As title, really.
my mate got done last week,so no unless it's paypal mefinx.
Ordered last week and seems fine so far...
Why?
[img] 
[/img]
Been using paypal with them of late as dont want to risk it but everything I've ordered has taken a week to arrive, which is pretty crap compared to what they used to be like. May have in part blamed royal mail but after ordering items elsewhere and still receiving them before the items I ordered from CRC I dont think thats fair.
paypal here.
ordered yesterday and today. both despatched today.
Paypal on Tuesday at midday, paid Special Delivery and although they said it was despatched that afternoon, it didn't reach the mail centre until Wednesday evening. I politely complained, got no apology just a brief explanation, and they didn't offer to refund the postage as per the website, I had to send another email to ask. Not long ago it would have been with me the following day with the free postage.
And the item is faulty anyway, not their fault but reckon they should pay special delivery both ways to replace it personally, especially if standard post is taking up to a week.
No way!
I ordered a funn fatboy bar last week from crc and recieved the next day. Thought or probably assumed the hack issue had been sorted... er, I'll just log onto my bank account...
yep, fine so far.
I was done 12th March. Got an email from CRC saying they had found and fixed the vulnerability.
Wouldn't try CRC without PayPal though.
lbs for the win for me.
As the holder of a foreign credit card I thought (hoped) I might be resistant to the CRC fraud but I've been caught too now.
I've been away on business trip but just come back to a letter from my credit card provider telling me someone tried to make some purchases on the 6th April...
Looks like I'll be a paypal user in the future or shop elsewhere.
Always used paypal and never had any problems.
Ordered some stuff from both CRC and Wiggle on Thursday of last week, standard delivery, and both parcels turned up on Saturday.
spw3 - MemberI was done 12th March. Got an email from CRC saying they had found and fixed the vulnerability
thats interesting so what was the vulnerability, poor website security or dodgy employee??
Bought stuff on line on 24th March. Got a hefty clobbering of fraud that started with the 02 test around 16th April.
They have no class. Pizzahut, yuk. They've actually tried to get £1000+, successfully got about £300...
I'm really confused why anyone uses a credit card rather than paypal
i am still waiting for the CRC IT bod who slagged everyone off for downloading p0rn to apologise.
I havent used CRC since being done in March. And to be honest my business has gone elsewhere now and is unlikely to go back to them.
their customer service is total shite and there are many other options out there
kimbers have you ever been on the wrong side of paypal, i have and they are worse than a pitbull on heat then they try to take you to court in luxemburg?? for a £6 mess up which was their fault sorted its self out in the end but i had to do all the leg work, so happy to use the credit card my bank are far more helpful..
Yes - but only with paypal - which I have done.
Their public response to the whole issue was sluggish and pathetic. They never mentioned the issue on their website. They did not e mail all their recent customers. Someone who might be from their commerce solution supplier was stupidly offensive here. And Singletrack did not seem that concerned about the whole thing, which disappointed me. Even now, 2 days ago when my wife topped her phone up with O2, we got a security call from our CC.. again... They know how compromised we could be because of previous CRC purchases.
Merlin FTW, CRC only if no one else has it.
And as for their "private sale" 🙄
ordered two weeks ago..using my "fraud" voucher and paypal...
everything fine..
but delivery with royal mail took too long....used to be better...
just trying to decide what to get with my voucher, now that I have 2 new CC's.
50% chance that one of them was due to paypal, 100% chance that the other was CRC.
as for royal mail... well my last order took *weeks* to arrive. that eats right into Paypal 45day dispute window. Give me a CC and consumer credit act protection any day.
So has anyone used their cc for a crc purchase in the last few weeks? I don't Paypal, and crc have some wheels that would do me nicely! I did consider paying the extra hundred quid my lbs will charge me, but the usual totally disinterested manner just ment I couldn't bring myself to do it.
I used my cc the other day and no probs yet.
I'd say no. i had my card stopped as a precaution by HSBC last week. this is the third time on two different cards since christmas,coincidence?
wont use CRC now unless it would be really cutting my nose off to spite my face. they are shite.
Made 3 prchases with CC (From here in Egypt) in the last 2 weeks. I didn't know that there was a problem until reading this.
All orders arived within 2 days and no problems.
Should I be concerned? What is the best thing to do to prevent any issues?
CRC clearly know they have a problem so you'd think they'd shut the credit card payment section down and only accept Paypal until they resolve it all.
I think its pretty crap of them to keep accepting credit card numbers knowing that they may be nicked by the thieves who seem to have attacked their web site / credit card payment provider.
I won't be using my card with them until there is a statement from CRC that something has been fixed.
Used my card on 12th March with CRC and it was stopped last week after over £3k of suspicious activity was declined. The bank hinted the CRC transaction could be to blame so there's a decent time lag from details getting compromised until fraud attempts.
Very inconvenient. I've seen a few mentions of fraud vouchers - how were these issued? Did you have to alert CRC that you were a victim of card fraud, possibly through their siteq?
Received an update from CRC the other day:
"The independent forensic investigation has shown that our infrastructure was the target of a sophisticated attack which resulted in the theft of card details relating to a number of our customers. Details were being stolen 'real time' and only a small proportion of recent CRC customers were affected.
The access point of the theft has been identified and permanently closed off so we are confident that we have fully addressed any weakness in our infrastructure."
Just been onto the credit card company after they stopped my card. I use it a bit online but when I mentioned CRC they were aware of the problem.
Could have had my details for a while. Made a few orders since the start of March.
I'd still go down the paypal route and keep an eye on statements.
Phone call to day from the bank fraud office 🙁
attempts to purchase £15 of O2 vouchers and then £112 else where..
I last used chain reactions in December, looks like the theives are
still working their way thought the list they obtained.
Like others I used paypal last time. Next day delivery (which they still claimed when I ordered) seems to be a thing of the past - they actually managed to dispatch same day, but sent PF48, so not really much hope of next day delivery!
Had over £130 debited from my account and 36 attempts by someone to send faxes by MyFax.com.
Lloyds TSB have now said that all CRC payments are being treated as high risk.
Think this may be a big blow to the future of CRC....appreciate their staff maybe getting frustrated with all the calls from us complaining but they are the cause of the problem due to their lax security.
I certainly will not be using Chain Reaction Cycles again....especially after the poor quality of service and replies from the staff.
Lets hope that Wiggle, Merlin etc take note beef up their security and enjoy all the new customers at CRC expense.
I had £1400 ish taken over easter bank holiday, i told them i had used crc and they seemed aware of them. They are still investigating, me i expect!
Oh god, I just ordered some parts from them!
Just had a call from my CC provider as it may have been compromised. Card stopped, new one issued. Haven't used CRC since November last year.
It might not be CRC that is the problem - could be any manner of other transactions, but interesting nevertheless having missed the previous thread about it.
Called them this morning as I got done as well. Was told it's safe now, but will be using paypal from now on.
Been using them quite a bit but been using paypal to pay for things. Add and extra day or two on to usual arrival times etc but it's safer.
Add and extra day or two on to usual arrival times etc but it's safer
Because of using paypal? It shouldn't, as it's just as instant a form of payment as CC - people on ebay seem capable of getting stuff to me next day when I pay that way. What you're actually seeing is that CRC don't normally do next day delivery any more.
LBS for me too! Cheaper than CRC a lot of the time too... i buy all my stuff there so they value my biz. They also build great wheels too and are always happy to help if they ever need a quick "tweek"...A big up for good old Marshalls Cycles in Herts. I first went there cos of all the support they had given local racing. On line stuff might be easier in terms of delivery etc but if it goes wrong like some of those guys have, its a nightmare!!
CRC - Is it safe to start ordering again yet?
That's what I asked CRC after >£1000 attempted fraud on my card over easter. They haven't responded yet so I haven't used them again yet.
Ah - that explains why my bank cancelled my credit card a couple of weeks ago! No amount of pushing would get them to reveal the reason - but now I'm confident it was CRC that was the leak! Lucky my most recent order went to Wiggle instead...
what I can't figure out is that if the extent of the fraud is really this bad (which it appears to be) then CRC's merchant acquirers will be looking to CRC to refund the fraud loss. It usually works that way - the banks always look back to the merchant - especially in this case where CRC's total lack of control and non-compliance with PCI-DSS has been admitted.
I reckon:
1. prices will go up at CRC to cover a few extra %age points on txn fees
2, or CRC's insurers will be hit hard for the fraud loss - resulting in higher charges
3, or CRC will go bust when the banks try to recover the fraud loss amount.
Paypal here
had a load of hassle with debit card
never again 🙁
DO NOT USE CRC!!!
I just used them on Saturday last week. It was a debit card i had never used before and the next day £400 was taken and then £250 on the monday. Cleaned out my current account.
It had to have been CRC because the fraud was in sterling and I havent purchased anything else that would have been in sterling. All my other transactions are in Euro.
Be careful. Paypal only in future.
Arrrrggghhh, I figured it must be fine now, I just placed an order earlier with my CC, I will keep an eye on my statement and will see what happens!
ohhhhhhhhhhhhhh. that explains it. not been on here for ages so not seen anything about crc probs. It would explain the attempted £3k on my card just after I bought some stuff a few weeks ago. Thank you for the unintentional help!
what are you finding bez? and how did you find someones password? thats scary.
Had my card done again but this tome it wasn't CRC as been using paypal.
Have you let them know what you've found? Personally I think that trading whilst knowingly putting your customers at risk is a kind of fraud in itself.
Hi bez
Can you drop me an email to Michael@chainreactioncycles.com
With the regards to forgotten password feature, regardless of any on screen messge, the website will only email the password to the email address associated to that password. Therefore you can only use this feature to retrieve a password if you also have access to the email
Drop me a mail anyway and we can discuss further.
Thanks
Michael
Sounds worrying if Bez is right....
I hoped it was ok by now so used my card with them last week, will be keeping an eye out.... I had the 2x£15 O2 voucher fraud on my debit card a few months ago, can't be sure it was CRC. Real pita but bank sorted it with minimal fuss.
Bez, it can only be foolish posting such stuff on an open forum.
First, you may be wrong.
Second, you should be contacting CRC first instead of publicizing an exploitable weakness to everyone (if you are right, and I have my doubts).
I'd suggest the mods should take this thread down in case Bez is right and is publicizing an exploit.
As I said, the instructions are on CRC's own site. I've said nothing that fills in any blanks.
I would add my concern to CRC. Great company, great price, GREAT GAFF ! I got contacted by my bank about unusual activity. My money was save by the bank (god knows why I should praise those crooks !) and the fact that the card details taken did not get by the sounds of it the last 3 digits on the back. Again these details are store with CRC and recent purchases point to CRC. The bank stop the card. But I must admit I need to check now what other details CRC have !
DO NOT USE CRC!!!Be careful. Paypal only in future.
Bit contradictory there?
I've used CRC for years with only this little hicup - with the exception of the hacking their shop and staff have always been good and much better than most LBS' in my area. Granted I've not been scammed for large quantities yet but I've now changed the way I online shop
I used paypal fortunately, since they haven't yet dispatched my order of 31 March and then tried to ask for more money to do so. My suggestions that they were in breach of distance selling regulations by hanging onto my cash and my goods were just ignored, they gave me a revised date that has come and gone and they didn't bother replying to my last posting on the paypal dispute.
So we've moved to a claim....
I've received a reply from Michael at CRC and they are on the case. Indeed I've checked back on the website and the specific vulnerability I tested has now been removed.
I'll remind everyone else of one important thing in Internet security. [b]Do not reuse login pairs of username/password or email address/password.[/b] Ideally do not reuse passwords at all, especially for important logins such as your email accounts or anything financial.
I should perhaps add that I have been a regular customer with CRC for a number of years and have had no significant issues with their service in that time, in fact on occasions it has been excellent.
I had the 2x£15 O2 voucher fraud on my debit card a few months ago
It may be a coincidence but my bank highlighted O2 top ups as one of the declined items as well.
Sounds like some free consultancy there Bez, surely worth some CRC vouchers 🙂
The O2 thing is very common, loads of threads on it. I believe it is how they test they have a valid card number, before they try a major fraud
So is it now safe to use CRC? I've been avoiding them for a while, but need to get some tyres.
Wish i looked on STW before i ordered from crc last night- bank just called to say that someone has cloned my card and now the account is frozen.
So no- its not safe....
Wow that is a nightmare.
This has been going on for what, 3 months now?
I haven't bought anything else from Chain Reaction since this incident (took me three changes of credit card!)
on the contrary, i ordered on monday [b]via paypal[/b] and my account hasnt been drained. item hasnt turned up yet either, but thats another matter 🙂
Ordered from Chain Reaction 23/5, unusual card activity started 3/6. Bother.