coolio... I also shopped at CRC last week and used the £10 voucher, but no fraud on my account (yet... touch wood!), been keeping a close eye on it though!
i went in normally too as my voucher had expired by the time i made up my mind about my wheels 🙄 Am glad the bank picked up the transactions on my cc and called me, but i have now have no debit or credit cards and won't have for a week.
I'd like to be smug here and say I only ever use Paypal and have no problems, however the gits still haven't processed my order from Sunday yet 😀
My Paypal is linked by DD to my bank account, which I assume is more secure anyway, harder to set up fraudulent DDs than use a card number I guess?
One downside, it does make it very easy to spend money 😀
Same here...
I ordered on the 26th Feb and sure enough 2 O2 vouchers totalling £30 have been paid for using my card.
My bank card has been cancelled and new ones are in the post. I've also got a fraud claim form to fill in too.
jim what size you after? we got a random set in...
😀 I'm after a size 46 - I was in yer shop last week actually buying women's shorts and grease (don't ask) but didn't think to check. I bought a pair of Am40's in size 47 from the coop sale but they are too big in use, they do have a 46 in but they now want £80 for them and I'm too tight, my mistake buying the wrong size obviously but hey I only have so much money to spend on fugly shoes 😆
ah i think we got some 44's.
yeah i did get a report from the team about a tall guy buying ladies clothes and lube etc. It's not something we like to encourage...
I have emailed 'singletrack' about this but one thing I do feel that magazines don't do is champion 'consumer rights' in any way.
I will bet you 2 O2 cards they will mention nothing in anyway detrimental to CRC!
Why i use a pay as you go credit card. It's an arse sometimes when you need to buy something straight away but you have to pop into a shop to load it up first. But rather have that tiny bit of hastle over having to wait on the bank to sort out a refund and wait for a new card
I used the voucher.
My money has been refunded by the bank. Didn't seem interested when I told them where the security floor was (HSBC).
MM
ah i think we got some 44's.yeah i did get a report from the team about a tall guy buying ladies clothes and lube etc. It's not something we like to encourage...
doh. It's the 21st century and I'll wear what I want :o)
Ordered some bits from CRC last week not using a voucher and had £100 taken from my account yesterday by lbb parking. Amount has been refunded by the bank and card cancelled.
heres a hypothetical question for you, if I now used CRC, knowing about this risk and having contributed to this thread and I suffered fraud on the card as a result, when Im speaking with my bank to sort it and if I mention this thread could there then be an issue because technically I knew about it before placing the order so put the card at risk myself?
I need some XTR compatable Middleburn chainrings and CRC is by far the cheapest but I don't fancy risking them at the moment
I use crc on a regular basis, done the only sensible thing and cancelled credit card, yea it's a pain in the arse but it is a NECESSARY SAFE GUARD until this is resolved.
heres a hypothetical question for you, if I now used CRC, knowing about this risk and having contributed to this thread and I suffered fraud on the card as a result, when Im speaking with my bank to sort it and if I mention this thread could there then be an issue because technically I knew about it before placing the order so put the card at risk myself?I need some XTR compatable Middleburn chainrings and CRC is by far the cheapest but I don't fancy risking them at the moment
I'd say no, you would not have any problems claiming against your CC company. You might want to use paypal instead though?
FWIW, I bought some bits at the end of February when I got the email voucher, and so far the bank account is okay.
Balls.
Used CRC last week and just checked my account.
Two £15 payments to o2 been put through today.
Card cancelled and money refunded.
Very interesting thread. I used CRC for the first time ever around 18 months ago and within a week or two, my credit card company called me up to ask if I'd bought Orange topup £10. I said "no" and they said that they'd suspected fraud (but not on my behalf, incidentally), cancelled the cards and sent new ones. They didn't give any details and I was left impressed - and mystified - that they'd managed to pick it up. I didn't link it with CRC at the time, but looking back and reading some of the posts here, it's one heck of a coincidence......
I have rung MBNA and informed their frued department that I believe this is the the source of the fraud and they are looking into.
When they rang me to say my card had been used I also told them of this thread - and that it appeared that a lot of CRC customers had been hit
Card company have suffered no loss as they pass the chargeback onto CRC who take on the chin and hope everyone keeps spending money with them.so the 'victim' - CRC - just writes off the cash and puts some better security in.
It'll be O2 etc that'll be taking the hit, not CRC AFAIK
02 would be able to cancel the top-ups wouldn't they?
02 would be able to cancel the top-ups wouldn't they?
I would have thought so but there's the John Lewis & other stuff too
although I suspect the top up is sold & used rather quickly
My cards been done today, used CRC in the last 2 weeks. Whoever used it has a sense of humour though, £54.99 on Norton Internet Security. Card canceled and they're trying to stop the transaction completing.
I used the voucher, £1700 Apple transaction! Might be a coincidence but there seems to be a lot of folk on here with the same problem.
Does anyone from CRC post on here? Would be nice if they commented, this thread has put me off using them for now.......
Was it just CRC, or have there been other reports?
A pisspoor response from CRC so far. Even if it's not their fault you think they'd put out some kind of official response to reassure customers.
I've just emailed CRC with a link to this thread, whether it'll do anything is a different matter!
I'd ignored this thread until I got a call from the bank yesterday...someone tried to spend £139 at tMobile using my card details. fortunately was rejected, but still had to cancel the card
Oh dear, I've been had too. 2 x O2 Prepay so far.
Sounds like best course of action is to cancel card 😈
someone from Bikeradar forum has spoken to CRC about this
Just spoke to chainreaction. They are aware of the situation and their security team are aware of the situation. Chainreaction does look like the platform for which the details have been stolen. I urge anyway who has used chainreaction to check their account or contact their bank immediatly.
just called mine to check. Unfortunately all the balance on the card is me 🙁
Told my mate about this as he shops with crc as well, £30 of o2 top ups done on his card the 8th. Glad i told him!
Add me to the list. Shopped with CRC a couple of weeks ago and someone has just attempted a £799 spend at John Lewis (online). MBNA spotted it and it was never auth'd. No cost to me, just hassle of new card and having to set up online servicing afresh.
Glad i'd already spotted this thread or i might have got quite paniced when they called today.
And another victim: £30 to O2 Prepay...
My bank called me the day after I used my card to buy a DVD from CRC last week, some topups and a kitchen! apparently.
Money refunded by bank and new cards, bit annoying though 🙁
Hi everyone,
Apologies for the delay in responding to the concerns you have expressed. We do take your comments very seriously and we understand the worry and frustration caused by credit card fraud. We would emphasise that the number of concerns brought to our attention is a tiny fraction of the number of transactions that we process on a daily basis, but no stone will be left unturned in our investigations.
Our own infrastructure is routinely and independently tested and we are confident that it is robust. We are working with industry experts including the card processing companies to identify possible causes both inside and outside the control of CRC.
We will update you with further information as and when we have it. In the meantime, if you are a customer of CRC and have been recently affected by any of the matters discussed, please contact us on +44 (0)2893343758 between 9am – 5.30pm or email enquiries@chainreactioncycles.com and we will be glad to help you.
The CRC Team
Just had an automated call claiming to be from Natwest, thought bit iffy so found their fraud number from their website and rung it, card on hold as over £2500 been taken off it inc pre pay vouchers etc and yes I placed a CRC order last week....(which took till today to turn up but thats a different matter)
Well done crccustomersupport for coming on here.
I've not been affected (touch wood) but it's good to see companies communicating with its customers.
btw I had a spate over 2 years of cards being cloned every few months. It was a royal pita and it turned out to be a national company (think parking at airports).
Crikey ... sounds like a very serious system breach there as there are simply too many people to have such coincidence.
Bet there are some rootkits being installed in the system which can be a major headache to remove ...
So, does this mean the I've inadvertently paid for the confused looking Thai bird that just been delivered in a CRC box? Should I feed and water her?
A friends now been done for 1.8k .........
Happy that CRC have made a statement but just wondering why they want us to mail them? Is it just so they can count how many have had it happen to them?
[quote=crccustomersupport]Our own infrastructure is routinely and independently tested and we are confident that it is robust.
Don't be so sure on that....
Add me to the list:
Had 2 messages on my phone from yesterday from my credit card company.
Brand new card I used for the 1st and only time at CRC and 4 attempts to buy mobile phones. One in America by a Mark P McConnell and some more from Car Phone Warehouse and Orange.
worrying thing is the messages were left at 2pm and 8pm and I called them at 5pm out of concern to check and was told there was no transactions other than the ones I had made.
I've mailed them, I think its worth it as it might help them establish a pattern if they know exactly which account holders got hit.
just mailed them and contacted cc provider as well.i'm also in the club .
I'm in the club too. Just been told about CRC security by my mrs' cooleague whose other half has also been done so Tom - thanks for the heads up. They tried taking £60 for Xbox live but luckily it didn't go through.
I placed an order on the 5th march , and again on the 8th for 52 pounds and 139 pounds respectively. HSBC phoned me 9th saying a marker had been placed on my account and a new card AND pin was on its way.
Interestingly, i have not used my mastercard since december until placing these orders..........
Possible co-incidence of course, but i thought i'd add my name to the list
If you mail them they respond with a duplicate of the message that told you to mail them. 😆
I've emailed them too.
Whether it proves the leak came from them, didn't come from them or points someone in a position to do somethng about it in the right direction, I don't know, but it can't do any harm I guess!
I posted this thread to a few mates last night. Low and behold, the only one who has used CRC in the past couple of weeks has had two £15 quid O2 prepay withdrawals within days of their initial purchase.
hmm.
Seeing this thread, it's obvious there is a problem. The aenemic CRC official statement doesn't put anyone at ease. I will not buy anything again from a company that isn't honest and open with its customers...plenty of other places to buy stuff from....
Hmmm, looks like I may* be in the club too 🙁
(*Of course it may just be coincidence)
Just got phoned by my card provider, card was tried to be registered at Tesco Online yesterday, not by me.
Card blocked, new one coming.
Bought a spanner from CRC on the 26/2/2011 with said card.
Stuff happens, but this seems a serious security breach, looks like they got everyones CC details that used the site in the last few weeks...
Bought some stuff on Monday payed via paypal, will I be OK
This has happened to me as well, fraudulent card use also immediately after using CRC for the first time in a while....
You should be, Tracey, only seems to be those using cards that get affected.
Tracy paypal will be OK, its only Credit Cards and Debit Cards that have been effected 😉
(Mr MC posting)
i wouldnt expect CRC to say anything that even hinted at admitting liability so they were bound to be non-committal.
In regards to police investigating, a genuine issue is; where does the offence occur? The investigating force would be the force that covered where the offence happened. If you were from bristol but got assaulted in liverpool, merseyside police would investigate. If you use your credit card in bristol on the internet to buy something from ireland, and your card has been fraudulently used by someone in central europe, and your card issuer (who becomes the victim when they refund your money) is a multinational, who investigates it?
Offences do occasionally get investigated and offenders prosecuted, as its usually not sophisticated tinterweb hacking but members of staff double swiping or just copying/memorising card details, usually in my personal (as a victim) and professional (as a police officer) experience in petrol stations. Which is why I NEVER use a debit card, if they scam my CC its Visa's money not mine and I dont have to fight for a refund. I suspect in CRC's case the offender [i]is[/i] internal.
I'm in the club too. CRC order on 26/2, three fraudulent transactions so far starting from 4th March...
I think Nationwide have heard about this. I bought something recently using a card I don't use very often. The card company have written to me and cancelled my card! I've not seen any suspect acvtivity at all.
Well I no longer feel left out.
Someone tried to buy £1700 worth of womens clothes on my Credit Card, no tester transaction.
Virgin declined it. Well done Virgin! New card on the way.
Yup, and another one here. £30 on O2 Prepay Slough. Or Sloog as the chap at Barclays fraud dept. pronounced it.
Or Sloog as the chap at [s]Barclays fraud dept[/s] Calcutta Call Co. pronounced it.
The question is, are CRC still allowing CC payments to go through? There is obviously a serious issue and it's only a case of a percentage of all orders at the moment as whoever is listening and intercepting the transactions can basically pick and choose from thousands. Just because a card hasn't been used fraudulently (yet) don't think your home and dry.
Surely CRC will piss less people off by removing direct payment for the time being and forcing them to go via PayPal than risk the higher amount of backlash disgruntled customers that have had their CC details stolen.
Social networks are a very powerful thing these days.
Social networks are a very powerful thing these days
If you're 9 👿
BTW, I've not had [i]any[/i] fraudulent transactions on my debit card despite using CRC regularly for years...
Who do I complain to?
BTW, I've not had any fraudulent transactions on my debit card despite using CRC regularly for years...
Send me your card details, I'll fix that for you... 😉
BTW, I've not had any fraudulent transactions on my debit card despite using CRC regularly for years...
As have many of us but the transactions in the last few weeks have been subject to fraud..... they've got a problem.
[i]Send me your card details, I'll fix that for you...[/i]
you'll buy something from CRC on his behalf 😉
Just been called by my CC company to say that 2 fraudulent payments of £15 to O2 have been charged to my account. The only transactions in the last month I've placed on there have been with CRC.
what might be of use to punters here is rather than a "I got done", maybe let us know when the last CRC transaction you made was.
I think we can make a link between CRC and the episodes of fraud, no matter what non-liable legalese BS anyone comes up with.
Maybe we can work out the window of the fraud so punters can hazard a guess as to whether their card might be compromised or not by having bought something from CRC within that window.
The indiciations are that it was a narrow window of fraud, possibly some kind of traffic intercept?, and not a whole historic transaction database that was raided.
shmuk - MemberSocial networks are a very powerful thing these days
If you're 9
What do you think forums are?
what might be of use to punters here is rather than a "I got done", maybe let us know when the last CRC transaction you made was.
Used them 3 times in the last month.
Fair enough - 1st March was my order date
Have you any idea what that would do to their cashflow? Are you seriously suggesting that they stop taking CC orders?elliott-20 - Member
The question is, are CRC still allowing CC payments to go through? There is obviously a serious issue and it's only a case of a percentage of all orders at the moment as whoever is listening and intercepting the transactions can basically pick and choose from thousands. Just because a card hasn't been used fraudulently (yet) don't think your home and dry.Surely CRC will piss less people off by removing direct payment for the time being and forcing them to go via PayPal than risk the higher amount of backlash disgruntled customers that have had their CC details stolen.
shmuk - Member
Social networks are a very powerful thing these daysIf you're 9
What do you think forums are?
Thank you BillOddie.
It seems some people don't know a social network when it's staring them in the face. Just because you don't use on MyFaceTweet doesn't mean hundreds or even thousands of CRC customers aren't either.
Another to add to the CRC woe list...
Bought a couple of things on Tuesday night - got a letter in the post from my bank this morning cancelling my card. To quote the young lady I spoke to (and she wouldn't actually mention company names) 'a recent purchase has led us to believe your account is comprimised so we are cancelling your card as a precaution'
Interpret that however you want...
In regards to police investigating, a genuine issue is; where does the offence occur?
CC Fraud investigation is handled by the banks, not police afaik. Only gets handed to police (fraud squad?) later if the bank gets enough evidence.
Saves the cops money, and leaves it up to the banks to decide how to balance cost of fraud prevention against cost of fraud liabilities.
Ordered via CRC on 27/2, didn't notice anything awry on my CC statement which arrived 2 days ago, but didn't pay attention to the statement date. Still waiting for the order though 🙁
My other CC was pwned recently after some chavs tried to spend 79p on it. Bank spotted it immediately. Had only ever been used twice! Replacement one with new number has not even been activated yet, and I have no intention of doing so until I need to use it. Hoping that I don't have 2 pwned CC now...
druidh - MemberHave you any idea what that would do to their cashflow? Are you seriously suggesting that they stop taking CC orders?
Perhaps, but the damaged caused by such an issue as this could have far wider repercussions. Besides, PayPal still takes credit card details even if you are not a member of PayPal. And with a PayPal CRC Branded page customers would feel less uncomfortable using the gateway.
Personally, within an instant of this of this issue arising I would have taken the online payment option offline. Paypal and Tel only, then routed the server for the listener and get it fixed asap rather than putting more customers at risk.
But hey, I suppose they can just keep letting it happen in the meantime and just let the credit card companies take the hit and clean up the mess, yes?
Paypal payment seems to have been safe for me so maybe that is the way to go 'till this is sorted.
[quote=elliott-20]then routed the server for the listener and get it fixed asap rather than putting more customers at risk.
You obviously don't work in IT.
It's not quite that simple. They might not know where the leak is to plug. If anything, during an attack, you wait a while and analyse what is happening. Logging everything as much as possible.
xiphon - MemberYou obviously don't work in IT.
Ha, not entirely, but I've had my fair share of server experience. Gathering data and looking for rogue scripts is one thing but the matter is the they are still putting customers details at risk.