safe here because Crc never get any of your pp details other than email address and confirmation that you paid. Unless pp is compromised ( ) then it's fine.
Agreed.
I'll caveat my post by saying that you should make sure your pp passwords isn't the same as Crc or any other site for that matter.