Are CRC having major web security problems?

1235789

Comments

  • hondadominator
    hondadominator Posts: 1
    Just noticed this thread after being directed here by a thread over on Bike Biz. Used CRC last week and sure enough I've now had 4 lots of vodaphone topup used in Newbury.

    Tried ringing my CC company but the fraud part is closed until Monday. My card is a company credit card and only gets used for suppliers, this was a one off use with CRC.
  • lhoward1976
    lhoward1976 Posts: 29
    Cat With No Tail wrote:
    FFS, the way some people are going on, you'd think CRC arranged this on purpose.
    ...
    To try and bill CRC for something that was pretty much out of their control and was at MOST, a very minor inconvenience to you is nothing more than petty.

    There have been a couple of comments similar to the "it's out of their control" one above, while at the same time assuming that it's CRC's site that's at fault. In my mind, the two are mutually exclusive - if it's CRC's site that's let the card details go walkabout, then it is simply nothing other than their fault.

    Clearly there are other possibilities - underpaid staff at the payment processor's call centre nabbing some details to sell on, for example... but if it's CRC's site, it's CRC's fault. Simple!

    As for "go to you LBS and use cash - there's no chance of fraud" - wakey wakey! Go and check the latest stats on ratios of real vs. forged notes and coins.
  • MuchoConfuso
    MuchoConfuso Posts: 16
    Ok so... 2x wall mounted bike stands, 1x windproof jacket and a bell, ordered on the 8th. Card not used since then.

    Natwest Credit Cards just phoned up and asked me if I've spent anything else, I say no, and turns out that I've 'bought' a £15 O2 top-up and £39 of Xbox Live points. It's fortunate that they caught it in time but lets be honest, CRC have had a major breach somewhere.

    What's more annoying is that it took several days for the goods to be packed before posting and I still haven't received the parcel yet! :lol:

    PayPal for all online purchases from now on!
  • allen.coulson
    allen.coulson Posts: 424
    Same here. Ordered a tyre and some bits and saw that later on some tw@ had spent £450 on a satnav!

    When I saw it was a satnav I just guessed that the leak was from CRC.

    Called Garmin who were only slightly interested and would not give me the delivery address - but it was NOT in NI which restore a bit of faith!
  • allen.coulson
    allen.coulson Posts: 424
    FFS!! I've just had another satnav bought on my account - one on Friday and one today. This was on a mastercard debit account and the bank asked me to go to the police - which is fair enough but they also said that I should fill in a form and they will try and get my money back!!!

    I explained that as I had not bought anything then I don't have to pay for it and reminded them that the Consumer Credit Act sees things my way. They then said that they'd refund when they got the forms back!!

    The glass is half full however - I work for CSR which makes the chips for Garmin!!
  • lhoward1976
    lhoward1976 Posts: 29
    allen.coulson wrote:
    This was on a mastercard debit account
    allen.coulson wrote:
    ...reminded them that the Consumer Credit Act sees things my way.

    ... and they didn't remind you that it doesn't?

    Doubt you'll have any trouble, mind...
  • Richie63
    Richie63 Posts: 2,132
    The lad I go biking with got done this weekend buying lizard skins grips from CRC. :(

    Phone topups and insurance something or other
    I'm going to blow the bank on a new build ( within reason ) NOW DONE!!
    http://i570.photobucket.com/albums/ss14 ... 010362.jpg
  • guinea
    guinea Posts: 1,177
    One question.

    Are CRC PCI compliant?

    Does anyone know?
  • Northwind
    Northwind Posts: 14,675
    Yay, I feel like part of the cool crowd now, phone call from my bank this morning.

    For anyone who still wants to believe that this isn't anything to do with CRC, I asked "Have you had a rash of fraud related to a bike shop?" and they said "Oh yes... I'll pass on your details to the team dealing with the Chain Reaction issue"
    Uncompromising extremist
  • blister pus
    blister pus Posts: 5,780
    and you went through CRC's paypal facility, NW?
  • Pirahna
    Pirahna Posts: 1,315
    Just found this thread. Had a card cloned last week, one of the very few candidates was CRC. I initially tried to use Paypal for the purchase but had the transaction declined by CRC so used a card instead.
  • lawman
    lawman Posts: 6,868
    by the sounds of it CRC have a serious problem, the odd one or two problems is probably quite common, but for it to be happening like this, and for going on as long as it has already with so many people, CRC really need to buck there ideas and do something about it, they are quite clearly aware that there are problems, and given their reputation i expected them to have sorted it out by now, they certainly wont be getting any business from me until its sorted :roll: it would happen just when they have everything i need to finish my buiold off in stock as well :evil:
  • Northwind
    Northwind Posts: 14,675
    blister pus wrote:
    and you went through CRC's paypal facility, NW?

    Nope, direct with the credit card.

    (I've used the Paypal option for ages, this card's completely dormant and hasn't had a transaction for, oh, months at least but of the few transactions it was used for, one was my Mmmbop)
    Uncompromising extremist
  • D-Cyph3r
    D-Cyph3r Posts: 847
    Ordered an SDG I-Beam saddle/seatpost combo last wee, arrived a couple of days later, no fraudulent use of card to date.

    I paid with paypal.
    My Hectik Custom Build Log
  • cat_with_no_tail
    cat_with_no_tail Posts: 12,981
    D-Cyph3r wrote:
    Ordered an SDG I-Beam saddle/seatpost combo last wee, arrived a couple of days later, no fraudulent use of card to date.

    I paid with paypal.

    + Potato, I've had a few things off them over the last couple of weeks, maybe 4-5 seperate orders. No problems here. In fact, I've been impressed because they seem to have got back to the sort of delivery speed we were having last year.

    Not saying there are not problems, it's fairly plain to see that there are, but they seem to be limited to people making card purchases over a specific few days.

    From the post they made, I get the impression they were aware of a leak which has now been plugged, and are looking to make sure it can't happen again.

    Of course, my opinion will change completely if anyone has made a purchase since the 9th and had fraudulent transactions from it as after this date they were clearly aware of a problem.
    "Avan-TT"
    F*cking Fast 29er
    Rapid Rose Roady
    Bionicon Beast
    Rockhopper Communter
  • V5ade
    V5ade Posts: 192
    Previously I've had good service from CRC (bought bikes and loads of part), however I'm not going to use them again until it's confirmed that this issue is resolved. I'd feel pretty stupid if I did buy something from and became a victim of card fraud after these warning signs. In fact I have spent some money online today, but it was with another supplier due to my loss of confidence with CRC.
    A good reputation is hard to earn, but very easy to loose (fairly or not). They need to do some PR quickly or it's going to affect their business.
    I hope there is a positive outcome.
    Somewhere in the Surrey Hills :-)
  • allen.coulson
    allen.coulson Posts: 424
    I sent them a stroppy email and told them that as far as my business is concerned forget it. In fairness they did leave msg on voicemail so they are trying.

    ..but they are still fired - sine die.
  • Anonymous
    Anonymous Posts: 79,667
    Yeah, cause the REAL bad guys are CRC :roll:
  • fastandfuriousxc
    fastandfuriousxc Posts: 183
    Ordered from them on the 4th March and just had £20 go out of my account to a 02 prepay card (14th March) twice the value of what i brought, expensive couple of tubes they could have been :wink: . Paid through crc payment not paypal on a debit card, luckily getting the money back from bank.
  • allen.coulson
    allen.coulson Posts: 424
    yeehaamcgee wrote:
    Yeah, cause the REAL bad guys are CRC :roll:

    No but they are complicit by not assuring their internet banking security. This is not a corner shop - it is one of Europes biggest online cyclestores who can afford state of the art security.

    Your shriug the shoulders attitude shows that you are ignorant of the consequences of THEIR security lapse and subsequent THEFT by a third party. I can't use my card - DD will not be paid - the consequence affects me. So blx to them - I'll never use them again - but I'm sure they don't give one.
  • Northwind
    Northwind Posts: 14,675
    Incidentally isn't it nice to have some good news about banks? Hope these fraud prevention bods get a gigantic bonus :lol:
    allen.coulson wrote:
    No but they are complicit by not assuring their internet banking security. This is not a corner shop - it is one of Europes biggest online cyclestores who can afford state of the art security.

    I'm going to go out on a wee bit of a limb here, I think it's got nothing to do with internet security... No amount of money spent stops inside jobs.
    Uncompromising extremist
  • KJ FOX
    KJ FOX Posts: 24
    Got hacked on the 12th march with 2 £15 o2 top ups on the same day,i don't have a top up phone and had been using CRC ordering stuff that weekend?.. :evil: :evil:
  • bennett_346
    bennett_346 Posts: 5,029
    Just to be safe can we confirm that paying through a registered paypal account to use crc is still safe?
  • PresumingEd
    PresumingEd Posts: 82
    Just stumbled on this thread whilst I'm waiting for my new debit card; within a few days of ordering from CRC my card details were used for a number of fraudulent transactions, including the seemingly obligatory £15 top up with O2.

    This is actually my 3rd fraud case inside 6 months. The previous 2 were on credit cards that had been used for buying cycle gear online but I can't tally the first case to any CRC purchase, so its clearly not just CRC that have security issues.

    It could even be nothing to do with CRC (although that does sound extremely unlikely given what has been said on this thread) as on Monday my work PC, from where I tend to do most of my online shopping, had to be cleaned up following major spyware and virus infections!
  • antfly
    antfly Posts: 3,276
    I hate to bang on, but people, just use paypal online and there's virtually no danger.
    Smarter than the average bear.
  • Anonymous
    Anonymous Posts: 79,667
    antfly wrote:
    I hate to bang on, but people, just use paypal online and there's virtually no danger.
    Right now, no, but Paypal is no more inherently secure.
  • antfly
    antfly Posts: 3,276
    I would say it is a lot safer and this case at the moment is a good example.
    I know I haven't been done since I started using it exclusively, before that it happened 3 times.
    Smarter than the average bear.
  • blister pus
    blister pus Posts: 5,780
    the paypal system itself is inherently more secure because of the layers of security and encryption they can afford to use backed up with the man power to deal with any issues, but nothing is bullet proof, apart from the fully isolated systems, deep underground behind nuclear blast proof doors surrounded by above ground 25 mile radius 'lethal force will be used' exclusion zones and staffed by an army and air force to back it up.

    I'd still veer away from using CRC until they nail the problem(s) because no-one on the outside has a clue as to where the problems are as of yet. And until further information is forthcoming, then that's the way it is.
  • supersonic
    supersonic Posts: 82,708
    Luckily Paypal isn't housed in Fukushima 5.
    GT ZASKAR CARBON TEAM

    VOODOO CANZO

    Come and see me at https://www.facebook.com/biketyke/
  • I-S
    I-S Posts: 13
    Call from my CC company today - had I tried to make a purchase at an Apple store? - No.

    Used CRC last week for first time ever, card now canceled...

Categories