Panthers007

I'm provoking another theft to be sure it's Nashbar - then I'll go after them tooth & nail. But here is part of what I received after placing my invitation to prove Nashbar doesn't give a flying f***.

Thank you for your recent order with Nashbar.

Please contact our customer service department if you have any problems with this order. We can be reached at or by phone at 1-877-688-8600.

Please keep this copy of your order for your records.
Order Confirmation Number: 4000182841
Order Placed on: 3/31/09 5:06 AM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~

rsyb

Never trust a jolly fat man in a red velvet, fur trimmed suit!

esther-L

One of the credit card clearinghouses admitted they were hacked and had data stolen in January. I think they announced this news on Jan 20th, so that it wouldn't get much notice. My husband and I have had 3 credit cards compromised since Dec 25th. My bank's fraud detection department is awesome - 2 credit cards were with them, they took care of any disputed charges, and they notified us promptly about suspicious activity.
https://www.itworld.com/security/6329...ter-data-theft

quotes from that story:
"Merchants at about 250,000 locations, including retail stores, gas stations and hotels, use Heartland's services. Heartland does not know how long the hackers were able to steal credit card information or how many cards were affected. In recent months at least three credit-card processing companies, including Heartland, have been the victims of sophisticated criminal attacks resulting in millions of compromised payment cards. One of the other card processors, RBS WorldPay, lost data on 1.5 million customers. A third hack, at an unnamed payment processor, was disclosed last week."

Bizurke

I regularly have friends, clients, co workers, etc that blame a certain website or service for their identity theft. Though it is possible that nashbar has had a breach there are also many other factors to think of. First I ask them if they use wireless internet. If so do they have it encrypted? Even if the wifi is encrypted someone with a laptop, a little bit of time, and the know how (it's not that hard) can crack your encryption keys and take every single bit of data transferred on your network. In my opinion the most common place that identify theft takes pare is on home and public wireless hotspots. There is a lot of information out there on google if you want to look in to it more. For all of you that have had ID theft take place and do regularly use wifi then take some time to study better methods of security and ways to identify intruders. In this day in age someone can just drive by your house and steal all your information if you don't protect it.

joe_5700

I would say there are too many people chiming in for it to be a coincidence. I do business with very few online vendors. I have never had a single issue online ever, then I did business with Nashbar and my card gets compromised. Hmmm. Whether or not Nashbar is to blame remains to be seen, but I can tell you with 100% confidence that I will no longer be doing business with them. I will be paying a little extra from now on at my LBS with more peace of mind.

daredevil

I just received an order from Nashbar with no problem at all. I would guess those having trouble are a small percentage of their total business. That doesn't mean of course that I wouldn't be careful how I did business with them.

misterE0

Well, FWIW, I had my card info stolen last month and the guy was buying airline tickets all over europe. It was a big pain to deal with, but I did get everything back finally. I have purchased through nashbar as well, and many other online retailers. No clue who is responsible, but it wasn't fun.

idegen

Same thing happened to me a week or two ago on a card that I have pretty much only used for Nashbar and groceries at a local store.

kludger

I'm another person here who had used my credit card online with Performance and Nashbar (I bet most of us have), and I use a separate card just for online purchases, and last week I got a call from my credit card company with the fraudulent similarly described iTunes and VOIP charges, glad the credit card risk analysis system caught it and called me within 2 days of the charge (even though the total was <$20), and took care of it by closing the account and issuing a new one.

I bet it was these same bad guys and the Heartland compromise, although it sounds like iTunes needs a better system to authenticate their cards, the bad guys usually pick consistent places to use for the fraud that are least likely to catch them before they get the payout.

--John

Wake

Stolen card #'s can languish for a while before being used. I was hit for $1600 worth of DisneyWorld tickets on my corporate Amex card and I hadn't used the card at all for the previous TWO YEARS!

cs1

About a month after ordering a crankset from Nashbar someone tried to use my card for airline tickets. Fraud detector stopped them. In case anyone hasn't figured it out there's a huge trend here. Someone inside Nashbar is stealing or their system has been comprimised. Either way, that's very bad.

GaryBy

On the one hand, the banks do so much pattern analysis these days that I find it difficult to believe that they wouldn't detect a rash of thefts that all have a single online store in common. Perhaps the number of incidents involving this store is too small to trigger the banks' or credit card agencies' fraud systems, or else, as others have suggested, the problem is really with their processor.

On the other hand, a quick trip to their site leaves me unimpressed with their security. The checkout pages produce the "not all content is encrypted" message. Strictly speaking, that's not necessarily a problem. There's no technical reason to encrypt their logo image, for example. But it's a sign that they (or their web designer) didn't really care about doing a thorough job.

surfrider

Maybe I'm with the only bank that doesn't do pattern analysis (Chase/Washington Mutual), because the fraud wasn't caught until I opened my CC statement and saw the $600 in I-tunes charges ($50 & $100 chunks). When I called I went through the latest charges with a security guy, and he questioned if I really had bought round trip Manila-to-Hong Kong airline tickets. Might be time to change banks; the consolidation of Washington Mutual into Chase is proving to be a real f***-up.

Panthers007

I just received a form to fill out from my bank's fraud division. And a post-paid return envelope. I filled the form out, and it's on it's way back to the bank.

We shall see...

baldsue

Two of my credit card #s were stolen. The only two places I used both CCs were Nashbar and Niagara. I will no longer be doing business with either place.

Received some ugly ring in the mail today that was purchased by the thief. Supposedly I can expect an ugly piece of jewelry each month. The thief also purchased "How to make money on the internet" from Google, which is a monthly charge. Looks to me like the thief knows how to make money on the 'net.

I've been doing a lot more business with my LBS. I did one purchase with Performance and I'll be watching the new credit card to see if any fraud shows up on it. I've only used it at Performance, no where else.

Panthers007

You're the only one here who has mentioned Niagara - whereas the name 'Nashbar' has been the common thread throughout this. Including my case. Unless you're like me and enjoy setting traps, I'd avoid Nashbar but not Niagara Cycle Works. They have great stuff and cool prices. And since one of the owners came in when we were all complaining about how long it takes for them to ship, they are now delivering pretty much quickly. At least in my, and a few others who mentioned this, case.

If in your shoes, I'd mention 'Nashbar' to the banks that issued your stolen cards. I sure did.

baldsue

I'd be very happy to believe Niagara wasn't the source of the fraud. I liked them. I'll give them another chance, but Nashbar is dead to me especially since it seems to be the thief.

Anyone report to Nashbar their suspicions?

wahoonc

I had a card number skimmed too. Nashbar was the ONLY place it was used. The thief signed me up for Netflix Only reason I used that card was because my other two were dead in the water waiting on replacements, because they had been implicated in the Heartland massacre. So far this year I have had a total of 5 replacement cards. My company credit card has been compromised twice in 3 months. I suspect it is about time to go back to a cash only basis.

Aaron

StephenH

We're in the middle of trying to get stuff straighted out- apparently have a number of $1 purchases on the card, plus who knows what else. Wife bought stuff at Nashbar before Christmas, just now having stuff show up, so who knows if that's related.

EGUNWT

OK, yeah, I had that happen too.

They were the *only* thing I bought on that card.
The companies where my card had been used fraudulently all had my cell number, which I only gave to nashbar.

Since then, my card was used to purchase minutes on a shady skype-type service out of Germany, a NetFlix account, and some kind of grant place.

I'll not be dealing with Nashbar until they start doing paypal.

Panthers007

Perhaps we should circulate a Won't Shop Nashbar petition on this site - with permission from the admins - and notify Nashbar of it's existence. Then hit 'em with it.

Secure Your Servers - Or Goodbye!

baldsue

The question I have is how do we notify Nashbar? How do we get to the top, over the heads of the thieves? I'm afraid that if I contact customer service I'll be writing to the thief.

It's already Goodbye to Nashbar from me. I shall never purchase from them again no matter how good of deals might be had. And for that matter, I've bought my last bike part from Nashbar's cousin, Performance. There are plenty of other good, legit and fraud-free bike shops in cyberspace.

And my LBS seems happy to be getting so much more of my business. I've been having them order for me lately, instead of placing my orders online. Costs a bit more but I can afford to support my local bike shop.

But by all means, circulate a petition to boycott Nashbar. I'll sign it.

jgedwa

Is it possible that people at Nashbar are not aware of this thread? Sure would be nice of them to address it. Like owners or reps from Schwalbe, IRO, Niagra and others have done here on BF in the last few years. Seems like a good business would keep tabs on their customers' culture.

jim

EGUNWT

As someone in that line of work....

Yeah, it's not rocket science. It does take some planning and following guidelines, but it's not rocket science. This isn't unique and uncharted territory, it's something that happens millions of times a day that's getting screwed up.

wall

If youre reading this and not sure of your account....i say call your CC and verify acitivity


I purchased from NASHBAR a week ago on the 72 hr sale...didnt use my card before then for about a month and THERE ARE fraudulant charges on there.
I aint blaming Nashbar cuz who really knows...

My CC account is now closed.

Someone else can get their Skype, Acme and whateverelse crap they bought off some other sucker.