Collector Club's Credit Card processors a definite leak - check yours

[Paulbot]

I had my credit card details stolen. It was used by someone else from the day after BotCon non-attending registration. It's the first time my card details have ever been stolen, and it happened at the same time I used them on their site and had errors on their site, and drew a line between those dots.

I sent the Club a message and they have been using the information I could provide to investigate. I just wish I had taken a screenshot of the error message I saw when I submitted my order. They have been quite extensive in their emails about their investigations of my case.

I did decide not to order the Botcon set, the club exclusives or renew my membership.

[Hursticon]

It would be interesting to know if the issue has only occurred for those who sent emails or faxes of their credit cards. (Which I did, because I didn't want to miss out on the exclusives )

I didn't do that, I didn't feel comfortable doing it.

My card was ripped off that day after signing up, I guess I now know why.

Here's a pair of links to each site's discussion threads on the subject for those interested.

• TFW2005.com
• Seibertron.com

[robwin1974]

My credit card got hit - small purchase of $20 then two big ones - cancelled card and will need to raise a dispute for the other two. All happened on 4 Febrauary 2012

I tried to renew my membership and also buy over-run but it didnt go through and never bothered to re-try.

I suggest that before you cancel - print out your statements and confirm what monthly charges you have so you can re-link to your new card (i.e. foxtel, insurance, gym etc.)

For peace of mind, it may be worthwhile to cancel if you think you are at risk

[Quickstrike]

I've been checking my bank account everyday to see if the payment for Runabout had gone through (it has, hooray) and I haven't seen anything fishy yet.

Funpub have been horribly mishandling their ventures for both the franchises they utilise for business this year; I imagine that if enough fans make their issues known (As our US counterparts clearly often demonstrate) that Hasbro Corporate will surely be required to issue Funpub a "Please Explain" notice.

I don't keep up with GI Joe stuff. What happened there?

[Hursticon]

I don't keep up with GI Joe stuff. What happened there?

Neither do I but apparently, Funpub had set a certain date and place for the 2012 JoeCon; people paid for hotel bookings, flights and attendance fees (As you do) with plenty of time in advance.

Then, a weeks or so ago, Funpub decides to change both the venue and the date and you can imagine the complete cluster-f*** that ensued ; people have had to pay up to $300US on top of what they've already paid just to be able to attend, some were paying a difference of $100 just in local flights so I'd hate to be anyone International who's attending.

For interests sake, you can get a run down from Hisstank.com.
(Out of Funpub's control, I'm sure )

[UltraMarginal]

I would like to add, in FunPubs defence, there have been many instances in the last year where Credit card Data was hacked from very large companies, Playstation Live and Vodaphone are examples that quickly come to mind.

instances where a card has had an unauthorised purchase straight after dealings with FunPub may be just a coincidence,
I have never had an issue with my Credit card that I have used with them and I have sent them an email with my drivers licence and CC scan. which was for my first store purchase from them.

coincidences are not any form of proof.

[UltraMarginal]

FunPub have also made this statement.

[Hursticon]

FunPub have also made this statement.

The main gripe that many fans have had though is FunPub's mis-handling of the situation; the vast majority of people simply wish that FP would send out a membership-wide email to notify those who aren't necessarily an active member of the community, i.e. a member of a forum/fansite/Facebook/Twitter, that a large number of members have reported being the victims of CC fraud and that one should keep an eye on one's CC account.

Instead, FunPub have issued the following on their website/Facebook & Twitter (Via .PDF):

We have been receiving feedback that there has been a higher than
usual number of fraud complaints posted on online Transformers
forums.

While we have nothing to suggest that there was an issue with the TCC
and Fun Publications, we look into every concern that is sent to us. All
of your transactions are in a secure socket with the strongest encryption
available to any site on the web. If you have a specific concern about
any transaction with us, please use the “contact us” link located at the
bottom of the TCC page and provide us with as much information as
possible including:

1. The EXACT name of merchant as it is written on your statement.
2. Amount and date of suspect charge.
3. Bank your card is drawn on and if it is a debit or credit card.
4. Device and browser (and version) you used for your last payment
with us before you saw a fraudulent charge (ie, android phone,
computer, iphone, browser and version).
6. Were you on a public computer?
7. Were you on a public wi‐fi network?
8. If you were at home or work, what Internet provider did you use?
9. On your last transaction with us, did you receive any kind of error
message (card declined, 404 error, programming type error)? If you did
receive an error, how many times did you resubmit your information?

It is very difficult to track credit card fraud. With your help, we can see
if there are any parallels between those reporting an issue.

In order to better protect yourself, here are some guidelines:

Never log into a secure site from a public computer, public wi‐fi, or
through android/windows phones. Only use your mobile device on a
mobile app for transactions, never a browser. Turn off your bluetooth
and wi‐fi to prevent people from hacking your credit card information
from your phone/computer.

If you have a card that has an rfid chip, make sure your card is shielded
when not in use.

Always make sure you are using a secure socket (https://) for any login
that requires a password or a monetary transaction.

Never email your credit card information to anyone.

As should be common practice, on a regular basis, be sure to check your
statements and make note of any suspicious activity on your card. If you
see an unauthorized charge, turn it in to your bank or card company, the
charge will be reversed, they will issue a new card for you and the
security system in place will have done its job.

Please also take the time to read the attached article and research credit
card security. We are very aware that security concerns have risen
exponentially in the last couple years and we are doing our part to stay
ahead of the curve.

"Can Hackers Destroy the Internet?" - Forbes.com

I don't need to really say any more as all that needs to be said can be read here.
People are having their lives affected badly, so much so that a couple have had their rent payments bounce; the question has also been put forward - "What of the G.I. Joe members base?".

A massive, massive Public Relations Nightmare here.

[uteiki]

hey guys,

for those who have used their credit card on TFCC Drift & Runabout, please check your credit cards again. Mine was just ripped off yesterday on purchases on AT&T and some dating website??? Had a call this morning from my credit card company. I am pretty sure its because of the TFCC purchases.

And no i have never sent them a copy of my details for the past few years at all.

- dan

[1orion2many]

These people must have the worst security, Do they actually spend any money on their system