Your details (name, address, CC, email, etc) would be stored in a database.The same one used for payment processing
The card was a different card from the one I normally use for CRC payments. So, those new card details are now stored with them?
I also got done for two O2 payments, and have started the refund process. Will queue up at the counter today to get some weekend cash.
If there is a positive it is letting me physically see how much money I am handing to various people and companies over a weekend... silver lining?
Perhaps we should resort to using cheques.
Just adding one.
4.6 euros test transaction + ~400 euros tickets (to where I wonder)
charged on my card days after my CRC order.
Transactions blocked / card canceled
Maybe I should fly all the way there and pay up. I'd still be cheaper than buying locally. Damn...
Question - are people who have made purchases in the past few days still experiencing fraud or is it restricted to purchases from, say, before this week?
My last transaction before the fraud took place was at the end of February and the 2 fraudulant transactions took place on the 5th March.
Question - are people who have made purchases in the past few days still experiencing fraud or is it restricted to purchases from, say, before this week?
Just phoned my credit card company after buying some stuff on Monday (turned up Wednesday with the free delivery option, very pleased with service and price, gift vouchers welcome etc 😉 ). No further transactions on my card but I'm guessing that this is only happening to a small percentage.
Off to buy a rear light this afternoon... from my LBS.
My last transaction was tuesday.
Card cancelled following morning by the bank. The inference from my last post was that the bank cancelled the card not because of any actual attemps to take money on it, but because by using a 'certain retailer' it was comprimised. So I take it that the banks have this as an issue even if the 'retailer' doesn't.
Oh and by the way, bank-girl on the phone, answering my very specific question, said that they have had multiple CC fraud attempts in the past few days, the common denominator almost always being CRC. She sounded really puzzled and asked me what is this chain reaction; I told her the truth: it's a facility for recycling and reselling second hand nuclear weapons for DIY terrorist attacks. Her mild response to the joke probably shows a better sense of humour than mine.
My last transaction was 26th Feb & the dodgy payments were taken yesterday (10/3/11).
Card cancelled yesterday. Annoyingly I need it to pay the balance on a pro 2 evo wheelset from 18bikes (when they get them delivered). I'll be avoiding CRC until I'm satisfied that they've plugged the hole.
ooooh just spotted this
£350 attempted transaction on nespresso.com, allerted by bank
i don't feel so paranoid now.
[Dons deerstalker hat]
hmmm, so lets assess the known facts eh? build up an image of the scoundrel..
Just got done - 02 prepay and vodafone - £50 in total
Called them up and someone has tried to spend £1 at an apple store
have been stung for £3.5k at John Lewis
I still can't believe that's the Daniel Loughlin owner or CRC..... It would be a PR disaster for him to do something like that!! Just can't see it.
From this we can deduce that we're dealing with a fellow who:
a) likes to chat
2) enjoys the cheaper bits of apples - shall we presume a working knowledge of these new fangled apps?
iii) frequents the "classier" range of department store
fore) is a master of disguise / disinformation / foreign accents
I suggest it's not too far a leap to presume that this man is primarily a motorist, maximising the schadenfreude potential of his crime by targeting his nemeses. a white van man? a bus driver? lorry driver? or.. taxi driver?
Find the man who fulfils these criteria and you, STW, have your villain:
[img] 
[/img]
book 'im Danno!
[lights pipe, splutters away into the sunset]
£350 attempted transaction on nespresso.com, allerted by bank
bah! a red herring. the culprit thirsts only for tiffin
If all this is true then somebody wants owning with a warehouse full of Bombers.
Nespresso is a bit 'niche' isn't it?
I keep laughing out loud to myself at Daniel Loughlin's post combined with putting his name and location in his profile.
Either I'm about to be sectioned or it really was an epic FAIL on a monstrous scale.
He really needs a STW award for total numptieness. Can we post this outcome to his company - they could frame it and give it to the new guy who takes over as a lesson in what not to do.
Looking on the bright side, once they've got this sorted CRC are going to have to offer some pretty stonking deals to get people going back to them 😀
Actually I think most people will still use them, its way too easy to spend money with them. CC or Paypal.
Wiggle had a similar issue a while ago, they are still going strong.
.
I posted about this on another (skiing based) forum, and someone said that their bank has proactively cancelled their card 3 days ago because
"They told me an online retailer I'd used had their database "compromised" so my details were no longer safe."
This and a few posts above makes me think that the whole thing is now a "known Issue" with chain reaction amongst the Banks, and CRC would do much better now to fess up. To say:
1) we know there is a genuine issue related to our customers
2) Our database of cards from ..... to .... (dates) has been compromised.
3) If you purchased from us using a CC during this time please check your transactions regularly
4) You may wish - if having a functioning credit card is vital to you in the next few weeks - to ask you bank to cancel your current ones and issue new ones.
5) we apologise and accept responsibility.
But I think we'll have to wait some time for that, let alone a mention of it on their homepage, given that it seems this has been a known issue for a while now...
Not good management.
Just had a phonecall off Egg to say my card had been used fraudulently. Ordered off CRC earlier this week.
2 payments were as mentioned above - £1.01 to 02.
😡
Just had a call from Natwest and a card cancellation due to a £20 O2 phone card being bought this morning. Not used the card since buying my son a helmet from CRC a week and a half ago(Wasn't even for me!!). The woman on the end of the phone says my call was one of many linked to a certain bicycle shop today.
well, i got a call this morning, £1305 spent in John Lewis yesterday as i was leaving work...
the ONLY time i have used my CC in the last year was on CRC last week.
Another one here.
CC used on CRC last week. A couple of tesco top up testers & then a couple of large value transactions that failed to go through. new CC on the way. CC is only 1 month old.
Just happened to me, £15 tester to O2, caught it just in time with the card cancelled etc. CRC used last weekend also. I'll be queing with the rest for weekend cash.......
Based on the above - I think if I'd used a card there in the past 3 weeks I'd be getting a bit pro-active and cancelling it before it got used, it does just seem like a matter of time.
I got stung for £200, Crc will have to offer some pretty good deals to get me using them again. Used to get all my small bits from them if I needed them
For the weekend. But recently I've been using [url= http://www.biketart.com ]Biketart[/url] for all my small bits and it's always been delivered next day. Generally cheaper then crc too.
£15 O2 prepay here - blocked by Natwest thankfully.
I've emailed them in the past about their returns system sending out mass emails with 100+ other people's addresses in the 'To' field. Never got a response - obviously not a patch on snaffled CC details, but I perhaps should have taken that as my warning.
Just got off the phone to CRC (they called me) they have had a problem and will hopefully have it resolved next week. have a major fraud team involved..
Not good for them.
It'll take more than a £5-off-when-you-spend-more-than-500-quid voucher to get me risking them again. Very angry that they'd expose their customers to such lax security.
Spent £1000s with them over the years - they should have suspended ordering at the first sniff of a breach of security.
[i]they'd expose their customers to such lax security.[/i]
to be fair to them - without knowing how the data was obtained it's not clear that security was lax, just that it was inadequate. If they've followed industry 'best practice' and still got done then it's not necessarily their 'fault'.
Their reaction once they knew there was a problem is an issue though - if they've carried on acceptign card details knowing they were continuing to be compromised then that's unacceptable to say the least.
Maybe it's time to pay your LBS a visit. I did and they gave my boy a cake. 😀
In the time it took him to eat it they did get me sat on a Trek road bike that I now [b]NEED[/b] and offer me interest free over 12 months or a healthy discount for cash. I only went in for an £8 light!
I just hope they understand what a ballache it is to be without a credit card until christ-knows when. At the weekend too!
daver27 - MemberJust got off the phone to CRC (they called me) they have had a problem and will hopefully have it resolved next week. have a major fraud team involved..
Not good for them.
Would love to find out if my theories are correct.
Frankly I've got bored of keeping an eye on my CC account. I'm going to get through this weekend then cancel the card first thing on Monday. It expires soon anyway so it'll just pre-empt that by 3 months or so but I'm just not prepared to risk it and I don't always have access to be checking my CC account.
Going on holiday soon and the last thing I want is to be stranded abroad with no credit card for use in emergencies.
My monies gone back into my account today, just waiting on a new card now. Hoping it's here tomorrow, as I'm down to £4 and working tomorrow so can't make it to a bank!
I'm going to get through this weekend then cancel the card first thing on Monday
ditto - got a monthly payment about to go thru. will let it, then cancel it.
Going on holiday soon
my other (not CRC) card was pwned just before going away last month. fortunately the bank was slow enough at sending the card out that it arrived mid week while I was away, so was still within the "will be kept at the postoffice for 7 days" period when I got back.
That was already a new card, new 3digit code, and had ONLY been used with venere.com and paypal (once each).
PS am I the only one that's thought... "I wonder what I can buy and then deny all knowledge" ? 😉
I assume if you used Paypalto crc you are ok?
Someone from CRC called me today in response to an email I sent them yesterday. They said they were investigating but weren't sure it was definitely their issue. I suggested they take a look on here as the anecdotal evidence is pretty compelling! What did irritate me slightly was that the chap suggested using paypal in the future as it was more secure. I pointed out if you are a company that sells exclusively on the net all of the methods of payment should be secure really. Anyhoo, he has said he would let me know the results of their investigation and I will relay them on here. If you have been nobbled and haven't done so already, ping them an email.
used crc on Monday and no problems as yet so maybe they have already sorted the problem.
buy a new chain top up your o2 mobile buy loads of tat in john lewis and going on holiday to canada with a suit case full of ladies clothes could be on the cards.
I dint think much of this thread until this week when I got a call from hsbc and my card had been compromised!
Boo
Philfive if you read back through this thread you'll find people who have used them after you and got fraud on their card, so I'd say no. Keep a close eye on it or perhaps think of having a word with your bank, they seem to be aware of this problem now so may wish to replace it as a precaution.
I ordered from Chain Reaction on the 3rd. I have had two £15 O2 debits from my account on the 9th and the 10th - this issue is ongoing.
DO NOT BUY FROM CHAIN REACTION.
Following a CRC purchase about 2 weeks ago I have had the O2 test transactions hit my account. LTSB did a sterling job stopping them and contacting me. this doesn't change the fact that CRC have been too reticent in my opinion and having a new card is an almighty pain in the ass.
Not impressed at all, it will be a long time before I forget this experience and shop at CRC again.
Just caught up with all this, I'm glad I've not bought anything from them for ages. Unsure why they didn't switch to a Paypal merchant site unless they have quickly identified the issue/disgruntled employee and taken action already.
On the plus side, I now have a telephone number for CRC if I need to chase an order...
neninja - Member
A quick google shows that Daniel Loughlin is the managing director of Export Technologies who just happen to be the Ecommerce provider for CRC.http://www.exporttechnologies.com/Clients.aspx
What a plank
and
Posted 23 hours ago # Report-Postjonathan - Member
Daniel Loughlin is MD of Export Technologies, who provide IRP - the e-commerce platform used by Chain Reaction. So I'm guessing it's a straight provider/customer relationship between him and CRC. So vested interests, but definitely not representing CRC, as Michael @ CRC makes clear.So you can smell the tension
Class! Pure Class. New website and payment system in 2 years time for CRC then... 😀
Aarrgh. I have now joined the ever-growing ranks of people with suspicious transactions on their credit card, not that long after having used it to purchase something from CRC. What adds to the frustration is that I have now had to block the card, whilst working away from home and preferring to have back-up cards. Cue a strongly worded email...
If that is the real Daniel Loughlin that has posted in this thread and not someones idea of a joke, then to me that is the worse PR blunder possible.
Unforgivable, how to alienate your customers.
I too have recently used CRC and have been contacted by my credit card company who have cancelled my card. There was an attempt to spend £500 on my card in Canada and some smaller transactions. This has never happened to me before and there is now considerable evidence to suggest that it might be related to a breach of security at CRC. I will not use the site again until they have taken steps to prevent I happening again. Disappointing that there has been no official statement from them .....
Reading this, seems some of the banks have done quite well to spot these transactions and stop them, thankfully! I've had my card replaced and £20 refunded in 4 days, but my confidence in CRC has gone at the moment, I'm amazed they don't have some kind of statement or news item up on their homepage.
I used CRC approx 2 weeks ago and just had a call from my bank, they have stopped an attempted £15 O2 transaction. Looks like I won't be using CRC for a while.
What a way to introduce myself as a new member of a forum 😕
Just checked my accounts after making purchases through CRC and found €1500 of fraudulent transactions on the account. Two through sites called houra.fr and telemarket.fr and the other through Planet Libert(y) ? What I don't understand is that I have never shopped at these places before and so surely they would only deliver to the card holder's billing address? Bank has blocked my credit card for me. Wife is at the gendarmerie reporting the fraud. Have emailed CRC to let them know it has happened to me, too.
Anyaway hi from France 😛
Yes me too now, luckily I didnt see anything dodgy on my account when I first read this thread, but as a belt and braces measure, I cancelled the card that I used at CRC recently. Since then I was contacted my my bank to let me know that the old card had been attempted to be used to buy something for £400 from Harrods online. Thank god I cancelled that card so it wasnt an issue, hats off to my bank for keeping tabs on my accounts (Lloyds TSB). And CRC really need to stop trying to absolve themselves from responsibilty for this. I will be not using them in the near future.
whinge whinge whinge. CRC best site in the world bar none. stop looking at porn and debug your pcs
😆
wiggle pants
Another card cancelled 10 minutes ago after a phone call from CC company and new one to be issued next week. Guess what the common denominator is...?
My debit card was hacked last week after buying something from Chain Reaction. Found out yesterday when my current account was emptied of 1500.00 quid
DO NOT USE CHAIN REACTION
Another card cancelled 10 minutes ago after a phone call from CC company and new one to be issued next week. Guess what the common denominator is...?
we're all members on stw! maybe it's not crc afterall
Still not had any issues from my purchase just over a week ago, but decided not to use them today so went to another online retailer, sorry CRC 😕
Let's be scientific and find out [u]when[/u] CRC was hacked. [b]Everyone interested in this thread post the following:[/b]
1. My last CRC purchase date: [i]16/02/2011[/i]
2. Have I been affected?: [i]Don't know[/i]
27th Feb 2011
yes, a lot
note to self: dont use debit cards online again
1. My last CRC purchase date: 27/02/2011 (package still not arrived 👿 )
2. Have I been affected?: Probably not. (Used my card today to renew sub for something)
If you don't want to be hacked...
DO NOT USE THE CREDIT CARDS ON THE INTERNET 😉
Have used CRC 3 times in last fortnight, no card molestation 🙂
01/03 crc shiny bits happy with the service etc
08/03 hello were canceling your card someones topping phones up and trying to buy crap in john lewis.
Apart from tesco and home base crc was only place id used the card. Bank seemed to think that crc was a fraudulent transaction had to explain that id bought bike parts from them and theyre a real company.
27/2 & 9/3 - via Paypal from bank account
no issues
As a consequence of all this, I think I'm gonna stop using CRC.
I've known for a while that they were no longer the best value for money but was always too lazy to trawl the Internet for better prices.
However, after a few minutes browsing Rutlands Cycles and H&S Bike Discount GmbH, I've now saved 33% combined of my next 2 purchases.
I guess every cloud has a silver lining 🙂
So, Thank you fraudsters; in an ironic twist you have actually contributed to saving me money!
I need a new 8 speed chain for my work bike & CRC seem cheapest... Hopefully all sorted soon as I'm a big fan of CRC.
I'm no expert but could this be more to do with CRC's bank payment gateway provider rather than anything to do with their website?
Last purchase from CRC on 7th March - call from the credit card fraud dept earlier today - rogue £20 vodaphone payment.
Okay, I do not work for the company but for one time payment life time license get this ...
In light of all the security issues I would suggest you get [url= http://www.malwarebytes.org/ ]Malwarebytes Anti-malware[/url] if you are contemplating buying a security software. Worth the money IMO as I am also using it.
Check this finding from ...
[url= http://malwareresearchgroup.com/2011/03/beware-of-new-banking-trojan/ ]Banking Trojan[/url]
[url= http://malwareresearchgroup.com/category/malwareproducttesting/ ]MRG[/url]
Perhaps CRC might want to enlist their help ...
🙂
This must be a reportable news story by now. I haven't bothered to add up but there must be more than 100 people on STW alone who have been affected by this. Other internet forums are listing hundreds more people who have lost money. CRC are the worlds biggest online bike company. If this was linked to Amazon it would probably be all over the media by now.
I'm amazed that there is nothing on the CRC website about this, there is an obvious risk and to continue to take orders and expose customerrs to this risk is poor form. They will have alienated a lot of customers, both those who have lost money and those who have not.
Do you seriously think that they are going to put anything on the website which might stop customers parting with their money?franksinatra - Member
I'm amazed that there is nothing on the CRC website about this, there is an obvious risk and to continue to take orders and expose custoemrs to this risk id poor form. They will have alientated a lot of customers, both those who have lost money and those who hav no.
I've stopped spending money with them anyway! If this is as big as it seems, and a quick google shows that it may well be, they they should take CC ordering down until it is solved. Would gain a lot more trust that way.
There are reports on forums going back to Jan with people being called by CC companies and being told that they are cancelling their card because they have been used at CRC and the CC company regarded this as a risk then.
Their website has definitely been compromised for being an easy target since they do not have a dedicated IT security people. I bet the company that builds their website is also not well verse in IT security issue which is a no no for on-line retailing nowadays. It needs a whole pack including security which in the past was not that crucial if you have a "secure" server.
If I were them and can afford it then I would stop taking order now but instead ask customer to pay direct into their bank account for time being until they sort out their security problem.
They have been hit by the banking trojna described above.
Also CRC might even be blacklisted by bank due to their weak on-line security.
😮
p/s: I remember asking several on-line retailers how they store the CC information but they couldn't answer me so I decided to use prepaid voucher to pay online instead. You can buy prepaid voucher from WH Smith. A bit of hassle but worth avoiding headache.
Oh ya ... just browsed through the website of the company that builds CRC website and they really missed out on one thing ... security. Big time.
I'm no expert but could this be more to do with CRC's bank payment gateway provider rather than anything to do with their website?
Depends how their e-commerce platform is encrypting card details. Eitherway they will be in the sh!t with PCI.
EDIT Chewkw beat me to it with a better explaination 🙄
Sorry not had time to read all 10 pages of this thread so forgive me if its already been answered but. Is CRC safe if paying with paypal ?
Need to order a few bits & they are a damn sight cheaper than anywhere else i can find em.
Cheers 😀
bigsi - MemberSorry not had time to read all 10 pages of this thread so forgive me if its already been answered but. Is CRC safe if paying with paypal ?
Need to order a few bits & they are a damn sight cheaper than anywhere else i can find em.
Cheers
Whatever you do you must not link your purchase to your CC details which means your PayPal must not include your CC details as well. My view is that PayPal might be an extra layer of protection before the nasty gets to your CC.
To be absolutely safe I suggest you change your password on PayPal once you've made your purchase.