Dellphinus

Discover card offers one time use numbers as well, either via browser plugin or downloaded app.

George

I wrote to PBK yesterday and they replied this morning and they said they are going to find out what is going on. I hope they reply here. Let's see what happens. I've been ordering things from them for quit a while and never had a problem.

jeebusaurousrex

Same thing happened to me about a month ago. The fraud started with a $0.99 iTunes charge (presumably to check if the credit card was still active/good) and then snowballed into much larger purchases. My bank actually contacted me immediately and I canceled the card. They took off the charges.

I didn't realize this was due to PBK, but since finding out, I've been hesitant to order anything from them.

mcoomer

If word gets around and folks quit buying from them I guarantee that they'll make an effort to clean this problem up. Whether it's them or their processor doesn't matter to me. I'm dealing with PBK and if they can't ensure the security of my transaction then I'm going to place the blame squarely on them and take my business elsewhere.

Mike

intence

I'm not hesitatnt, i'm just going to be *religious* about one-time use numbers

Mark McCance

In response to the numerous postings on this thread. I would like to respond as the Commercial Director of ProBikeKit.com about the security measures we have in place to safeguard the payment details of our customers. It is clear that credit card fraud is increasing both off line and online and the nature of the crime can make it difficult to determine where the source of the fraud originated.

I would like to reassure customers that ProBikeKit.com operates to the highest standards of data security and to help our customers understand the security measures in place it is worth explaining what happens and who is involved when customers place an order with ProBikeKit.com

1. Basket Page to Address Details Page

When you decide to take your basket to the checkout you will enter your address details on a webpage which communicates with the ProBikeKit server in a secure encrypted link. The encryption is 128 bit SSL which is the strongest commercially available encryption level and was previously developed for military applications by the USA.

There are 2 checks you can undertake to ensure this communication is encrypted. Firstly you will see that the address bar now shows and https:// at the start of the address rather than an https:// the "S" stands for secure. Secondly you can verify the independent certificate issued by USERTrust that guarantees the connection is secure and encrypted.

USERTrust is a governmentally licensed certification authority (CA) and trusted third party that generates SSL's certificates and digital ID certificates to companies conducting business on the Web. Your web browser can automatically check that a site's SSL certificate and public identification is valid and has been issued by a CA, such as USERTrust.

Your address data is held on secure dedicated servers located in the USA and it used for the sole purpose of fulfilling your order. We do NOT use shared servers and we do ensure that data transmitted to our warehouse is also sent via secure, maxmimum 128 bit strength SSL encryption. We do NOT and will NEVER sell, rent or give your data to any third party organisations for the purposes of marketing.

Please note at this stage no credit card information has been asked for.


2. Payment details

Once you have confirmed your address details you are asked to proceed to the payment processor. At this point you are directed to our payment service provider, Secpay. You are no longer on the ProBikeKit.com website, however the connection to their server remains secure and encrypted at 128 bit SSL. You will see the https:// remains in force and the URL changes to www.secpay.com. Again you can verify the security and encryption of the connection by clicking the padlock to see the SSL certificate provided by Thwate another governmentally licensed certification authority (CA).

Secpay is part of PayPoint.net a subsidiary of PayPoint which is a listed company on the FTSE (London Stock Exchange). As a listed company it is subject to higher levels of regulation and audit than non-listed companies.

As a payment server provider it is subject to regular PCI compliance audit to verify its data security and processes. PCI compliance is a global standard that applies to the processing of credit cards. PayPoint is a highly regarded and significant organisation in the credit card processing industry and is required to maintain level 1 compliance with PCI. This is the highest level of compliance required and to acheive it Secpay must pass the most stringent independent annual audit and is also subject to quarterly vulnerability checks.

To view the PCI tier 1 compliance certification follow this link:

https://www.paypoint.net/assets/downl...et_cert_08.pdf


3. Authorisation and confirmation of your identity

Having entered your payment card details one of two things will occur. If you are enrolled in the Verified By Visa or Mastercard Secure code schemes with your card issuer you will be shown a form provided by your issuing bank with a secure encrypted connection. Your card issuer will show you the transaction amount and ask you to confirm your identity by submitting your password which only you should know.

This ensures that you have authorised the transaction and provides ProBikeKit with certainty that the order is from you. This system is administered by Visa and Mastercard and is the online equivalent of chip and pin. For anybody shopping online and not enrolled with their card issuer for this service I would strongly urge them to do so to take advantage of the additional security it offers.

If the card is not enrolled in the Visa or Mastercard schemes, Secpay will still request authorisation from the card issuer for the funds and provided the funds are avaible the card issuer will return an authorisation code.


4. Transfer of Funds

Following our own fraud checking measures Secpay send valid transactions to our Merchant Services Bank to organise settlement from the various card issuers. We use Lloyds Cardnet as our merchant services provider, a division of Lloyds TSB and one of the the largest banking groups in the world. Settlement files are transmitted to card issuers in encrypted formats using the dedicated secure banking networks.


Actions taken

We take the concerns and comments on this thread very seriously and we have shared these views with our service providers, both Secpay (paypoint) and Lloyds Cardnet. ProBikeKit is an international business that sells worldwide and we are very confident in our payment processing providers and their data security. The comments on this post appear to be polarised around customers in the USA and reference has been made to a number of US based banks which have been highlighted to our service providers.

In order to establish whether there is a true pattern to these events and the relevance they may have to Probikekit. I would kindly request customers that have shopped with Probikekit and then been subject to a credit card fraud within 2 weeks of their order to contact Probikekit directly at admin @ probikekit.com with the name of their card issuing bank and location.

This would include card issuing banks that have automatically issued a new card on the grounds that an existing card has been compromised. I would also encourage cardholders who are informed by their card issuing bank that their details have been compromised to request further information from the card issuing bank about the exact nature of the compromise.

In the meantime PBK customers should be assured that payment security is an issue with the highest visibility at senior management levels and the business is founded on the principles of trust and honesty.

Mark McCance
Commercial Director
ProBikeKit.com
The Online On Road Experts

SaddleBags

Bank just notified me of fraudulent activity and deactivated my card after discussing the questionable transactions to the following:
CHECKCARD 04/24 WFM*BIKINI BOOTCAMP 866-3... $1.00

Glad I don't have to explain that one to my wife.

kwrides

It doesn't happen within 2 weeks. It takes more than a month.

Crast

Well, it depends. If the charges had gone through and shown up on my statement, I'd probably have to pay the bill for that month, then been credited in the following month. So at least temporarily, I'd be out several hundred dollars while the dispute was going through. By having the transactions blocked entirely, this saved me that hassle.

haimtoeg

I've been hit twice after buying from PBK, once through the itunes scheme and the other was an attempt to buy bicycle merchandise in the UK at a shop called halfords or something. Both were caught by Chase and the cards replaced.

linux_author

you would think so, but this is not the case... Visa and MasterCard still allow purchases/transactions from many 'processors' using only name and card number - in some cases, no expiration or 'security code' (the 3-digit code on the back of the card)

and yes, i have the same security password system on my MasterCard - only seems to be required for overseas transactions (Asia) and a few U.S. vendors - such as Newegg

even with those protections, i recently had to have a new card issued due to spurious charges...

mollusk

Interesting!

Today my debit card was "not authorized" at the local grocery store. I had just enough cash in my wallet to make my purchase and I investigated when I got home. My bank also thought that it was strange that there were Bikini Boot Camp charges on my card and shut down my card. I'm thinking that the "perps" test the card at this site before selling it.

BTW, I have no problem with PBK. The problem is upstream of them.

saxman

Add me to the list. Had fraudulent charges on my account after my order from PBK. Pretty sure it that transaction because the charges are from the UK. The bank actually caught it before I did and cancelled my card

patentcad

Sadly, PBK is too risky to buy from. They can't control the CC fraud.

asmallsol

One way to do it securely, is go to walmart, buy prepaid credit cards for ~ the amount your going to spend at PBK.

Val23708

is everyone having these problems sure their computers are clean? hundreds of millions of people (mostly using windows XP) have spyware on their computer that can be difficult to detect. since they are on the client system, they can log your keystrokes, thus circumventing SSL encryption.

there is a paper on the "torpig" botnet by researchers at UCSB that explains how credit card information is mined from peoples computers.

audioslavery

American Express anybody?
That was your first problem...
Can't beat their buyer protection services.
It's my only CC for that reason.
I have a backup VISA, but cmon, AMEX is the win.

dsellinger

If only PBK took amex...

audioslavery

Ah, that's tragic. I was planning to do my first PBK purchases soon here too.

Maybe Wiggle is okay, or Ribble?

gvg45

I have ordered from PBK in the past without any problems.

I just placed another order a few days ago. Unfortunately I will now have to keep on eye on my credit card activity. Theres always some a-s-s-hole(s) that have to ruin a good thing.

kwrides

You don't find it interesting that all of the people in this thread have done business with companies in the UK and subsequently had fradulent UK credit card charges?

FLvector

From what occured with my card and from what I'm reading, the buyer protection services have been working fine with many other credit cards. You receive a fraud alert, cancel the card, and no responsibility to you for payment. Just the hassle of the whole thing.

Are you saying AMEX has never had a breach? I had AMEX, but don't like paying to use their card when there are so many free ones available.

KRhea

Question:

I wasn't aware of the Paypal "secure card" feature until reading this thread. I to was hit with a fraudulent charge after ordering from the UK, Ribble.

My question is, I went through the Paypal plug-in to get it installed and when I got to the last part of the install, had picked my secure photo Paypal then asked for my SS# to complete the process and enable me to use their secure card system.
Did everyone else get asked for their SS# when going through this process???

Just want to be sure.

Thanks

KRhea

patentcad

But Marky, why would I do business with a place where my CC # gets compromised on the third order when years and years of orders from US based businesses like Colo Cyclist and Amazon result in no such incidents?

NOT worth it. Sorry.

dsellinger

Pcad as the anti-shill? Your just trying to keep the deals to yourself.