http://www.bikeradar.com/forum/viewtopic.php?p=16801436#16801436
Heads up -
Possible chain reaction security breach?
This happened to me, 4 attempts by t mobile to take 2 quid. Basically checking the card to see if they can bleed it dry. My bank alerted me straight away and cancelled my card.
This has cropped up on here every six months or so. After a spate of fraud I used to be V susiciously of CRC / Wiggle but it turned out to be a local BAA parking machine had a skimmer installed.
This was from the days I used to work in the CC IT world (a few years back). I seriously doubt CRC / Merlin / Wiggle etc (there were rumours about all of these) are allowed to store any CC info in the clear. All transactions are transferred to big name players : Worldpay etc.
Ultimatley, pay by Credit Card - you've got very little to worry about.
Your local petrol station is FAR FAR more likely to be skimming your details than a bike shop.
couldashouldawoulda - the likes of CRC etc are able to take partial and/or delayed payment. That being the case, they must be holding on to the card details somewhere and only presenting them to WorldPay (or equivalent) when the goods are ready to be dispatched?
Couldasoulda
I've had card fraud tracked back to both amazon and a shell petrol station in the past
Both times it was known to mbna, I wasn't the first
No idea in this case if there is genuine Crc link but thought I'd best just warn people in case I know alot of people got a voucher and used Crc last wrk so could be concerned
I only pay using Pay Pal on CRC .in the hope that it is safer than putting my card details in..
Just checked my online banking and had £30 O2 prepay taken out yesterday. I also took advantage of the £10 voucher from CRC...
Looks like i'll be calling the bank 1st thing 🙁
are you safe using paypal?
guess so as they dont send over your details?
always makes me cringe when i checkout on the 'mobile' site
This could well be true. Had 4 unrecognised transactions go out in one day this week after a CRC order, 2x £10
O2 top-up cards then stung for over £600. A call to banks fraud department, card cancelled and money refunded in 24 hours
Hmmm this is interesting.. I had 2 fraudulent transactions on the credit card this week. The transaction before these... Yep you've guessed it... Chainreaction!! 😡
I ordered from Chainreaction last week and guess what???
I've not had any fraud on my account
Druidh. Re: delayed payments, if you do these properly then you still don' t need to hold the credit card details, world pay or whoever still handle it all, I'm building a site at the moment that does exactly this. Not saying that crc do, do this but they don't have to.
I too ordered from CRC using the voucher - and no fraud on my account. I did use paypal though.
If your vouchers worked then they were probably genuine as they were verified by the CRC site.
Nothing in this thread constitutes proof either way.
Just checked as used CRC a fair bit laterly. There's loads of indiscriminate payments been taken off my card, few £ here looks mostly on pointless rubbish. All of them me.
mahowlett - care to explain how that works?
I was called by HSBC fraud detection dept on Friday. £210 taken fraudulently, they then attempted a similar amount again which was then declined. I’d used the card for the first time at CRC a few days before.
Beej: nothing to do with dodgy vouchers.
Not proof in anyway, but I will be mentioning CRC when I speak to the fraud dept tomorrow.
I took advantage of the CRC £10 voucher on monday, thursday two lots of £15 were taken out of my account for O2 prepay.
Could be coincidence but I was thinking it would be something online rather than having my card swiped. I'm by no means the only person being relieved of their money for [url= http://www.google.co.uk/search?sourceid=chrome&ie=UTF-8&q=O2+prepay+slough ]O2 prepay in slough.[/url]
Debit card now blocked, money being refunded and new card being sent out.
Druidh, they're called deferred payments, and I think most of the major gateways support them now basically you send all the details to the gateway in the normal way and the transaction is authorised as usual but the gateway doesn't actually put the payment until you send them notification that it should be paid. This has to be sent in a relatively short timescale though to stop you taking payments months after authorising them, I think the limit is in the order of a few weeks.
Who holds the gateway?
The reason I'm asking is that we do a simple re-direct to WorldPay when the order is placed - and the customer has to just pay up-front. We never hold any card details (it's illegal to do so in Scotland), whereas many of these other sites do hold them - to save the customer having to re-enter them each time.
Hmmm, also had my card done a day after putting through a CRC order- £30 of o2 top-ups.
Not a new thing - I had O2 top ups on my card after using CRC over a year ago, despite never having an O2 phone.
i used to work at RBS, internet companys do this all the time, they pay their staff min wage and then wonder why shit like this happens!
Druidh, worldpay is the payment gateway, you'll need to go to their support site to see how it's done on their system, it's illegal for a site to hold cc details unless they are PCI complaint, something which is quite hard to get and potentially means you could be liable for loads of cash if a card is used fraudulently,
Me too, Used the CRC voucher Monday, has 2 O2 Prepay debits of £15 in Wednesday. Gits!
i have had exactly the same, twice, in the past. had never made a CRC link, but they both made o2 prepay things. i guess crc may have a hole? off to check my accounts
Another order to CRC last week and like everyone else here had £30 of O2 top ups taken from my account and an attempt to send some form of online fax! Props to the bank for acting quickly, stopping the card and refunding the money. Also used the voucher and thought payment would be fairly secure using paypal!
MMm just read this and have checked my account. All fine at the moment having used the voucher last week, so am guessing prob OK. Thanks for the heads up though.
If hundreds or even thousands of card details were harvested, I doubt that they'd test absolutly everyone they'd gathered.
This is only the 2nd time that an internet retailer has been the prime suspect for any fraud on my account, usually it's petrol stations.
I can't say for definite that my details got into the wrong hands via CRC, but there does appear to be a pattern emerging.
Bank have canceled my card and the fraud team have been prompted to call me tomorrow. 🙂
my debit card was cancelled last week by my bank, no fraudulent transactions, but it was 3-4 days after I placed an order at CRC as well...
Had a call from my CC on Fri. Suspect transaction, someone tried to buy something from Apple.
As I now live abroad and the locals don't like CC, I only use this card online. I keep this card for bike stuff, so for the last year or so it has only been used for Wiggle and CRC.
Card canceled and new one on its way.
I hate to say this but I win.
Spent the voucher and more on Sunday,payed with Debit card, and on Thursday. . . £1,305.95 gone out of my account to John lewis.
And no, it wasn't me! :oops:Now in the process of getting my funds back off TSB.
Yup me too, order to CRC Monday night. Call from bank Saturday saying some one had attempted to buy O2 prepays. FWIW didn't use a voucher.
And are CRC looking into this in any way? Any official comment from them?
Stocked up on brake pads last week using the voucher. Paid on a seldom used credit card. Call on Thursday from cc security re 2 x £20 Vodaphone top-ups, 2nd of which they refused. Card cancelled.
Having read the above all seems very suspicious: as per BoardinBob would anyone at CRC care to comment?
Me Too!
Just checked my account and £15 O2 top up debited. Called and cancelled card etc etc!!
Would be interested to hear what CRC have to say.......
I have used the voucher recently and no apparent problems but I paid through paypal....is paypal a lot more secure then direct cc???
Me too, bought some grips on CRC last week, Saturday morning credit card company phones me to say I have been diddled, 3 times £20 vodaphone top ups, £15 O2 top up and money to a charity in the US? Card cancelled and new one in the post, big thums up to mint for being on the ball!
PJ.
has anyone contacted crc about this?
in the light of them being 'the worlds largest online bicycle retailer' thats potentialy a lot of people scammed
[url= http://www.bikeradar.com/mtb/news/article/chain-reaction-cycles-behind-the-scenes-29496 ]http://www.bikeradar.com/mtb/news/article/chain-reaction-cycles-behind-the-scenes-29496[/url]
thankfully i use paypal as i have ordered from them quite a bit lately
The snapper from bike radar... Snooping around the offices a few days ago....he's got to be suspect number 1......
Bought a few things off CRC over the past 2 weeks. First time used Paypal, second time used a combination of £10 off voucher, gift vouchers and Paypal. Don't seem to have a dodgy transactions on my bank account.
and money to a charity in the US?
My gf had this a few months back, some family support charity in Texas 😕 Got the $20 back though
Ooh now then, I ordered some stuff from CRC at the beginning of January which never left the "processing" stage, even when I contacted them a fortnight ago.
They then promptly refunded me the money and apologised, and was then stung for a mysterious £30.00 O2 TopUp Prepay purchase !
I have never been fleeced online before and couldn't understand how my details had been stolen.
Coincidence or a pattern emerging here peeps ?
Brilliant! Bought from CRC for the first time in 6 months on Friday, about to test the whole 24hr helpline thing....
Yep 2 lots of £15 quid taken from my account for O2 top up....only used the card at CRC, in the last 3 weeks.
Not only that but i placed the order on monday and I am still waiting for the stuff to be sent.
I think the UK bike store will become my new online parts provider, always had good service from them, and they answer the phones.
+1 me too, £500 taken on some dodgy canadian airline ticket
I've emailed them to let them know
cheers!
CRC might only be licensed to hold CC details in the servers RAM.
i.e. when the server is switched off, there is no trace of the details.
I am another one who has had money taken from my account after placing a CRC order last week.I used one of the £10 vouchers that was sent to me and yes a couple of days later a £15 payment to O2-slough was taken. I'm not even with O2!
Never had a problem with CRC before and hope that this is a one off.
I think we're well beyond the realms of coincidence now. Soon as they know the facts CRC need to make some form of statement to there customers as to what's has happened. I'm sure they'd like to keep consumer confidence they've built over the years.... But word travels fast in the biking community. There could be many more customers details which have been stolen but are yet to be used fraudulently, if this is the case these cards need replacing before the fraudsters get there chance. Personally my cc company were very interested in this possible link and the numerous posts on biking forums about fraud after shopping with them. They have instructed the fraud dept to investigate this link.
when similar allegations were made about wiggle the biggest response was a denial it was them and then all the threads got pulled as they threatened the forum owners with litigation...
if you use iTunes might be worth checking that on your accounts to.
Daughter got a call from her bank, Santander, someone in Thialand had tried to get £770 out of her account just after payday and a trip to iTunes
I do have some sympathy with that viewpoint Trekster - people have cards registered with sites all over the place - you'll probably find everyone on this thread has multiple retailers online in common.
Am keeping an eye on my account, my CC company totally uninterested when I called them about this 😯 ... Agree though that CRC need to deal with this sharpish.
Just got a call back from CRC, mentioned the issues with cards as I was speaking to them this morning about an order that has yet to be dispatched after a week.
To my suprise ! they said it was not their fault and that I should update the antivirus on my PC as it seems to be just me that had this issue.
Don't think I'll bother buying from CRC in the near future...
BB - if you're bothered use Paypal?
I've just had my card declined for a payment, so phoned the bank and someone's tried to top up on Vodaphone, so now my card's been stopped. I made a payment to CRC a week ago, it wouldn't let me pay using paypal for some reason, I tried a few times as I think it's more secure, so I had to enter my card details eventually ... yep, all seems a bit of a coincidence! The only other payment I've made was with google checkout on Friday. 👿
Good that my bank detected it before payments made though as I hadn't made any previous payments to vodaphone so they were suspicious 🙂 thanks HSBC ... my bank said they had every detail correct, card number, expiry date, start date, code number on the back
Of course it's possible someone on here posted a link to a site containing something that downloaded itself to the PC's of those affected and did some keylogging?
I used CRC last week and on Friday the bank called me to see if I why I was buying clothes from simply b in £50 transactions until my account was empty?
They conceded it was fraud as I am not a larger lady and the delivery address did not match.
Only other people who have my card details are Jungle who kept them so they could refund money after a return.
Seems odd so many people were hit within a few days?
You lot got me all worried then, checked joint account online…
Oh No! 1st of March payment to O2!!!
Hang on the Missus Mobile is O2… Doh.
No fraud here…. Yet.
And only CRC customers clicked on that link?wwaswas - Member
Of course it's possible someone on here posted a link to a site containing something that downloaded itself to the PC's of those affected and did some keylogging?
IS there not legislation in place about how card details are held?
Will be using paypal from now on though.
'No fraud here... yet'
That's what I thought last night, I checked my account after reading this and nothing came up, today my card has been stopped, so worth keeping an eye on just in case so you can contact your bank asap?
[i]And only CRC customers clicked on that link?[/i]
or, alternatively, only CRC customers clicked on a thread entitled CRC security issues?
Just got a call back from CRC, mentioned the issues with cards as I was speaking to them this morning about an order that has yet to be dispatched after a week.To my suprise ! they said it was not their fault and that I should update the antivirus on my PC as it seems to be just me that had this issue.
Thats tosh. I mailed them last night (no reply) and have placed all my orders via a MAC, which whilst aren't virus immune, its very unlikely that it would be infected at the same time with an equivalent virus as a PC.
Hmm my CC got cancelled last week, the last payment before attempted fraud was to CRC. I didn't think it would be CRC at fault as I've used them so much in the past. I made an order on friday on my debit card, now I read this...if that card gets fleeced too it'd be pretty damning evidence IMO. I'll keep an eye on it.
guess I had better call my credit card company and check!
I normally use paypal as I sell stuff and then buy bike parts with it but as I got the voucher I thought I would order some shorts I wanted anyway.
Cheers for the heads up.
"is paypal a lot more secure then direct cc???"
In the sense that it cuts down the number of bits of the Internet that your card details pass through or are stored on, yes. But I question whether it's always advisable, since I would assume you would in practice lose the protection of the Consumer Credit Act. Paypal pays the retailer via a debit from your Paypal balance, whilst the card provider is lending you money only to increase your Paypal balance. By proxying the payment you're no longer being lent money to buy goods from the retailer, ie I would only expect the card provider to assist you in a dispute with Paypal.
And I would never buy stuff online with a debit card!
Ive let them know publicly 🙂
Nothing on mine since using my voucher, however utter paranoia has led me to stop my debit card anyway, had debit card fraud happen twice now in the past couple of years, and corrently or incorrectly both the instances were immediately after Wiggle purchases. Online shopping is convinient and cheap most of the time, but its a proper ballache when things go wrong. Am going to vow to use LBS shops more often
My card has also been stopped within 24hrs of using CRC. Four attempts were made to spend £1 and another was for £15 with O2. Halifax noticed the irregular transactions and stopped further use of my Mastercard. I'd like to think CRC will address these problems accordingly.
Saw this thread last night and having bought some stuff from CRC last week though a precautionary glance of the CC account was called for – sigh of relief all round as no unusual transaction - Sat chilling at home tonight when I got a call from the CC fraud people telling me they had spotted some unusual activity on the account and had I bought some theatre tickets and spent £1700 at John Lewis
Needles to say CC in pieces in the bin & new cards in the post
I bought 2 things from CRC, paid for one with Debit card, and other with Credit card.
Both cards have been 'done'. The Credit card is ONLY used at Chain Reaction.
I sent an email, and a nice lady called LINDA called me back, if you have an issue, please get in touch with her. She says to call her.
She assured me the website is 100% safe, but did not say their staff were trustworthy 🙂
Andrew
I get the feeling people have been clicking on a phoney click through advert that has been harvesting their info, there are a lot of them about, in fact there was a big one on the news last week wasn't there?
Another one done here.
£15 O2 purchase made and prevented by my bank shortly after a CRC purchase on the same card. I also purchased from Merlin and Wiggle last week but there seems to be a theme here!
There is the option to "Delete Previously used Debit / Credit Cards" on CRC.
You all may want to do that just to be safe.
New card 1st time id used it anywhere other than tesco was crc for some new cables and would you believe it 2 x £15 O2 payments and £1 to AOL.
Going to be spending my money elsewhere from now on.
another one here. purchased last week, card hit at the weekend, now cancelled. I have had this happen a few times in the past, but this one looks too much of a coincidence
Another one!
Ordered stuff from CRC on Thursday. Today a couple of phone top up payments...and then wham, whoever it is tried to spend £1600.
Luckily the bank spotted it and decelined it.
🙁
Didn't click through any voucher or anything like that - though I did go through quidco 😕
I know it's only an inconvienience in my case, waiting for a replacement card, but still...grrr.
I've never clicked a CRC banner or visited the site via a referral yet still got walloped with the O2 prepay purchase after a CRC transaction. I've never used one of their discount voucher emails either.
The keylogger / antivirus thing doesnt wash with me.
Regardless of whether CRC is to blame or not I sincerely hope they are looking into this matter internally.
In the meantime pending an offical responce, there's plenty of other mail order companies worthy of my hard earned cash!
Another one here... I read this thread yesterday, and thought about my recent Pro Vibe stem purchase from CRC. Got a call from the card company today, they stopped purchases for £15 of O2 vouchers and £1 for something else and canceled my card.
CRC have been rubbish for a while anyway, takes nearly a week for delivery.
AVOID LIKE THE PLAGUE!!!!!