Are CRC having major web security problems?

charlieonix

I got done yesterday, 3 lots of £265 to somewhere in Milton keynes!
Luckily lloyds picked up on it and blocked all three, new card sent etc...

Guess what, I bought off CRC with a £10 voucher last week too!

plodtv

lhoward1976 wrote:

Equally likely: there's a dodgy ad on a site somewhere that's caused the victims to be infected by malware. Make that a million dodgy ads on a million sites. There are probably a bunch of people on a lizard-fancying forum somewhere complaining that since they've recently bought something from geckos-r-us.com they've seen dubious transactions.

I use Linux. (which I do not think makes me immune to such things, but it does make me immune to the same attack)

CRC when processing your card do not use the 3dauth stuff (which I am signed up for). I wouldn't have believed it was CRC based on my history of purchases with them, but alas the only purchase I have made this month (non dd or standing order or cash) was with them, and there does _seem_ to be a pattern in this thread.

rockmonkeysc

I had a pretty serious case of card fraud since using CRC last week. Amounts between £2000 & £4500 were taken from my account and paid in to various credit cards as well as smaller payment to a mobile phone shop. Total taken was nearly £12,000 :shock: All now refunded. Cant get in touch with CRC as the website seems to be down now & can't find a phone number

steve_muzzy

02893 352 976

CRC phone number - they have caled me but I missed the call, tried to call back and on hold for some time. Looks like they have found the leak and are trying to fix so hopefully it wil lbe done soon.

iankennedy

I also got stung. Used the 10 voucher and got 50 taken from my card. All refunded though

Ian

Upliftdownhill

another victim here - £1 international fax and then 20 minutes later £15 O2 top up. bank was on the phone straight away and blocked card.

Was blaming a curry house i'd used for the first time, but guess what: I used the £10 CRC voucher last week as well..

neninja

Chatting to a mate last night and he told me he'd just had to cancel his card due to CC fraud.

He didn't know about the CRC link but guess where he'd used the card just before the fraudulent transactions (this is a card he rarely uses so it had only been used about 4 times this year). He phoned CRC who denied there was any issue.

I find pretty it disgusting that CRC haven't contacted all the customers who've used them in in the period in question to tell them to check their bank cards.

They are at risk of long term damage to their reputation.

alfablue

steve_muzzy wrote:

I did a bit of reasearch before posting and was trying to do further research hence the post, just to confirm that it was CRC and not someone else (I use Amazon a fair bit)

I don't know how you can confirm it was anyone without proof. You know, Amazon stores your card details by default, why not them, then?

If you google "Chain Reaction Credit Card Faud" you get several biking forums with people like me unfortunately who have suffered.
.

Ah, proof then . . . I hardly think so!

People suffer from card fraud
People who use bike forums suffer from card fraud
People on bike forums buy bike stuff from online bike shops
More people on bike forums by bike stuff from the biggest online bike shops, like CRC, Wiggle.

People on bike forums put 2 and 2 together and get 5 and make unfounded allegations based on coincidences.

Same sort of stuff on these forums plagued Wiggle in previous years. As far as I know nothing was ever proven.

neninja

alfablue wrote:

People suffer from card fraud
People who use bike forums suffer from card fraud
People on bike forums buy bike stuff from online bike shops
More people on bike forums by bike stuff from the biggest online bike shops, like CRC, Wiggle.

My mate who's card had to be cancelled doesn't use any bike forums.
He's only used the card a handful of times this year and the latest transaction was CRC.
He knew nothing of the current issues CRC being discussed on various forums.

Too much to be coincidence for me.

alfablue

neninja wrote:

alfablue wrote:

People suffer from card fraud
People who use bike forums suffer from card fraud
People on bike forums buy bike stuff from online bike shops
More people on bike forums by bike stuff from the biggest online bike shops, like CRC, Wiggle.

My mate who's card had to be cancelled doesn't use any bike forums.
He's only used the card a handful of times this year and the latest transaction was CRC.
He knew nothing of the current issues CRC being discussed on various forums.

Too much to be coincidence for me.

Suspicion is understandable, as is caution, as is use of PayPal, but making statements suggesting definitive proof is not really the done thing when there is nothing but circumstance. Such posts also end up in Google searches and become someone else's "proof" - meanwhile a potentially innocent company has to take the hit to their reputation on the basis of un-founded gossip.

shm_uk

If you google "Chain Reaction Credit Card Faud" you get several biking forums with people like me unfortunately who have suffered

And a lot of these will be the same people on different forums ...

alfablue

I think the thread title is potentially libellous too!

Northwind

alfablue wrote:

People on bike forums put 2 and 2 together and get 5 and make unfounded allegations based on coincidences.

There'a a difference between not having categorical proof, and making an unfounded assumption, but the people reporting that they've had brand new, never-before used cards have fraud against them after a transaction to CRC, that's a bit of a giveaway really.

antfly

Nobody has claimed that their cards have never been used before, though.

Anonymous

Hmm, I'm waiting for this month's statements to come through (they're the only ones I get any sensible details with).
My account seems to have lost a HELL of a lot of money, much more than I can remember spending.

Northwind

antfly wrote:

Nobody has claimed that their cards have never been used before, though.

Take a look around :?

desweller

Bugger. Looks like I've been nobbled too, or at least HSBC cancelled my card yesterday in response to 'information that my card details are in a group that have been compromised'. Made a purchase on CRC last week too.

blister pus

All it takes is for CRC to put a notice up saying they are aware of the situation and are in the process of verifying whether or not their website is the source and people will be informed. It's piss poor damage limitation on their part for me.

It's like me, I haven't bought anything bike related since xmas and I'm looking for a new front tyre and spotted one at CRC. Am I going to use the site? Probably, through paypal but I'm now looking at alternatives elsewhere.

ProfPing

crap, wish I'd seen this post a couple of days ago. Bought some disc pads on monday morning.

Tried to buy some replacement helmet pads on monday evening from a different PC / Ip address and I was told my card was blocked. Tried through paypal using the same card and was told the card was blocked.

Went to Tescos in the morning and the transaction worked fine on the same card.

Will keep an eye on the bank account.

Anonymous

That's kind of what's freaking me out. I went to a cashpoint, and was told that I'd already taken my maximum amount for that day, even though I hadn't used the card in over a week. :shock:

antfly

Northwind wrote:

antfly wrote:

Nobody has claimed that their cards have never been used before, though.

Take a look around :?

I have, nothing about brand new cards. The evidence is mounting ,though. I`m glad I use paypal.

Northwind

antfly wrote:

I have, nothing about brand new cards.

It's been mentioned by people on other forums.... I think MTB Borders and either SDH or Pinkbike.

rockmonkeysc

My new card had only been used at my local Sainsburys & one transaction at CRC before I got stung. Pretty certain that it was CRC

steve_muzzy

I came on here to see if I could find others affected if you read my post - maybe should have put a question mark in my title? (can a Mod change this?)

Amazed at the response...

Does anyone who works for CRC post on here?

alfablue

steve_muzzy wrote:

maybe should have put a question mark in my title? (can a Mod change this?)
?

you can edit the title

mozzy10

saw this thread at work today. I ordered some gels and sports drinks from CRC last week. Checked my account just now and sure enough two transactions have been taken out, each for £15 for 02 Prepay (I'm on orange and pay by monthy direct debit).

I phoned my bank but they didn't know anything about CRC. To be honest it's so many people now that it has to CRC, far too much of a coincidence.

mozzy10

Just spoke to chainreaction. They are aware of the situation and their security team are aware of the situation. Chainreaction does look like the platform for which the details have been stolen. I urge anyway who has used chainreaction to check their account or contact their bank immediatly.

ragtop

Just checked my account after reading this thread. Good job too as i rarely look at it. Bought a few bits on CRC to use my £10 voucher and now some cheeky sod has topped up their phone on my card. Thankfully my bank are on top of it and have cancelled the card, refunded the money and have a new one in the post already.
I think any form of payment which is done online whether it is credit card, debit card or paypal is open to abuse by nefarious characters. The old saying 'where there's a will, there's a way' comes to mind.

Andy B

CRC have replied on STW forum

Hi everyone,

Apologies for the delay in responding to the concerns you have expressed. We do take your comments very seriously and we understand the worry and frustration caused by credit card fraud. We would emphasise that the number of concerns brought to our attention is a tiny fraction of the number of transactions that we process on a daily basis, but no stone will be left unturned in our investigations.

Our own infrastructure is routinely and independently tested and we are confident that it is robust. We are working with industry experts including the card processing companies to identify possible causes both inside and outside the control of CRC.

We will update you with further information as and when we have it. In the meantime, if you are a customer of CRC and have been recently affected by any of the matters discussed, please contact us on +44 (0)2893343758 between 9am – 5.30pm or email enquiries@chainreactioncycles.com and we will be glad to help you.

The CRC Team

crccustomersupport

Hi everyone,

Apologies for the delay in responding to the concerns you have expressed. We do take your comments very seriously and we understand the worry and frustration caused by credit card fraud. We would emphasise that the number of concerns brought to our attention is a tiny fraction of the number of transactions that we process on a daily basis, but no stone will be left unturned in our investigations.

Our own infrastructure is routinely and independently tested and we are confident that it is robust. We are working with industry experts including the card processing companies to identify possible causes both inside and outside the control of CRC.

We will update you with further information as and when we have it. In the meantime, if you are a customer of CRC and have been recently affected by any of the matters discussed, please contact us on +44 (0)2893343758 between 9am – 5.30pm or email enquiries@chainreactioncycles.com and we will be glad to help you.

The CRC Team