Touring - Nashbar Credit Card Fraud?

I just ordered about $150 worth of stuff from Nashbar, and I was pretty hesitant to hit the "Submit Order" button. Not sure if everyone is aware, but they've been having some pretty serious credit card issues. A lot of other forums on this site have threads detailing the issues. I wouldn't have used Nashbar, but I would've spent $75 more anywhere else. Has anyone else placed an order through Nashbar recently? I've seen a lot of complaints about fraudulent charges from purchases made 4-5 months ago, but I'm hoping (maybe naively) that they've been fixed by now?

This is probably a thread I should have posted before I submitted my order :(

As a long-time Nashbar customer, and as an ex-employee, I personally trust them. Like every other company that went to the net, they've had their issues. Nashbar has continued to impress me when there have been issues with anything (i.e., returns, warranties, credit card issues, etc.). Sure, Performance has owned them for many years, but Nashbar has stuck it out.

You can use a one-time card number from PayPal if you are unsure about clicking "submit" with another card. My card number (a PayPal Visa) was compromised but not used. I canceled and got another one. Just like I did when my credit union card was compromised. And yes, the issues have been fixed on their (Nashbar) end.

I jusr got my letter explaining verything and a 30% discount on my next order.
Look for the letter in the mail

I received my letter today from Nashbar. And I was one of the victims as a result of the stolen account information. My credit card linked to my checking account (debit Visa) was compromised back in late February (4 months ago). I was protected so nothing actually transpired even though some attempted fraudulent purchases were made. My bank issued me a new card. I have since ordered from Nashbar about $250 without incident.

I think it is odd that the letter just now showed up. It was very long and apologetic. I wish they would offer me a $1000 credit for my "grief and strife". LOL!

My credit card was compromised early this year after making purchases from Nashbar. Also, my email was hijacked at about the same time. Changing my email address was a pain in the ass.

I got my letter from Nashbar last week with a juicy 30% discount coupon but I'm probably going to pass. Too bad...I'm an old customer. Hell, I used to drive over there and buy stuff from the catalog right over the counter. I'm gonna miss 'em.

Like every other company that went to the net, they've had their issues.

I just wanted to point out that this is not true.

Plenty - plenty! - of companies have been doing business on the web without experiencing the problems Nashbar has. And what I've read of Nashbar/Performance's handling of this security breach seems to be abysmal - it took them weeks and weeks and weeks to figure out the problem, and even longer to notify customers.

I used to be a Nashbar customer.

I just wanted to point out that this is not true.

Plenty - plenty! - of companies have been doing business on the web without experiencing the problems Nashbar has. And what I've read of Nashbar/Performance's handling of this security breach seems to be abysmal - it took them weeks and weeks and weeks to figure out the problem, and even longer to notify customers.

I used to be a Nashbar customer.

Give me a break. Do you have any idea how tough it can be to find a leak or breach? It doesn't have to be outside criminals hacking into servers. It's usually some employee going through numbers or printing out a list of numbers. It can take months to trace the source of an information leak, especially to find out exactly what company had the leak in the first place. Trust me on this one, it takes 1 jack*** (usually disgruntled) to steal the info of 10,000's of customers. Usually those numbers are sold to, traded, or shared with others that start using them around the world.

Don't shop there if you don't want to, of course it's your choice, and I can't fault you for it at all.
People should be aware not to use any card for online purchases that are directly attached to their bank account.

Give me a break.

There are many, many companies who do business online who have not had the kinds of problems reported by Nashbar/Performance. Their security breach is large and was poorly handled.

I'm not saying they are worst people in the world, I'm just saying that saying that just because it happened to Nashbar doesn't mean it happens to all online merchants.

Give me a break. Do you have any idea how tough it can be to find a leak or breach?

C'mon! Nashbar knew they had a problem back in February or March. They lost 150,000 credit card numbers, not one or two. Now, four months after fraudulent charges appear on my credit card, they're sending me a letter to let me know about it? I'm sorry, but that just smacks of monumental incompetence on their part...

Give me a break. Do you have any idea how tough it can be to find a leak or breach?

Quite easy if you know what you're doing. Sure you want to have this discussion? :D:D

I don't blame Nashbar for having a leak, what I do blame them for is not coming clean. It was quite obvious they were having serious problems with their security for quite a while and it has only been in the past few weeks they have fessed up. I am sorry but that isn't the type of company I personally would chose to do business with. I got my little apology letter and coupon and it went straight into the trash. Sure I might spend a couple extra bucks elsewhere but my peace of mind has no price.

Quite easy if you know what you're doing. Sure you want to have this discussion? :D:D

Sure. :)

I don't know why everyone is so offended by these statements. Let's just say that I've been doing security work for some time and I might have a different opinion on that particular subject. Whether it's NBar or anyone else, nothing can be 100% secure from the inside. Of course I never said that it happens to "all online merchants", because that wouldn't be true. But all online companies have to deal with managing security, inside and out ... that's what I meant. It's just much tougher to do these days with everyone being online. And as I also said, shop there, don't shop there, everyone has their own decisions to make freely and without any judgment from me.

As for the "late notice" ... I'm sure that had a lot to do with deciding who was to blame for the actual leak and which company (Nashbar, Performance, the banks) was going to take the responsibility ... not good for business, I agree.

One can always use the catalog order forms & write a check.
Personally I pay cash whenever I can & don't use credit (dept) cards.

I had about $800 worth of fraudulent charges show up on what I now think was the Nashbar breach. Luckily I didn't get stuck with any of it. I've ordered from Nashbar since then. The last order was just an empty envelope. Nashbar replaced that order, but again the envelope arrived open. The orders came through separate shippers. Think I'm going to give someone else a try.

Hmmm. Back in June I saw some of the chatter about security troubles at Nashbar. I wrote them and e-mail and asked about paying with Pay Pal. A customer service person wrote back and said that they don't accept Pay Pal, and "as far as I know Bike Nashbar is a secure site". I was a little underwhelmed by that endorsement, so I shopped elsewhere.

Speedo

Hmmm, sure that Nashbar had some security issues but that will not stop me from shopping with them. Thanks to the coupon, the Brooks saddle is on. Years ago someone hijacked my number online to buy some crappy clothing in England. Just the other night it happened again with Apple products. I just got another card the next day. I can't be mad at any store in particular. As much as I hate thieves, I give credit to the crooks that know what they are doing.

I too did not appreciate a "compromised" notice 4 months after the event. I was traveling abroad and it cost me a huge amount of headaches. I've been a Nashbar customer for many years, but this one incident pretty much wiped any "savings" I've had thru buying from them.

So, not going to buy anything from them unless I absolutely have no other choice. I hate mail order anyway.

This kind of thing happens all the time, and it isn't just limited to online purchases.

Your CC number can be grabbed at almost any stage, including the point of sale. Often it's the credit card processor who gets hit, with much wider consequences, e.g. in 2005 one hack nabbed 40 million credit card numbers. One of the biggest CC thefts was from TJ Maxx and related clothing stores, for a total of 45 million CC numbers in 2003-2004.

I.e. it is illogical to specifically avoid Nashbar, since credit card fraud could happen at almost any time from almost any vendor, online or offline.

Mine was one of the CC's that was compromised, and the only inconvenience was waiting a few days for the new card.

MY CC company discovered the problem, and cancelled and fixed right away.

I just wish they would have included free shipping with the 30% offer - and I might have used it. Their shipping is attrociously high, and really turns me off!

They really didn't offer much for the problem they caused, which basically ammounted to a decent sale price on their stuff.

Too bad, too, because they usually have decent prices on stuff I don't really need!

I.e. it is illogical to specifically avoid Nashbar, since credit card fraud could happen at almost any time from almost any vendor, online or offline.

Right. And most vendors would notify their customers as soon as they knew they had a problem, rather than trying to sweep the problem under the rug for four months. The breach on my card happened well after they knew they might have a problem. Why not notify me pro-actively as soon as there's a sign of trouble, rather than letting me get ripped off? I understand that credit card fraud can happy to anyone and any company. Based on the way Nashbar handled their problem, I can only conclude that they are too stupid to be trusted with my credit card number in the future...