Are CRC having major web security problems?

steve_muzzy

I jsut ordered from CRC this week and have now found someone has gained access to my debit card details and has been using my card !

The bank called to let me know and said I was the 3rd person that day who had CRC as a very recent transaction.

It may be coincidence - hasa anyone lese had problems?

sniper68

This is why I use the Paypal payment option 8)

Herbie The Dog

Make that a 4th...ordered some Shimano M087 shoes and a few days later my card details were used by someone in Newbury to top up their Vodaphone.

Fortunately Santander were on the ball and declined the payment. This is why I only use credit cards when shopping online..

Ibbo - if they can access your card details they can access your paypal account.

steve_muzzy

just foudn out one of my mates was done as well- hav sent them an e mail and posted on facebook page.....

Not great !

Melrin/wiggle will just get more of my cash for a while I think

sniper68

Herbie The Dog wrote:

Ibbo - if they can access your card details they can access your paypal account.

Probably although when cards have been hacked(and not just on CRC) before my Paypal account never has.Not saying it's 100% but safer IMO 8)

welshkev

not been done by CRC but both my personal debit card and work credit card have been used fraudulently lately, it seems the crooks have found a new way to access our details

blister pus

Paypal has one of the most effective security and firewall set ups of any industry, which is why they weren't compromised during the Assange revenge hacks.

Mattyleh

I had a call from HSBC last night to say somebody had got hold of my CC details. I ordered some new tyres for CRC last week. This will be the 3rd new CC in 2 years.

Herbie The Dog

Sounds like CRC have a security issue. Wonder if the banks have told them but hopefully they've fixed the issue already.

Does anyone from CRC post on here?

deets

I've just had the same - HSBC ringing after a CRC order to say that they thought my card had been copied as someone had since made some rogue transactions

butcher of bakersfield

Herbie The Dog wrote:

Ibbo - if they can access your card details they can access your paypal account.

I can't remember the exact set-up on CRC but I assume that you input your card details on their site and they get sent over to the payment provider (which, if true, is generally where the security holes are).

Paying by Paypal, you will be directed to Paypal's website, where you input your card details. Your payment details aren't touched by CRC, and you have the confidence of PayPal's security.

Sites like CRC have to comply with fairly strict standards these days, but as with anything, there's always a way around.

getonyourbike

The only real problem with CRC for me is that their website loads very slowly for everything and sometimes doesn't work at all. It's getting annoying. It must be to do with their new website layout. Well, it isn't that new anymore.

tx14

steve_muzzy wrote:

I jsut ordered from CRC this week and have now found someone has gained access to my debit card details and has been using my card !

The bank called to let me know and said I was the 3rd person that day who had CRC as a very recent transaction.

It may be coincidence - hasa anyone lese had problems?

I call bull. No respectable bank would tell you that.

sniper68

tx14 wrote:

I call bull. No respectable bank would tell you that.

Two first time posters claiming their cards have been hacked on CRCs website.. :? .......maybe they work for the competition


Just a thought

blister pus

Easy enough to verify. Get a mod in official mode to get someone from CRC on here. Should straighten it out. Or send this link to their CS.

Neily03

Ordered something of CRC a week ago, got a call from my bank this morning that someone had spent £15 on an O2 topup....... They're sending out a new card and refunding the money.

Lapierre t 400

sounds like someone has found themselves a nice little loophole in CRCs system

bails87

Or it could be that credit card fraudsters exist, and have been busy lately, and everyone on here buys stuff from CRC every week, so it seems like a coincidence

D-Cyph3r

Very nearly made an order on CRC last night but backed out on the payment stage (spidey senses tingling?).

There's clearly something going on with them atm so it's a bit irresponsible that theres nothing on their site about it.

Not that it matters much now, over the last few months they have become more expensive and less well stocked than the likes of Merlin (who have no just given out VIP accounts for 10% off everything, awesome) and even Ebay, where i've been buying most of my gear from lately.

antfly

Just use paypal and it won't happen.

dirtbiker100

I took advantage of the CRC £10 voucher on monday, thursday two lots of £15 were taken out of my account for O2 prepay.

Could be coincidence but I was thinking it would be something online rather than having my card swiped. I'm by no means the only person being relieved of their money for O2 prepay in slough.

Debit card now blocked, money being refunded and new card being sent out.

Heading South

Me too. £15 to O2 prepay in Slough.

My bank are a useless bunch though, they're sending me a dispute form to fill in - apparently the department that deals with freezing cards etc isn't open at the weekend :evil:

Raymondavalon

Not good at all, seems that there's an exploit running on the CRC Servers
It seem that as it only happens to "new" transactions telling me there's a hole in their SSL layer, allowing someone to actively capture the CC details during the transaction.
If they had a free run into the Server database rest assured that they would run amok with thousands of CC details.

Strangely enough I've only ever used PayPal for CRC transactions. PayPal's security is a tight as a ducks @ss in ice cold water, so I'd recommend using PayPal until CRC get their act together.

Has CRC made any official statement on this? Has anyone contacted CRC to highlight this issue?

plodtv

just like to echo, I took advantage of the tenner off and then got an o2 top up for 15quid, though lloyds tsb were on the ball. Have been racking my brain all week as to what could have been the problem till reading this thread.

Not having a debit card this weekend has been a real ball ache.

clanton

Another victim here - CRC order on Wed, fraud the same day, luckily declined by Barclays - and I have my new card already.

BTW I have already had fraud through my Paypal account which I have since stopped using. Nothing is safe - you need to watch your bank statements.

steve_muzzy

ibbo68 wrote:

tx14 wrote:

I call bull. No respectable bank would tell you that.

Two first time posters claiming their cards have been hacked on CRCs website.. :? .......maybe they work for the competition


Just a thought

I have posted before but can't remember my log in name etc(its been some time...)

Its was Bank of Scotland and the guy told me obver the phone that 3 other people had been affected who had a simialr transaction and it was for o" and orange top ups

I certinly don't work for anyone else and am a real person, not a troll etc .. sheessh!

I e mailed CRC but only got a standard response saying they had my e mail, since posted on thier facebook

shm_uk

posted on thier facebook

What!? Are you 9?

lhoward1976

Not sure all this indicates CRC is at fault... there's at least one other glaringly obvious common factor: everyone that's reported the dodgy transactions also frequents bikeradar.com (and probably a number of other sites)

Equally likely: there's a dodgy ad on a site somewhere that's caused the victims to be infected by malware. Make that a million dodgy ads on a million sites. There are probably a bunch of people on a lizard-fancying forum somewhere complaining that since they've recently bought something from geckos-r-us.com they've seen dubious transactions.

Certainly more feasible than there being "a hole in their SSL layer" :-)

While I'm here, does anybody know an LBS that takes o2 top-up vouchers as payment? I'm in the Slough area...

steve_muzzy

I did a bit of reasearch before posting and was trying to do further research hence the post, just to confirm that it was CRC and not someone else (I use Amazon a fair bit)

If you google "Chain Reaction Credit Card Faud" you get several biking forums with people like me unfortunately who have suffered.

Sure it will be an easy enough fix for them but until they do I won't be going near the site - big shame as I have spent £££ in past and the are my usual first port of call for new bits.

Northwind

blister pus wrote:

Paypal has one of the most effective security and firewall set ups of any industry, which is why they weren't compromised during the Assange revenge hacks.

Derail, but they were DDOS not hacks, the attacks were succesful and took down the Paypal service for the duration, it wasn't any attempt to gain account information etc. Still just pointless temper tantrums mind.

blister pus

there were various attempts made on all involved and as i understand it from some of the paypal firewall developers who were busy blowing their own horns on a couple of mailing lists a variety of methods were used and thwarted, but you're right it comes down to the crude and limited with limited effect DDOS attempts that made any type of impact and it was only parts of the front end that were affected for a short while. you can imagine the layers of security something like paypal operates under.

and the geezer going on about paypal fraud, yes there are plenty of scams kicking about as you'd expect with something like paypal but most are detected and sorted pretty quickly, they can't afford a mass loss of confidence in their system. it's about as good as it gets outside of uber classified military shit