Forum menu
[b]Mark[/b] - you're getting confused between 'page impressions' and 'unique visitors'
Both quite different things. One 'unique visitor' could view 20 web pages, each made up of 100 elements (images/javascripts/etc)
1 'unique visitor' = 20 'page impressions' = '2000 individual HTTP requests'
So for the STW figures you posted:
7.74 million page views in the last 30 days
1.3 million visits
476,286 visitors
= 7.74m individual requests
1.3m page impressions
470k individual visitors. <-- the important one
Its nice to see CRC posting a good response.
Still checking my card though, even though I used Paypal - seems people who used it ages ago are now getting done.
i take back what I said.
Had 2 messages on my phone from yesterday from my credit card company.
Brand new card I used for the 1st and only time at CRC and 4 attempts to buy mobile phones. One in America by a Mark P McConnell and some more from Car Phone Warehouse and Orange.
its alright for these journos like Mark though innit, they dont have to get their credit cards out to CRC, they get their stuff free on a Friday 😉
(I am joking Mark)
Seriously though it would seem there is an issue - CRC have said as much on the other thread now, where the issue is or how it happened we maybe dont know, but is that important (and does speculating about it really get us anywhere)? I started the other thread to make people aware when it all seemed to be kicking off elsewhere, how many people that read it may not have been any the wiser if they hadnt seen it and the fraud (wherever it originated from) may have gone un-noticed for even longer, even CRC didnt know originally. So surely thats a good thing, a prime example of a forum like this working for its users?
I don't think anyone is sharpening pitchforks or accusing CRC management of taking details personally, lets face it at the end of the day we are all their customers, we still want cheap bike bits and good service, CRC provide this, we will all be back shopping there once this is resolved. Many companies suffer fraud daily, this could just as easily happen to Tesco or to the little one man online retailer working out of his garden shed, just so happens this time it looks to have been CRC
And as for sizes CRC may be the biggest bike shop in the world and they may process thousands of transactions a day but in wider internet retail they are still small when compred to some others out there (and besides size has no relation to transaction processing security measures)
Using website hits to try and justify that 'its not a big problem' is frankly in my eyes not really on. It doesnt matter if one person or one million people are affected it is still a criminal activity affecting one of our suppliers (they are not a site sponsor or an advertiser - they are that company alot of us rely on to be able to partake in this sport) and the loophole is still there and needs investigating and closing no matter who has been a victim
It looks like CRC and the card companies are onto this now, so Im looking ahead and hoping that next week I can order my chainrings safely, because while the chainrings can wait I really have an urgent need for a big brown box
The other thread isn't a witch hunt its simply a load of CR customers spotting a link and warning others. You cannot measure a issue like this by posts on some random mtb forum its is totally flawed!! The posts on here are likely to be the tip of the iceberg as many people (a)won't have been hit yet (b)not seen their statement and/or not made the connection (c) and many many customers just won't use forums.
If people didn't post what they experienced, then CR would have probably be unaware there was a breach and the fraudsters would continue to cash in. 👿 Now at least they are dealing with the issue, yes bad in the short term for CRC, but good in the long term for everyone. 😉
xiphon,
sorry but there's no mistake.. We don't confuse 'hits' with page impressions. The stats are real. We deliver 7.74 million 'pages'.. that's complete pages.. if we counted the 'hits' there'd be 20 times that figure. 'Hit's' or 'requests' is, as you suggest, a rather loose and frankly useless figure that we never quote.
Count the ads on this page. There's typically 7 ads per page. In the last 30 days we've delivered almost 50 million ad impressions. Those figures are checked and double checked as most of our advertisers pay for them by the thousand (CPM) take that figure of 50 million ad impressions and divide it by 7 ads per page and you get a little over 7 million complete page impressions. Not 'requests' or 'Hits' 🙂
We really do deliver that many complete pages. Stop doing yourself down! You are part of one of the world's largest online MTB communities 🙂
What ads? 😉
7 million? Still quite a way behind PB's 70 million!!
http://radek.pinkbike.com/blog/pinkbike-speed.html
I just placed a big order with CRC last night*. Is my account going to be emptied!?
*Paid by Paypal though...
IIRC PayPal payment does not disclose the CC details to the 'seller' - they use a one-time unique token system.
Buyer has £10 in his basket, and wants to pay via PayPal.
CRC ask PayPal to authorise £10 from Buyers account.
PayPal says "Yes - transaction complete - here is a unique number for this payment collection"
CRC says to buyer "PayPal have said yes, and debited your account on our behalf"
CRC sends items purchased.
PayPal send CRC the money.
Twohats, I did the same, but at the moment it seems only CC fraud. But you may want to consider how your PayPal account is linked to your bank account. Theoretically your PP a/c could be hacked and your bank emptied. At least with a Credit Card you can say it wasnt you, that may be harder to explain to PP.
iv not had any problems and always pay by pp
altho mum used amazon a few years ago and has had a credit card opend up in her name in the states using her uk address.
Twohats, I did the same, but at the moment it seems only CC fraud. But you may want to consider how your PayPal account is linked to your bank account. Theoretically your PP a/c could be hacked and your bank emptied. At least with a Credit Card you can say it wasnt you, that may be harder to explain to PP.
My Paypal is linked to a debit card that is only used online and only ever topped up with the amount needed per transaction. No money in the account = no use to anybody should they obtain any of my details.
Not seen anyone saying they made purchases on Merlin/Wiggle etc then had their cards compromised, surely this has got to be more than coincidence?
I can't help thinking that Mark's first post on this thread was prompted by a phone call that went something like...
[b]Lord ChainReaction[/b]; We've noticed a dip in sales. Do something about it.
[b]STW Minion[/b]; Yes Sir, very good Sir, I'll get somebody on to it right away Sir.
Pure speculation of course. I'd like to see the current spate of [i]reported[/i] frauds put in to context with [i]known[/i] typical fraud frequency.
Not seen anyone saying they made purchases on Merlin/Wiggle etc then had their cards compromised,
I remember when it were all fields round here, and the name "wiggle" could be seen burning on the pyre.
The great wiggle fraud battle of, what, 2008/9?
Stop doing yourself down! You are part of one of the world's largest online MTB communities
Careful, the nicheness-halo might slip! 😀
Anyone had any more issues lately? I bought some stuff from CRC in mid March (from NZ)and found some one had bought almost a grands worth of stuff from a printer ink company in Italy! It's a bit of an inconvenience having to change all the DD and getting the cash back.
This is the first time that i have ever been a subject of CC fraud.
Coincidence, or something more sinister?
I'm not interested in all the stats - is it safe now?
used my card 2 days ago with them.
bank cancelled it just to be safe ! :@
I'm not interested in all the stats - is it safe now?
I got this from CRC. They think it is resolved.
[i]Hi,
Following your recent contact with us and concerns about having experienced credit card fraud, we are pleased to be able to give you further feedback.
The independent forensic investigation has shown that our infrastructure was the target of a sophisticated attack which resulted in the theft of card details relating to a number of our customers. Details were being stolen ‘real time’ and only a small proportion of recent CRC customers were affected.
The access point of the theft has been identified and permanently closed off so we are confident that we have fully addressed any weakness in our infrastructure.
We are sincerely sorry for what has happened in recent weeks and would like to thank you for your patience and support throughout this difficult period.
PARAGRAPH REMOVED ABOUT MY VOUCHER
Our site is safe to use and will be continually monitored and tested by independent on-line security experts to ensure your details are safe.
Thanks again for your patience and support,
Michael Cowan
CRC Senior Management[/i]
My card got done on Wednesday this week. $1 to a US company and the £20 on a mobile top up. M&S stopped both of them but it's the 2nd time this year for me. Didn't initially connect the first one with CRC but the pattern matches the second one. Card and security number was new in Feb and there was one CRC payment on the last statement so it could have been harvested some time ago or it could be nothing to do with CRC. No comment from CRC although I have emailed them.
Who knows.
used CRC in the first 2 weeks of March, think it may of been the 9th and had someone try and get £130 of goods a week later. used CRC last week and nothing now. so they problem has been solved and i do belive it was something at CRC's end and they have admitted it.
[b]Hi,
Following your recent contact with us and concerns about having experienced credit card fraud, we are pleased to be able to give you further feedback.
The independent forensic investigation has shown that our infrastructure was the target of a sophisticated attack which resulted in the theft of card details relating to a number of our customers. Details were being stolen ‘real time’ and only a small proportion of recent CRC customers were affected.
The access point of the theft has been identified and permanently closed off so we are confident that we have fully addressed any weakness in our infrastructure.
We are sincerely sorry for what has happened in recent weeks and would like to thank you for your patience and support throughout this difficult period.
We would like to offer you, by way of an apology, a £30 on-line voucher for use when you next come back to shop with us. The activator for your voucher is the email address you have received this email to. Simply input your email address into the e-voucher code box at the checkout to receive the discount.
Our site is safe to use and will be continually monitored and tested by independent on-line security experts to ensure your details are safe.
Thanks again for your patience and support,
Michael Cowan
CRC Senior Management
[/b]
so i don't know why your trying to say it wasn't them?
just received my statement and been stung for just over £200 to one site, plus 50p ish I think to a US site. which both went through. Last order to CRC was first week of March.
Yup, just posted on t'other thread, but I got done after spending with CRC on 24th March. The frauds started coming through about 16th April, and there were many.
N.B. This was a new card.
it really doesnt look like CRC is safe despite Mr CRC's public statement
Merlin have some cracking deals on...
There is no legal requirement to process CC details in a certain way. There is the PCI-DSS standard (industry-led, not legally) which companies are expected to adhere to, otherwise Visa and Mastercard won't work with them.
One very specific part of that standard is that card details must be encrypted when they are stored, and that the security code [i]cannot be stored at all, encrypted or not[/i].
The fact that so many authorisations have gone through suggests to me that those rules aren't being adhered to.
EDIT: I got gotten about 5 weeks after my latest CRC purchase.