CRC security issues?

Happy that CRC have made a statement but just wondering why they want us to mail them? Is it just so they can count how many have had it happen to them?

Don’t be so sure on that….

Add me to the list:

Had 2 messages on my phone from yesterday from my credit card company.

Brand new card I used for the 1st and only time at CRC and 4 attempts to buy mobile phones. One in America by a Mark P McConnell and some more from Car Phone Warehouse and Orange.

worrying thing is the messages were left at 2pm and 8pm and I called them at 5pm out of concern to check and was told there was no transactions other than the ones I had made.

I’ve mailed them, I think its worth it as it might help them establish a pattern if they know exactly which account holders got hit.

just mailed them and contacted cc provider as well.i’m also in the club .

I’m in the club too. Just been told about CRC security by my mrs’ cooleague whose other half has also been done so Tom – thanks for the heads up. They tried taking £60 for Xbox live but luckily it didn’t go through.

I placed an order on the 5th march , and again on the 8th for 52 pounds and 139 pounds respectively. HSBC phoned me 9th saying a marker had been placed on my account and a new card AND pin was on its way.
Interestingly, i have not used my mastercard since december until placing these orders……….
Possible co-incidence of course, but i thought i’d add my name to the list

If you mail them they respond with a duplicate of the message that told you to mail them. 😆

I’ve emailed them too.

Whether it proves the leak came from them, didn’t come from them or points someone in a position to do somethng about it in the right direction, I don’t know, but it can’t do any harm I guess!

I posted this thread to a few mates last night. Low and behold, the only one who has used CRC in the past couple of weeks has had two £15 quid O2 prepay withdrawals within days of their initial purchase.

hmm.

Seeing this thread, it’s obvious there is a problem. The aenemic CRC official statement doesn’t put anyone at ease. I will not buy anything again from a company that isn’t honest and open with its customers…plenty of other places to buy stuff from….

Hmmm, looks like I may* be in the club too 🙁

(*Of course it may just be coincidence)

Just got phoned by my card provider, card was tried to be registered at Tesco Online yesterday, not by me.

Card blocked, new one coming.

Bought a spanner from CRC on the 26/2/2011 with said card.

Stuff happens, but this seems a serious security breach, looks like they got everyones CC details that used the site in the last few weeks…

Bought some stuff on Monday payed via paypal, will I be OK

This has happened to me as well, fraudulent card use also immediately after using CRC for the first time in a while….

You should be, Tracey, only seems to be those using cards that get affected.

Tracy paypal will be OK, its only Credit Cards and Debit Cards that have been effected 😉

(Mr MC posting)

i wouldnt expect CRC to say anything that even hinted at admitting liability so they were bound to be non-committal.

In regards to police investigating, a genuine issue is; where does the offence occur? The investigating force would be the force that covered where the offence happened. If you were from bristol but got assaulted in liverpool, merseyside police would investigate. If you use your credit card in bristol on the internet to buy something from ireland, and your card has been fraudulently used by someone in central europe, and your card issuer (who becomes the victim when they refund your money) is a multinational, who investigates it?

Offences do occasionally get investigated and offenders prosecuted, as its usually not sophisticated tinterweb hacking but members of staff double swiping or just copying/memorising card details, usually in my personal (as a victim) and professional (as a police officer) experience in petrol stations. Which is why I NEVER use a debit card, if they scam my CC its Visa’s money not mine and I dont have to fight for a refund. I suspect in CRC’s case the offender is internal.

I’m in the club too. CRC order on 26/2, three fraudulent transactions so far starting from 4th March…

I think Nationwide have heard about this. I bought something recently using a card I don’t use very often. The card company have written to me and cancelled my card! I’ve not seen any suspect acvtivity at all.

Well I no longer feel left out.

Someone tried to buy £1700 worth of womens clothes on my Credit Card, no tester transaction.

Virgin declined it. Well done Virgin! New card on the way.

Yup, and another one here. £30 on O2 Prepay Slough. Or Sloog as the chap at Barclays fraud dept. pronounced it.

Or Sloog as the chap at Barclays fraud dept Calcutta Call Co. pronounced it.

The question is, are CRC still allowing CC payments to go through? There is obviously a serious issue and it’s only a case of a percentage of all orders at the moment as whoever is listening and intercepting the transactions can basically pick and choose from thousands. Just because a card hasn’t been used fraudulently (yet) don’t think your home and dry.

Surely CRC will piss less people off by removing direct payment for the time being and forcing them to go via PayPal than risk the higher amount of backlash disgruntled customers that have had their CC details stolen.

Social networks are a very powerful thing these days.

Social networks are a very powerful thing these days

If you’re 9 👿

BTW, I’ve not had any fraudulent transactions on my debit card despite using CRC regularly for years…

Who do I complain to?

BTW, I’ve not had any fraudulent transactions on my debit card despite using CRC regularly for years…

Send me your card details, I’ll fix that for you… 😉

BTW, I’ve not had any fraudulent transactions on my debit card despite using CRC regularly for years…

As have many of us but the transactions in the last few weeks have been subject to fraud….. they’ve got a problem.

Send me your card details, I’ll fix that for you…

you’ll buy something from CRC on his behalf 😉

Just been called by my CC company to say that 2 fraudulent payments of £15 to O2 have been charged to my account. The only transactions in the last month I’ve placed on there have been with CRC.

what might be of use to punters here is rather than a “I got done”, maybe let us know when the last CRC transaction you made was.

I think we can make a link between CRC and the episodes of fraud, no matter what non-liable legalese BS anyone comes up with.

Maybe we can work out the window of the fraud so punters can hazard a guess as to whether their card might be compromised or not by having bought something from CRC within that window.

The indiciations are that it was a narrow window of fraud, possibly some kind of traffic intercept?, and not a whole historic transaction database that was raided.

shmuk – Member

Social networks are a very powerful thing these days

If you’re 9

What do you think forums are?

what might be of use to punters here is rather than a “I got done”, maybe let us know when the last CRC transaction you made was.

Used them 3 times in the last month.

Fair enough – 1st March was my order date

elliott-20 – Member
The question is, are CRC still allowing CC payments to go through? There is obviously a serious issue and it’s only a case of a percentage of all orders at the moment as whoever is listening and intercepting the transactions can basically pick and choose from thousands. Just because a card hasn’t been used fraudulently (yet) don’t think your home and dry.

Surely CRC will piss less people off by removing direct payment for the time being and forcing them to go via PayPal than risk the higher amount of backlash disgruntled customers that have had their CC details stolen.Have you any idea what that would do to their cashflow? Are you seriously suggesting that they stop taking CC orders?

shmuk – Member
Social networks are a very powerful thing these days

If you’re 9

What do you think forums are?

Thank you BillOddie.

It seems some people don’t know a social network when it’s staring them in the face. Just because you don’t use on MyFaceTweet doesn’t mean hundreds or even thousands of CRC customers aren’t either.

Another to add to the CRC woe list…
Bought a couple of things on Tuesday night – got a letter in the post from my bank this morning cancelling my card. To quote the young lady I spoke to (and she wouldn’t actually mention company names) ‘a recent purchase has led us to believe your account is comprimised so we are cancelling your card as a precaution’
Interpret that however you want…

In regards to police investigating, a genuine issue is; where does the offence occur?

CC Fraud investigation is handled by the banks, not police afaik. Only gets handed to police (fraud squad?) later if the bank gets enough evidence.
Saves the cops money, and leaves it up to the banks to decide how to balance cost of fraud prevention against cost of fraud liabilities.

Ordered via CRC on 27/2, didn’t notice anything awry on my CC statement which arrived 2 days ago, but didn’t pay attention to the statement date. Still waiting for the order though 🙁

My other CC was pwned recently after some chavs tried to spend 79p on it. Bank spotted it immediately. Had only ever been used twice! Replacement one with new number has not even been activated yet, and I have no intention of doing so until I need to use it. Hoping that I don’t have 2 pwned CC now…

druidh – Member

Have you any idea what that would do to their cashflow? Are you seriously suggesting that they stop taking CC orders?

Perhaps, but the damaged caused by such an issue as this could have far wider repercussions. Besides, PayPal still takes credit card details even if you are not a member of PayPal. And with a PayPal CRC Branded page customers would feel less uncomfortable using the gateway.

Personally, within an instant of this of this issue arising I would have taken the online payment option offline. Paypal and Tel only, then routed the server for the listener and get it fixed asap rather than putting more customers at risk.

But hey, I suppose they can just keep letting it happen in the meantime and just let the credit card companies take the hit and clean up the mess, yes?

Paypal payment seems to have been safe for me so maybe that is the way to go ’till this is sorted.

You obviously don’t work in IT.

It’s not quite that simple. They might not know where the leak is to plug. If anything, during an attack, you wait a while and analyse what is happening. Logging everything as much as possible.

xiphon – Member

You obviously don’t work in IT.

Ha, not entirely, but I’ve had my fair share of server experience. Gathering data and looking for rogue scripts is one thing but the matter is the they are still putting customers details at risk.