CRC security issues?
http://www.bikeradar.com/forum/viewtopic.php?p=16801436#16801436Posted 8 years ago
Heads up –
Possible chain reaction security breach?couldashouldawouldaMember
This has cropped up on here every six months or so. After a spate of fraud I used to be V susiciously of CRC / Wiggle but it turned out to be a local BAA parking machine had a skimmer installed.
This was from the days I used to work in the CC IT world (a few years back). I seriously doubt CRC / Merlin / Wiggle etc (there were rumours about all of these) are allowed to store any CC info in the clear. All transactions are transferred to big name players : Worldpay etc.
Ultimatley, pay by Credit Card – you’ve got very little to worry about.
Your local petrol station is FAR FAR more likely to be skimming your details than a bike shop.Posted 8 years agoiain1775Member
CouldasouldaPosted 8 years ago
I’ve had card fraud tracked back to both amazon and a shell petrol station in the past
Both times it was known to mbna, I wasn’t the first
No idea in this case if there is genuine Crc link but thought I’d best just warn people in case I know alot of people got a voucher and used Crc last wrk so could be concerned
Druidh. Re: delayed payments, if you do these properly then you still don’ t need to hold the credit card details, world pay or whoever still handle it all, I’m building a site at the moment that does exactly this. Not saying that crc do, do this but they don’t have to.Posted 8 years agoMattEmulsionMember
I was called by HSBC fraud detection dept on Friday. £210 taken fraudulently, they then attempted a similar amount again which was then declined. I’d used the card for the first time at CRC a few days before.
Beej: nothing to do with dodgy vouchers.
Not proof in anyway, but I will be mentioning CRC when I speak to the fraud dept tomorrow.Posted 8 years agodirtbiker100Member
I took advantage of the CRC £10 voucher on monday, thursday two lots of £15 were taken out of my account for O2 prepay.
Could be coincidence but I was thinking it would be something online rather than having my card swiped. I’m by no means the only person being relieved of their money for O2 prepay in slough.
Debit card now blocked, money being refunded and new card being sent out.Posted 8 years ago
Druidh, they’re called deferred payments, and I think most of the major gateways support them now basically you send all the details to the gateway in the normal way and the transaction is authorised as usual but the gateway doesn’t actually put the payment until you send them notification that it should be paid. This has to be sent in a relatively short timescale though to stop you taking payments months after authorising them, I think the limit is in the order of a few weeks.Posted 8 years ago
Who holds the gateway?
The reason I’m asking is that we do a simple re-direct to WorldPay when the order is placed – and the customer has to just pay up-front. We never hold any card details (it’s illegal to do so in Scotland), whereas many of these other sites do hold them – to save the customer having to re-enter them each time.Posted 8 years ago
Druidh, worldpay is the payment gateway, you’ll need to go to their support site to see how it’s done on their system, it’s illegal for a site to hold cc details unless they are PCI complaint, something which is quite hard to get and potentially means you could be liable for loads of cash if a card is used fraudulently,Posted 8 years agodesboy3Member
Another order to CRC last week and like everyone else here had £30 of O2 top ups taken from my account and an attempt to send some form of online fax! Props to the bank for acting quickly, stopping the card and refunding the money. Also used the voucher and thought payment would be fairly secure using paypal!Posted 8 years agounklebuckSubscriber
If hundreds or even thousands of card details were harvested, I doubt that they’d test absolutly everyone they’d gathered.
This is only the 2nd time that an internet retailer has been the prime suspect for any fraud on my account, usually it’s petrol stations.
I can’t say for definite that my details got into the wrong hands via CRC, but there does appear to be a pattern emerging.
Bank have canceled my card and the fraud team have been prompted to call me tomorrow. 🙂Posted 8 years agomekaMember
Had a call from my CC on Fri. Suspect transaction, someone tried to buy something from Apple.
As I now live abroad and the locals don’t like CC, I only use this card online. I keep this card for bike stuff, so for the last year or so it has only been used for Wiggle and CRC.
Card canceled and new one on its way.Posted 8 years agoskinnysteelMember
Stocked up on brake pads last week using the voucher. Paid on a seldom used credit card. Call on Thursday from cc security re 2 x £20 Vodaphone top-ups, 2nd of which they refused. Card cancelled.Posted 8 years ago
Having read the above all seems very suspicious: as per BoardinBob would anyone at CRC care to comment?peajaySubscriber
Me too, bought some grips on CRC last week, Saturday morning credit card company phones me to say I have been diddled, 3 times £20 vodaphone top ups, £15 O2 top up and money to a charity in the US? Card cancelled and new one in the post, big thums up to mint for being on the ball!Posted 8 years ago
has anyone contacted crc about this?
in the light of them being ‘the worlds largest online bicycle retailer’ thats potentialy a lot of people scammed
thankfully i use paypal as i have ordered from them quite a bit latelyPosted 8 years agosniffMember
The snapper from bike radar… Snooping around the offices a few days ago….he’s got to be suspect number 1……Posted 8 years agoadam_hMember
Bought a few things off CRC over the past 2 weeks. First time used Paypal, second time used a combination of £10 off voucher, gift vouchers and Paypal. Don’t seem to have a dodgy transactions on my bank account.
and money to a charity in the US?
My gf had this a few months back, some family support charity in Texas 😕 Got the $20 back thoughPosted 8 years ago
The topic ‘CRC security issues?’ is closed to new replies.