CRC security issues?

You shouldn’t worry too much about this kind of thing.

This kind of fraud has happened to me before (nothing to do with this example from CRC). I incurred charges too due for incurring an unauthorised overdraft thanks to the fraud removing funds I needed for legitimate debits, but got all funds back.

Banks don’t like to shout about it, but you will be completely protected in these kinds of cases and will have your funds replaced/charges removed.

The banks are the ones that need to worry about this stuff, not consumers.

It’s a fairly massive pain in the a55 tho isn’t it? Getting your card cancelled etc…

The banks are the ones that need to worry about this stuff, not consumers.

All gets passed on to consumers at the end of the day. Wait, you don’t think it comes of the bonuses do you?! 😉

Sure it all gets sorted and you get the money back, but it’s a right hassle.

For the next week I now have to go the bank in person everytime I need cash.

Interesting that Mr Cowan didn’t actually deny it was CRCs Daniel Loughlin who posted earlier…..

While we are confident that our systems are robust, we are taking nothing for granted and we have engaged with industry leading experts to fully investigate.

You may be confident, but I’m not having seen the number of people complaining about it on here and bike radar.

hhhhmmmm … it happens too quick too soon to too many to say that their system is robust …

Scenario one:

If someone has installed a rogue software in the system that is perfectly “legitimate” then no matter how good their system security is they are not going to find it.

Scenario two:

If their system is hacked then a sweep of their system will probably find it provided they employed the right specialist security experts. So I wonder who they are asking for help … Clue why not ask those who writes security software?

drldan AKA Daniel Loughlin from ChainReactionCycles.com : CRC know there is no hole in their security but am sure they look into all these things regardless. The biggest security hole is the PC used to order. Servers have dedicated firewalls, secured networks, teams of IT people looking after them knowing what they are going etc. PCs have people using computers with no knowledge of security, surfing round the net and downloading stuff. All speculation, but if its anything related to the net, its by far most likely an issue with peoples PC…… Too many people visiting dodgy sites…

I am shocked by this patronising and bare-faced careless reply from a CRC owner.

Personally, I have a hardware and software firewall, along with a full and up to date internet security package, and am experienced in computer administration, and happy my computer is secure.

The number of people affected, and the commonality of the problem, points to Chain Reaction Cycles being compromised one way or the other.

Daniels comment means to me that CRC have not taken any steps to protect customers credit card details, and the problem therefore is still happening. I find this unbelievably careless, and will not be shopping at CRC again.

Just had my Card cancelled by the Bank and I purchased something from CRC last week!

I made the purchase from a PC in one of Finlands most secure Nuclear Power Stations as well. I wonder how CRC will explain this one away?

I made the purchase from a PC in one of Finlands most secure Nuclear Power Stations as well.

Cannot be that secure if they allow you to shop online from their facility.

…just saying.

I made the purchase from a PC in one of Finlands most secure Nuclear Power Stations as well. I wonder how CRC explain this one away?

thats a long way to go just to protect your credit card details, are you a Bond Villian?

baldSpot – one of Finlands most secure Nuclear Power Stations as well

Homer, that you?

Fair play to Michael for coming on so quick and distancing himself from Daniel Loughlins comments.

This is a difficult time for CRC, it may be that they’ll never find out what happened but, equally, people are expecting reassurances that changes have been made to prevent a reoccurrence (with , maybe, an admission there might be a CRC connection with all this) – not just random CRC staff creating logins so they can blame everyone else.

This wouldn’t have happened if Andy@CRC was still here 😉

I still can’t believe that’s the Daniel Loughlin owner or CRC….. It would be a PR disaster for him to do something like that!! Just can’t see it.

Cannot be that secure if they allow you to shop online from their facility.

…just saying.

your right, better tell the IT Dept. Thx.

It would be a PR disaster for him to do something like that!! Just can’t see it.

if it wasn’t then I suspect;

1) Michael wouldn’t have worded his response the way he did.
2) the user profile wouldn’t have been amended
3) CRC would have denied it was him.

danger of letting a techie loose in a public arena…

Hi 7hz and others

I would like to make it clear that Daniel Loughlin/drlDan is neither an owner, shareholder or an employee of CRC. The comments of Drldan should not be attributed to CRC.

We at CRC remain focused on our investigations and as stated previously will provide more factual information as we have it.

Apologies for any confusion

Michael Cowan
CRC Senior Management

Thanks for clearing that up 😉

thanks for the clarification, Michael.

Michael @ CRC

I also have some sympathy. Keep us all informed and view it from the customers perspective – you may loose fewer customers that way in the long run.

You could also offer customers a ‘CRC’ credit card, then any fraud would be on that CRC credit card and therefore easy to spot/stop/refund. Just an idea.

A quick google shows that Daniel Loughlin is the managing director of Export Technologies who just happen to be the Ecommerce provider for CRC.

http://www.exporttechnologies.com/Clients.aspx

What a plank

Daniel Loughlin is MD of Export Technologies, who provide IRP – the e-commerce platform used by Chain Reaction. So I’m guessing it’s a straight provider/customer relationship between him and CRC. So vested interests, but definitely not representing CRC, as Michael @ CRC makes clear.

So you can smell the tension 😉

would be interesting to know if any of their other clients have similar issues – it would indicate a platform weakness if they were.

Daniel Loughlin – what a total plank.

Just how do you get to be an MD of a company and yet make such a schoolboy error by posting as you did. I would expect CRC to dump him like a hot turd.

So you can smell the tension 😉

+1 I can never understand what people like that think they’re going to achieve by coming onto a forum and throwing a strop before they’ve solved the problem. I suppose if nothing else it gives an interesting insight into the ‘management’ approach used at Export Technologies. Maybe he needs to educate himself about the typical user profile on here and revise his communication strategy – a possible opening for some of the management consultants on here?

http://www.sitejabber.com/reviews/www.exporttechnologies.com

Major LOL !!!

Ha ha, we need to check out the job pages on their website – soon there will be an opening for MD.

Finally this thread gets funny, very very funny !

drldan – Member
All speculation, but if its anything related to the net, its by far most likely an issue with peoples PC…… Too many people visiting dodgy sites…

We’re assuming he’s meaning “customers” – but what if he’s pointing the finger at “people” in CRC?

Something tells me that CRC might be looking for a new e-commerce platform partner….

I honestly can’t believe that someone would do something so stupid, unless it’s a troll with a wicked sense of humour…

Quality – thread of the week !

Hopefully customers will all get refunded by their CC companys in due course and we will look back and laugh at this outcome.

The working from Mike@CRC suggests to me that Dan is exactly who he seems to be – I’m pretty sure that Mike would have made absolutely clear that Dan was absolutely nothing to do with them and not connected in any way otherwise rather than the carefully worded statement about what Dan isn’t.

I would like to make it clear that Daniel Loughlin/drlDan is neither an owner, shareholder or an employee of CRC. The comments of Drldan should not be attributed to CRC.

be interesting to see if golf forums are reporting similar issues with ‘golf store europe’ who use the same Export Technologies
Can’t bring myself to check golfing forums though, life is far too short

I’m LOLing mostly at the amateur private investigators and speculators.

would indicate a platform weakness

Remember that server OS, webserver software (IIS, Apache) are also key targets for vulns, not just Windows desktops/laptops 😉 And that’s before I’d start blaming CRC or their E-commerce software supplier.

CRC is not the first, and won’t be the last. Lush got taken out recently… TWICE! and given that they took their entire website offline, I’d speculate that they got hit by an OS or Webserver zero-day vuln rather than their e-commerce s/w.

Still checking my CC a/c…

Oh and that’s another vuln 😉 I registered my CC for online banking last night. Only needed CC no., name as written on the front, etc. If a fraudster has my card details they can verify them online directly with my bank. Then go make a purchase, and they have a few days before my bank sends me the authorisation code by snail-mail.

andytherocketeer – sorry, I was bundling the whole app/db server architecture into ‘platform’ – it’s unlikely that the Ecommerce supplier installs a complete different os/db/etc with each implementation.

If other clients of theres were suffering a similar level of fraud it woudl indicate a generic weakness somewhere in the implementation allowing an external person to access sensitive data rather than actions by an ‘insider’ at CRC (which has also been suggested).

I made the purchase from a PC in one of Finlands most secure Nuclear Power Stations as well.

I’m quite concerned about the unsecure nuclear power stations in a country with such a high suicide rate!

I’m quite concerned about the unsecure nuclear power stations in a country with such a high suicide rate!

I’m quite concerned about the unsecure nuclear power stations in a country with such a high suicide rate!

No need to worry! – I just made that bit up 🙂

‘e-commerce platform’ generally means the whole bundle – network, OS, hardware, and application software on top.

Judging by the length of time (a month or so?) that the attack has happened, not just a single short sharp attack, I would lean towards inside job.

Perhaps one of the IT staff, who has access to the data?

Pure speculation of course…

I got stung for 2 O2 top-up card payments on Saturday. Contacted the bank and the money has been refunded. It is just a pain in the arse, new card not here until Monday/Tuesday next week. I do feel a level of sympathy towards CRC. However, it does cloud my confidence with paying for stuff online, which I do a lot of. I needed more parts this morning, so just called and placed my order over the phone. Maybe Niavely, I have assumed they wouldn’t use their online system to process the card details rather than directly with the card system?

Niavely, I have assumed they wouldn’t use their online system to process the card details rather than directly with the card system?

Your details (name, address, CC, email, etc) would be stored in a database.

The same one used for payment processing 😉

name, address, CC, email, etc

it’s becoming quite unusual to store CC details locally – mostly you just setup the card for continuing auth with the acquirer and store a ref number locally – when you want to take further payment from the same card you just say ‘£10 from the card with ref abc123, please’ and they deal with the rest of the transaction with the bank.