Paypal payment seems to have been safe for me
My other card was pwned by the chavscum fraudsters just a couple of weeks ago. It was a new replacement card (same no., new 3digit code). Had *only* been used to book 1 hotel, and make 1 payment thru Paypal. In my eyes, that's a 50% chance that it was pwned c/o Paypal 😉
The card I used for CRC has no unexpected transactions, but there is a discrepancy of £259.49 between credit limit and available credit, after accounting for purchases and amount to pay from last statement. Watch this space... (I'll be watching the online card thingy at least daily).
CRC know there is no hole in their security but am sure they look into all these things regardless. The biggest security hole is the PC used to order. Servers have dedicated firewalls, secured networks, teams of IT people looking after them knowing what they are going etc. PCs have people using computers with no knowledge of security, surfing round the net and downloading stuff. All speculation, but if its anything related to the net, its by far most likely an issue with peoples PC...... Too many people visiting dodgy sites...
drldan - Member
CRC know there is no hole in their security but am sure they look into all these things regardless. The biggest security hole is the PC used to order. Servers have dedicated firewalls, secured networks, teams of IT people looking after them knowing what they are going etc. PCs have people using computers with no knowledge of security, surfing round the net and downloading stuff. All speculation, but if its anything related to the net, its by far most likely an issue with peoples PC...... Too many people visiting dodgy sites...
Right, so everybody who's CC's been blagged has an infected computer?
Pass the joint around, sounds like you've had one drag too many... 😯
drldan - so you join and your first post is defending CRC?
Do you work for them or have a financial interest in them not lsoign customers from this issue?
I can't believe that you think all of the above cases of fraud are coincidence or bad practice with peoples home pc's [not to mention the number of people sat behind corporate firewalls buying stuff].
Given them amoutn people on here buy from CRC there woudl be continuous allegations of this sort if it was individuals pc's being hacked at this rate.
Sorry, it's just not credible that so many people are having so many similar cases of fraud against them when the only known common factor is shopping at CRC.
Too many people visiting dodgy sites...
Obviously...
Too many people visiting dodgy sites....
Like Wiggle, Rutland Cycles, Evans... 😉
Did anybody bring some food along for the troll tonight?
well, he's given his real name and location in his profile so it shouldn't be too difficult to find out where he works 😉
Nobody would be *that* stupid to put northen Ireland would they? Oh, wait...
Does looking at bike porn count as dodgy? Hurrah we have a link, it's not CRC after all were just all dirty w...... 🙄
CRC know there is no hole in their security but am sure they look into all these things regardless. The biggest security hole is the PC used to order. Servers have dedicated firewalls, secured networks, teams of IT people looking after them knowing what they are going etc. PCs have people using computers with no knowledge of security, surfing round the net and downloading stuff. All speculation, but if its anything related to the net, its by far most likely an issue with peoples PC...... Too many people visiting dodgy sites...
Hhhmmm really?
It's incredible as we sit here now to realise that 10 years ago, ChainReactionCycles.com didn't exist. "Some of our rivals had started to get websites but most were difficult to use and did not seem up to the job." says Michael. We joined forces with bothers Simon and Daniel Loughlin, some friends from the race scene who were starting out on a project to build an ecommerce platform
Taken from [url= http://www.crcintense.com/index.php?option=com_content&view=article&id=225:25-years-of-chain-reaction-cycles&catid=1:news ]here[/url]
Co incidence?
Oh dear 🙄
I just found that ziggy, unblievable.
Daniel - I think you need to be aware that there is no such thing as 'knowing' your site is secure - only believing. In CRC's case it's obvious someone/group has gained access to site traffic and been able to extract card details from your data stream.
Coming on here with a lame insinuation that it's all down to the peopel shopping being hacked just throws any credibility CRC has out the window.
Are you speaking officially for CRC on this occasion?
what percentage of the people who have had issues with CRC have also used STW? Maybe there is a correlation there.
it's possible Quirrel but there are MAc users who've had problems and there isn't a similar 'I've got a virus' string of complaints from people who's cards have been done over?
its by far most likely an issue with peoples PC
And the Mac users?
EDIT - Yeah as above ^
The more I think about drldan's post the more angry I get - if his view is really an indication of what CRC are thinking about this issue - that there is no chance it's them - then it's probably also true that they are doing nothing beyond 'the norm' to either identify or shut down any possible security issues.
It really beggars belief that they think they can put their heads in the sand and hope it goes away - they'll just end up getting kicked in the arse.
wwaswas, I have been thinking exactly the same. I sincerely hope this isn't a case of buck passing.
Didn't stw get hacked and taken off the web a while back? Would think that every site is susceptable to hackers, though CRC do seem to be burying their heads in the sand (that said 2 friends of mine have bought recently with no problems from CRC)...the plot thickens.
sorry, that should be susceptible
Was going to order something earlier but not after seeing this thread, quick google reveals mtb, roadie and bmx forums all independently posting the same concerns, little bit too widespread to be chance I suspect.
Sorry, but I really can't believe that the real Daniel Loughlin would come on here, write that post AND leave those details in his profile.
I think someone is pulling STWs collective leg.
Should be easy enough for the Mods to find out though - if they can be arsed.
Daniel's post above is incredible... "I made it, therefore it is not the problem, therefore it must be your fault." FO. Edited to add unless the conspiracy theorists (meant in the most positive way) prove correct, of course!
I've just been building up a nice wishlist at CRC too... ah well.
Echo what druidh says though did seem all too easy, I would have a thought a web guru would know better..maybe it's somone from Wiggle kicking a wounded animal when down 😆
If that is really from Daniel Loughlin then he's an idiot. Less than a minutes googling reveals who he is and what interest he has. Surely someone actually working in the field wouldn't be that silly??
Didn't stw get hacked and taken off the web a while back?
Yup, STW got pwnd. LOL
Just got done - 02 prepay and vodafone - £50 in total. Also used CRC in the last two weeks. Clearly not a coincidence.
'Dan' appears to have edited his public info to remove his surname in the last ten minutes, I had assumed it was a troll up until that point, oh dear.
Didn't stw get hacked and taken off the web a while back?
[s][url= http://evilzone.org/about-us/ ]evilzone[/url] are back up and running. Those names look familiar as well.[/s]
My memory bad - wwas below has it. Also, sorry for contributing to hijack.
stw was hacked by a scriptkiddy - not sure 'evil zone' was ever involved other than as collateral damage when some of the mroe technical stw members took it down in revenge.
'funniest' bit of the whole situation was when the evilzone moderators had to start posting on a cobbled together stw site as their's was in pieces.
only positive thing to come out of it, from my perspective, was I got my name in the magazine...
Hmmm... This thread could be going AWOL soon.
What a complete T"""""R!!!
I got my card cloned. It was the only transaction on it. And was told by some rude women on CRC on the phone my internet security on my home PC was the reason i'd had my details obtained by a 3rd party.
When i advised i only use a PC from a multinational organisation with a multi million pound IT infastructure she ran out of things to say.
I would not even be annoyed about my card been cloned. The only thing that has annoyed me is her attitude towards me. It was plain rude. And now this arse treating his client base like monkeys.
CRC never getting a dime off me again,,,
I HOPE THEY FLOOD AGAIN!!
All this trouble with credit card fraud doesn't help when Chain Reaction send out your items with somebody else's invoice showing all their particulars!
I had to phone them direct today and tell them of the problem and explain that someone else has probably received their item with my invoice showing my particulars!
They apologised for the problem and blamed the warehouse staff, but that doesn't really help us all! 🙁
Hi Folks
We do not condone or support any attempt to influence the cycle community in any underhand way and we hope to give you as much honest, clear and accurate information as we can.
As our earlier statement says, we are taking this matter very seriously.
While we are confident that our systems are robust, we are taking nothing for granted and we have engaged with industry leading experts to fully investigate.
We will post updates as soon as we have more factual information.
We appreciate your understanding and support while we continue to investigate this issue.
Michael Cowan
CRC Senior Management
I went to a talk by someone from SOCO (Serious Organised Crime something) a while ago...apparently, the majority of incidents like this are caused not by criminals intercepting site traffic, but simply by them buying the details from a disgruntled, or underpaid, or greedy employee who has access to that kind of stuff. doesn't matter firewalls you have then
Twodogs - Member
I went to a talk by someone from SOCO (Serious Organised Crime something) a while ago...apparently, the majority of incidents like this are caused not by criminals intercepting site traffic, but simply by them buying the details from a disgruntled, or underpaid, or greedy employee who has access to that kind of stuff. doesn't matter firewalls you have then
Or a hacker gets contracted to do the dirty work. As I said in a previous post, don't assume their website was the entry point.
I’m coming in to this thread late, but had a letter from nationwide today. Called them up and someone has tried to spend £1 at an apple store. I used CRC Tuesday. ummm. Cancelled my card and luckily no money had been taken.
Lady at Nationwide said that CRC was the suspicious transaction. I think they know about a security breach... ? Perhaps.
Michael @ CRC
You have my sympathies at the position you as a company find yourselves in and I understand your stance but it has got to the point where people are starting to make their own conclusions. Above all I imagine that a lot of potential customers are not using your website until this matter is resolved.
The comments of drldan (AKA Daniel Loughlin before he changed his profile) are particularly unhelpful as he seems to be implying that all of the customers who have been victims of this fraud only have themselves to blame.
I hope you get to the bottom of this 'breach' and can issue a statement to set our minds at rest so that we can continue to spend money on shiny new bike bits.
It's ****ed things up big time for me. Missed card payments to the likes of Sky due to card being cancelled. I'd rather pay with sheets at my LBS than risk this shite again just to save a few quid.
Then to top it off I never made the link with CRC so shopped with them again when my new card came, so I'm going to have to cancel that one to be safe FFS !!!
And then some wisecrack blames the integrity of my firewall / antivirus !
Sadly this is all too common these days. I reckon that people will eventually go back to cash shopping and ride penny farthings with handlebar moustaches 🙂
I used the £10 chain reactions voucher last week and have been stung for £3.5k at John Lewis. I used my credit card....seems like using paypal would have saved me the aggrevation.
£3.5k
😯 😯 😯 😯
The scammers must have clocked up £10,000 by now?
You shouldn't worry too much about this kind of thing.
This kind of fraud has happened to me before (nothing to do with this example from CRC). I incurred charges too due for incurring an unauthorised overdraft thanks to the fraud removing funds I needed for legitimate debits, but got all funds back.
Banks don't like to shout about it, but you will be completely protected in these kinds of cases and will have your funds replaced/charges removed.
The banks are the ones that need to worry about this stuff, not consumers.
It's a fairly massive pain in the a55 tho isn't it? Getting your card cancelled etc...
The banks are the ones that need to worry about this stuff, not consumers.
All gets passed on to consumers at the end of the day. Wait, you don't think it comes of the bonuses do you?! 😉
Sure it all gets sorted and you get the money back, but it's a right hassle.
For the next week I now have to go the bank in person everytime I need cash.
Interesting that Mr Cowan didn't actually deny it was CRCs Daniel Loughlin who posted earlier.....
While we are confident that our systems are robust, we are taking nothing for granted and we have engaged with industry leading experts to fully investigate.
You may be confident, but I'm not having seen the number of people complaining about it on here and bike radar.
hhhhmmmm ... it happens too quick too soon to too many to say that their system is robust ...
Scenario one:
If someone has installed a rogue software in the system that is perfectly "legitimate" then no matter how good their system security is they are not going to find it.
Scenario two:
If their system is hacked then a sweep of their system will probably find it provided they employed the right specialist security experts. So I wonder who they are asking for help ... Clue why not ask those who writes security software?
[b]drldan[/b] AKA [b]Daniel Loughlin from ChainReactionCycles.com[/b] : CRC know there is no hole in their security but am sure they look into all these things regardless. The biggest security hole is the PC used to order. Servers have dedicated firewalls, secured networks, teams of IT people looking after them knowing what they are going etc. PCs have people using computers with no knowledge of security, surfing round the net and downloading stuff. All speculation, but if its anything related to the net, its by far most likely an issue with peoples PC...... Too many people visiting dodgy sites...
I am shocked by this patronising and bare-faced careless reply from a CRC owner.
Personally, I have a hardware and software firewall, along with a full and up to date internet security package, and am experienced in computer administration, and happy my computer is secure.
The number of people affected, and the commonality of the problem, points to Chain Reaction Cycles being compromised one way or the other.
Daniels comment means to me that CRC have not taken any steps to protect customers credit card details, and the problem therefore is still happening. I find this unbelievably careless, and will not be shopping at CRC again.
Just had my Card cancelled by the Bank and I purchased something from CRC last week!
I made the purchase from a PC in one of Finlands most secure Nuclear Power Stations as well. I wonder how CRC will explain this one away?
I made the purchase from a PC in one of Finlands most secure Nuclear Power Stations as well.
Cannot be that secure if they allow you to shop online from their facility.
...just saying.
I made the purchase from a PC in one of Finlands most secure Nuclear Power Stations as well. I wonder how CRC explain this one away?
thats a long way to go just to protect your credit card details, are you a Bond Villian?
[i]baldSpot - one of Finlands most secure Nuclear Power Stations as well[/i]
Homer, that you?
Fair play to Michael for coming on so quick and distancing himself from Daniel Loughlins comments.
This is a difficult time for CRC, it may be that they'll never find out what happened but, equally, people are expecting reassurances that changes have been made to prevent a reoccurrence (with , maybe, an admission there might be a CRC connection with all this) - not just random CRC staff creating logins so they can blame everyone else.
This wouldn't have happened if Andy@CRC was still here 😉
I still can't believe that's the Daniel Loughlin owner or CRC..... It would be a PR disaster for him to do something like that!! Just can't see it.
Cannot be that secure if they allow you to shop online from their facility....just saying.
your right, better tell the IT Dept. Thx.
[i]It would be a PR disaster for him to do something like that!! Just can't see it. [/i]
if it wasn't then I suspect;
1) Michael wouldn't have worded his response the way he did.
2) the user profile wouldn't have been amended
3) CRC would have denied it was him.
danger of letting a techie loose in a public arena...
Hi 7hz and others
I would like to make it clear that Daniel Loughlin/drlDan is neither an owner, shareholder or an employee of CRC. The comments of Drldan should not be attributed to CRC.
We at CRC remain focused on our investigations and as stated previously will provide more factual information as we have it.
Apologies for any confusion
Michael Cowan
CRC Senior Management
Thanks for clearing that up 😉
thanks for the clarification, Michael.
Michael @ CRC
I also have some sympathy. Keep us all informed and view it from the customers perspective - you may loose fewer customers that way in the long run.
You could also offer customers a 'CRC' credit card, then any fraud would be on that CRC credit card and therefore easy to spot/stop/refund. Just an idea.
A quick google shows that Daniel Loughlin is the managing director of Export Technologies who just happen to be the Ecommerce provider for CRC.
http://www.exporttechnologies.com/Clients.aspx
What a plank
Daniel Loughlin is MD of Export Technologies, who provide IRP - the e-commerce platform used by Chain Reaction. So I'm guessing it's a straight provider/customer relationship between him and CRC. So vested interests, but definitely not [i]representing[/i] CRC, as Michael @ CRC makes clear.
So you can smell the tension 😉
would be interesting to know if any of their other clients have similar issues - it would indicate a platform weakness if they were.
Daniel Loughlin - what a total plank.
Just how do you get to be an MD of a company and yet make such a schoolboy error by posting as you did. I would expect CRC to dump him like a hot turd.
So you can smell the tension 😉
+1 I can never understand what people like that think they're going to achieve by coming onto a forum and throwing a strop before they've solved the problem. I suppose if nothing else it gives an interesting insight into the 'management' approach used at Export Technologies. Maybe he needs to educate himself about the typical user profile on here and revise his communication strategy - a possible opening for some of the management consultants on here?
[url= http://site review of export technologies] http://www.sitejabber.com/reviews/www.exporttechnologies.com [/url]
Major LOL !!!
Ha ha, we need to check out the job pages on their website - soon there will be an opening for MD.
Finally this thread gets funny, very very funny !
We're assuming he's meaning "customers" - but what if he's pointing the finger at "people" in CRC?drldan - Member
All speculation, but if its anything related to the net, its by far most likely an issue with peoples PC...... Too many people visiting dodgy sites...
Something tells me that CRC might be looking for a new e-commerce platform partner....
I honestly can't believe that someone would do something so stupid, unless it's a troll with a wicked sense of humour...
Quality - thread of the week !
Hopefully customers will all get refunded by their CC companys in due course and we will look back and laugh at this outcome.
The working from Mike@CRC suggests to me that Dan is exactly who he seems to be - I'm pretty sure that Mike would have made absolutely clear that Dan was absolutely nothing to do with them and not connected in any way otherwise rather than the carefully worded statement about what Dan isn't.
I would like to make it clear that Daniel Loughlin/drlDan is neither an owner, shareholder or an employee of CRC. The comments of Drldan should not be attributed to CRC.
be interesting to see if golf forums are reporting similar issues with 'golf store europe' who use the same Export Technologies
Can't bring myself to check golfing forums though, life is far too short
I'm LOLing mostly at the amateur private investigators and speculators.
would indicate a platform weakness
Remember that server OS, webserver software (IIS, Apache) are also key targets for vulns, not just Windows desktops/laptops 😉 And that's before I'd start blaming CRC or their E-commerce software supplier.
CRC is not the first, and won't be the last. Lush got taken out recently... TWICE! and given that they took their entire website offline, I'd speculate that they got hit by an OS or Webserver zero-day vuln rather than their e-commerce s/w.
Still checking my CC a/c...
Oh and that's another vuln 😉 I registered my CC for online banking last night. Only needed CC no., name as written on the front, etc. If a fraudster has my card details they can verify them online directly with my bank. Then go make a purchase, and they have a few days before my bank sends me the authorisation code by snail-mail.
andytherocketeer - sorry, I was bundling the whole app/db server architecture into 'platform' - it's unlikely that the Ecommerce supplier installs a complete different os/db/etc with each implementation.
If other clients of theres were suffering a similar level of fraud it woudl indicate a generic weakness somewhere in the implementation allowing an external person to access sensitive data rather than actions by an 'insider' at CRC (which has also been suggested).
I made the purchase from a PC in one of Finlands most secure Nuclear Power Stations as well.
I'm quite concerned about the unsecure nuclear power stations in a country with such a high suicide rate!
I'm quite concerned about the unsecure nuclear power stations in a country with such a high suicide rate!I'm quite concerned about the unsecure nuclear power stations in a country with such a high suicide rate!
No need to worry! - I just made that bit up 🙂
'e-commerce platform' generally means the whole bundle - network, OS, hardware, and application software on top.
Judging by the length of time (a month or so?) that the attack has happened, not just a single short sharp attack, I would lean towards inside job.
Perhaps one of the IT staff, who has access to the data?
Pure speculation of course...
I got stung for 2 O2 top-up card payments on Saturday. Contacted the bank and the money has been refunded. It is just a pain in the arse, new card not here until Monday/Tuesday next week. I do feel a level of sympathy towards CRC. However, it does cloud my confidence with paying for stuff online, which I do a lot of. I needed more parts this morning, so just called and placed my order over the phone. Maybe Niavely, I have assumed they wouldn't use their online system to process the card details rather than directly with the card system?
Niavely, I have assumed they wouldn't use their online system to process the card details rather than directly with the card system?
Your details (name, address, CC, email, etc) would be stored in a database.
The same one used for payment processing 😉
[i]name, address, CC, email, etc[/i]
it's becoming quite unusual to store CC details locally - mostly you just setup the card for continuing auth with the acquirer and store a ref number locally - when you want to take further payment from the same card you just say '£10 from the card with ref abc123, please' and they deal with the rest of the transaction with the bank.