Are CRC having major web security problems?

couldashouldawoulda

CRC have posted an update on this over here:

http://www.singletrackworld.com/forum/t ... st-2360810

michaelh1

Well I've just had £80 taken out of my account as has a friend of mine we have both used CRC in the last couple of days.

jacko198

Im in the same boat.

Had a call off the bank this morning asking me to ring them ASAP, thought nothing of it so didnt bother. Went out to get some petrol and the card got declined. Turned out HSBC had blocked it and have said that there are a number of cards that have might have had there details cloned recently.

No money taken out, card canceled, new one on the way.

Oh and i didnt use any £10 off voucher

cooldad

Just a thought - anybody open emails from hot eastern european girls who want to get to know you better?

nodding dog

Thanks for that weasel-worded explanation, CRC.

So you're confident that your infrastructure is 'robust'? Really?

After everything that's happened in the last few days you still don't think your security is compromised?

I've just had my card cancelled after using your site. I can't order anything online until the new card arrives, which is really handy when you're renovating an old house.

Weasels.

cat_with_no_tail

nodding dog wrote:

Thanks for that weasel-worded explanation, CRC.

So you're confident that your infrastructure is 'robust'? Really?

After everything that's happened in the last few days you still don't think your security is compromised?

I've just had my card cancelled after using your site. I can't order anything online until the new card arrives, which is really handy when you're renovating an old house.

Weasels.

Bit harsh I think.

cooldad

nodding dog wrote:

Thanks for that weasel-worded explanation, CRC.

So you're confident that your infrastructure is 'robust'? Really?

After everything that's happened in the last few days you still don't think your security is compromised?

I've just had my card cancelled after using your site. I can't order anything online until the new card arrives, which is really handy when you're renovating an old house.

Weasels.

I had exactly the same thing happen after making some purchases on Ebay, HSBC's software is either very good or very sensitive. Inconvenient but bettter than sorting out the hassle afterwards.

And awesome first post.

I blame Wiggle.

chuckcork

Me too.

Saw a warning of this posted on my clubs website from a fellow member, and having made a purchased last week was immediately worried, and for good reason, there were 2 No O2 £15 vouchers purchased using my card yesterday morning.

I've informed CRC about this and that my card is now stopped as a result of this, but even if they don't see my email straight away they'll now about it when the remainder of my order gets rejected by my bank refusing to make payment.

I think it will be my last order with CRC too. Not wanting to be nasty, but I had some fraud done on my card 2 years ago, and the claim form my bank sent me (has anyone had access to your card recently etc) was very, very aggressive in its questions, along the lines of "were you using a website you knew could be compromised?"

If I went back and used them again, after having identified this problem to my own bank, I doubt very much they will refund me.

chuckcork

Additionally, if CRC are aware they have a massive, gaping hole in their security, as seems to be clear, are they being more than slightly reckless in not warning people who visit their website of it?

Just letting customers plug in their details, to be ripped by some by fraudster, with the customer left to sort it out with their bank afterwards?

steve_muzzy

CRC seem aware now so hopefully things will be sorted

hope others don't get affected as well

delta5

'nother one here.
Ordered from CRC on 1 Mar. Thought I'd escaped, but hey petrunko, the grand sum of £1.01 was spent at O2 Slough on 5 Mar. My cc company had picked up on it and had not approved the transaction - but they had not notified me either.

As cc frauds go, £1.01 must be some kind of small-time record. Less spectacular than the £11k job a couple of years ago on a different card (with a £3k limit mind you), which that bank then managed to double instead of crediting, and then the plonkers tried to charge me interest on the £22k too. That one took months to sort out.

cat_with_no_tail

They'll have been testing it. If they'd got away with that, you'd have seen one or 2 more small ones, then it'd get hammered.

maryka

Just posted a warning about this last night on my club's forum and on twitter and immediately half a dozen clubmates come forward to say they've been ripped off after using CRC's site. So I agree with the guy that called CRC a bunch of weasels -- sorry but all evidence points to them and their site being the problem here.

Yet if you visit their site now, not a word is mentioned about it, not even to reassure people that the problem is fixed or that it won't happen again. And they only posted on a few forums (a mealy-mouthed response) after people started complaining? Pretty lame. They deserve what they get in bad word of mouth on this one for their pathetic handling of the issue.

dynastarg9

I bought a whole bunch of stuff from CRC last week and my card hasn't been touched. Are you sure your machines aren't compromised instead? I've had my cards used in all sorts of dodgy places before and CRC hasn't let me down.

Of course you all have one thing in common for being on here... mtbing. So it's likely that you've all been shopping at CRC recently. Whether or not they're the common factor, then that remains to be seen.

I for one, don't really care about card fraud. If my card gets used without my permission, then it's the bank's problem not mine. It's happened a few times in the past and barclays have always sorted it out with no problems (sure I've had to sign the disclaimer).
Just be sure to use a Visa debit and not one of those others. Then you're covered for loss.

sniper68

Lets face facts here.Whether or not CRCs site is compromised it's not actually their fault.Blame your bank.If anybody is a "weasel" then it's them.Card fraud happens every minute of every day all over the world and yet the banks do sweet FA about it.Chip and Pin what a load of bollox.If someone nicks my wallet they can go online and buy stuff with my card before I've even noticed my cards have gone!Cloning a card must be a piece of pi$$ as it happens all the time...so....why not make it impossible to do?Why don't banks spend some of their ££Billions of profits on designing better technology?
They couldn't give a FCUK that's why.
I've just booked a campsite on my card over the phone and were asked:-
1.Name on card
2.long card number
3.expiry date
4.security number on the back.
I could have used a stolen card and they'd be none the wiser :roll:

Anonymous

ibbo68 wrote:

Cloning a card must be a piece of pi$$ as it happens all the time...so....why not make it impossible to do?Why don't banks spend some of their ££Billions of profits on designing better technology?

It's impossible to MAKE it impossible to do. And banks already do spend billions trying to harden their security systems. At the end of the day, security is always a cat-and-mouse game. The people doing the securing are always fighting to try and stay one step ahead of the bad guys, or in a lot of cases, to catch up with the bad guys.

canowords

My card was done as well after indulging in CRC's "Welcome Back" offer - HSBC spotted it straight away, just the inconvenience of waiting for the new card and remebering to change details with other companies.

One thing I've noticed though, on Bike Radar's front page the list of Forum topics usually represents the latest "trending" threads no?

The CRC issue is being talked about in The Hub and Cake Stop, yet BR doesn't seem to be showing the problems with their Retail Partner and significant advertiser anymore ... mmmmh

Anonymous

I thought the BR homepage just shows the latest posts.

sniper68

yeehaamcgee wrote:

It's impossible to MAKE it impossible to do. And banks already do spend billions trying to harden their security systems.

Can't disagree more.Nothing is impossible and I doubt banks spend millions let alone Billions.The card has been around for over 30 years now,there has to be an alternative.

Anonymous

No, I mean the reason it's impossible is because the fraudsters will always find a way around it.
The only way to get around it would involve some kind of genetic information, tying us to it. But that would be unnecessarily invasive, and would likely be widely objected.
And hell, even then it's not 100% foolproof.

chuckcork

maryka wrote:

Just posted a warning about this last night on my club's forum and on twitter and immediately half a dozen clubmates come forward to say they've been ripped off after using CRC's site. So I agree with the guy that called CRC a bunch of weasels -- sorry but all evidence points to them and their site being the problem here. .

'Negligent' is what a fellow cyclist in the office said when I mentioned it to him.

And your right, with the number of people being affected you would think CRC would be going out of their way to make their customers aware of the issue rather than hiding and hoping for the best. Checked their website at lunch and not a thing about it. Not good at all.

Again, thanks for the heads up on the KW site, I knew there was a good reason to log on while having breakfast! Certainly gave me a good reason to be late for work.

I've been done before with card fraud and while the money comes back eventually tis always an unpleasant wait, especially if the barstewards take enough out you go into an overdraft and then have no money at all until your bank refunds it (as happened to me 2 years ago)

chuckcork

dynastarg9 wrote:

Of course you all have one thing in common for being on here... mtbing. .

No, I'm a long-commute road cyclist, doing 19 miles each way, 4 days a week.

tx14

ibbo68 wrote:

yeehaamcgee wrote:

It's impossible to MAKE it impossible to do. And banks already do spend billions trying to harden their security systems.

Can't disagree more.Nothing is impossible and I doubt banks spend millions let alone Billions.The card has been around for over 30 years now,there has to be an alternative.

when it comes to cryptography and maths in general, there are plenty of things impossible.
I do agree that there should be more security measure developed. although it seems the bank's profits are not hurt enough for them to care.

dynastarg9

chuckcork wrote:

dynastarg9 wrote:

Of course you all have one thing in common for being on here... mtbing. .

No, I'm a long-commute road cyclist, doing 19 miles each way, 4 days a week.

Give it some time. You'll see the light

lvquestpaddler

Fecking marvellous never used CRC until tonight. Never looked at this part of the forum until tonight. Wish the order I'd done this was reversed. Is Mastercard Debit covered?
Will be checking my account online now..... :evil:
Has anyone bothered their a**e to post this up in the other parts of the forum?

Anonymous

Hey, from the Cairngorns. I was up there on the weekend. Beautiful area.

Erm, this is in the cake stop as well I believe. Can't stick it everywhere, sometimes the world is a dangerous place and we can't look after you all the time.

cat_with_no_tail

lvquestpaddler wrote:

Fecking marvellous never used CRC until tonight. Never looked at this part of the forum until tonight. Wish the order I'd done this was reversed. Is Mastercard Debit covered?
Will be checking my account online now..... :evil:
Has anyone bothered their a**e to post this up in the other parts of the forum?

The fact they are aware of the issues and have posted about it suggests to me that they have now plugged whatever hole they had in their / their processors systems.

I'd certainly not be worried about making a card deposit there now (if I didn't already make my purchases through PayPal).

chuckcork

dynastarg9 wrote:

chuckcork wrote:

dynastarg9 wrote:

Of course you all have one thing in common for being on here... mtbing. .

No, I'm a long-commute road cyclist, doing 19 miles each way, 4 days a week.

Give it some time. You'll see the light

I see no lights for about 5 miles of my ride, if I'm lucky.

lvquestpaddler

After inputting my card details I scrolled down(titchy netbook) and saw the Paypal option but just continued thinking " better CRC getting the full amount than PP skimming their percentage"...! never again if PP is more secure as some have suggested.

Anonymous

PP aren't necessarily more secure, it's just that in this instance, they do not appear to have fallen victim.