Another PBK credit card fraud incident...
#76
Senior Member
Join Date: Jun 2004
Location: Illinois (near St. Louis)
Posts: 852
Bikes: Specialized Expedition Sport, Surly LHT
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 4 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
Discover card offers one time use numbers as well, either via browser plugin or downloaded app.
#77
Senior Member
I wrote to PBK yesterday and they replied this morning and they said they are going to find out what is going on. I hope they reply here. Let's see what happens. I've been ordering things from them for quit a while and never had a problem.
__________________
George
George
#78
Senior Member
Join Date: Jan 2008
Location: Brooklyn
Posts: 850
Bikes: Schwinns
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 1 Time
in
1 Post
Same thing happened to me about a month ago. The fraud started with a $0.99 iTunes charge (presumably to check if the credit card was still active/good) and then snowballed into much larger purchases. My bank actually contacted me immediately and I canceled the card. They took off the charges.
I didn't realize this was due to PBK, but since finding out, I've been hesitant to order anything from them.
I didn't realize this was due to PBK, but since finding out, I've been hesitant to order anything from them.
#79
Rat Bastard
Join Date: Jul 2006
Location: Sammamish, WA
Posts: 1,504
Bikes: Cannondale Prophet, Specialized S-Works SL2, Specialized S-Works Stumpjumper
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Liked 0 Times
in
0 Posts
I think it's interesting that in our little world this has happened to so many people. If you extrapolate that out to the general riding population, I would think a LOT of people are getting hit. And yet the companies selling things refuse to acknowledge it's happening, even though they are not the problem.
Mike
#81
PBK Team
Join Date: Apr 2009
Location: Kendal UK
Posts: 1
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
ProBikeKit Response
In response to the numerous postings on this thread. I would like to respond as the Commercial Director of ProBikeKit.com about the security measures we have in place to safeguard the payment details of our customers. It is clear that credit card fraud is increasing both off line and online and the nature of the crime can make it difficult to determine where the source of the fraud originated.
I would like to reassure customers that ProBikeKit.com operates to the highest standards of data security and to help our customers understand the security measures in place it is worth explaining what happens and who is involved when customers place an order with ProBikeKit.com
1. Basket Page to Address Details Page
When you decide to take your basket to the checkout you will enter your address details on a webpage which communicates with the ProBikeKit server in a secure encrypted link. The encryption is 128 bit SSL which is the strongest commercially available encryption level and was previously developed for military applications by the USA.
There are 2 checks you can undertake to ensure this communication is encrypted. Firstly you will see that the address bar now shows and https:// at the start of the address rather than an https:// the "S" stands for secure. Secondly you can verify the independent certificate issued by USERTrust that guarantees the connection is secure and encrypted.
USERTrust is a governmentally licensed certification authority (CA) and trusted third party that generates SSL's certificates and digital ID certificates to companies conducting business on the Web. Your web browser can automatically check that a site's SSL certificate and public identification is valid and has been issued by a CA, such as USERTrust.
Your address data is held on secure dedicated servers located in the USA and it used for the sole purpose of fulfilling your order. We do NOT use shared servers and we do ensure that data transmitted to our warehouse is also sent via secure, maxmimum 128 bit strength SSL encryption. We do NOT and will NEVER sell, rent or give your data to any third party organisations for the purposes of marketing.
Please note at this stage no credit card information has been asked for.
2. Payment details
Once you have confirmed your address details you are asked to proceed to the payment processor. At this point you are directed to our payment service provider, Secpay. You are no longer on the ProBikeKit.com website, however the connection to their server remains secure and encrypted at 128 bit SSL. You will see the https:// remains in force and the URL changes to www.secpay.com. Again you can verify the security and encryption of the connection by clicking the padlock to see the SSL certificate provided by Thwate another governmentally licensed certification authority (CA).
Secpay is part of PayPoint.net a subsidiary of PayPoint which is a listed company on the FTSE (London Stock Exchange). As a listed company it is subject to higher levels of regulation and audit than non-listed companies.
As a payment server provider it is subject to regular PCI compliance audit to verify its data security and processes. PCI compliance is a global standard that applies to the processing of credit cards. PayPoint is a highly regarded and significant organisation in the credit card processing industry and is required to maintain level 1 compliance with PCI. This is the highest level of compliance required and to acheive it Secpay must pass the most stringent independent annual audit and is also subject to quarterly vulnerability checks.
To view the PCI tier 1 compliance certification follow this link:
https://www.paypoint.net/assets/downl...et_cert_08.pdf
3. Authorisation and confirmation of your identity
Having entered your payment card details one of two things will occur. If you are enrolled in the Verified By Visa or Mastercard Secure code schemes with your card issuer you will be shown a form provided by your issuing bank with a secure encrypted connection. Your card issuer will show you the transaction amount and ask you to confirm your identity by submitting your password which only you should know.
This ensures that you have authorised the transaction and provides ProBikeKit with certainty that the order is from you. This system is administered by Visa and Mastercard and is the online equivalent of chip and pin. For anybody shopping online and not enrolled with their card issuer for this service I would strongly urge them to do so to take advantage of the additional security it offers.
If the card is not enrolled in the Visa or Mastercard schemes, Secpay will still request authorisation from the card issuer for the funds and provided the funds are avaible the card issuer will return an authorisation code.
4. Transfer of Funds
Following our own fraud checking measures Secpay send valid transactions to our Merchant Services Bank to organise settlement from the various card issuers. We use Lloyds Cardnet as our merchant services provider, a division of Lloyds TSB and one of the the largest banking groups in the world. Settlement files are transmitted to card issuers in encrypted formats using the dedicated secure banking networks.
Actions taken
We take the concerns and comments on this thread very seriously and we have shared these views with our service providers, both Secpay (paypoint) and Lloyds Cardnet. ProBikeKit is an international business that sells worldwide and we are very confident in our payment processing providers and their data security. The comments on this post appear to be polarised around customers in the USA and reference has been made to a number of US based banks which have been highlighted to our service providers.
In order to establish whether there is a true pattern to these events and the relevance they may have to Probikekit. I would kindly request customers that have shopped with Probikekit and then been subject to a credit card fraud within 2 weeks of their order to contact Probikekit directly at admin @ probikekit.com with the name of their card issuing bank and location.
This would include card issuing banks that have automatically issued a new card on the grounds that an existing card has been compromised. I would also encourage cardholders who are informed by their card issuing bank that their details have been compromised to request further information from the card issuing bank about the exact nature of the compromise.
In the meantime PBK customers should be assured that payment security is an issue with the highest visibility at senior management levels and the business is founded on the principles of trust and honesty.
Mark McCance
Commercial Director
ProBikeKit.com
The Online On Road Experts
I would like to reassure customers that ProBikeKit.com operates to the highest standards of data security and to help our customers understand the security measures in place it is worth explaining what happens and who is involved when customers place an order with ProBikeKit.com
1. Basket Page to Address Details Page
When you decide to take your basket to the checkout you will enter your address details on a webpage which communicates with the ProBikeKit server in a secure encrypted link. The encryption is 128 bit SSL which is the strongest commercially available encryption level and was previously developed for military applications by the USA.
There are 2 checks you can undertake to ensure this communication is encrypted. Firstly you will see that the address bar now shows and https:// at the start of the address rather than an https:// the "S" stands for secure. Secondly you can verify the independent certificate issued by USERTrust that guarantees the connection is secure and encrypted.
USERTrust is a governmentally licensed certification authority (CA) and trusted third party that generates SSL's certificates and digital ID certificates to companies conducting business on the Web. Your web browser can automatically check that a site's SSL certificate and public identification is valid and has been issued by a CA, such as USERTrust.
Your address data is held on secure dedicated servers located in the USA and it used for the sole purpose of fulfilling your order. We do NOT use shared servers and we do ensure that data transmitted to our warehouse is also sent via secure, maxmimum 128 bit strength SSL encryption. We do NOT and will NEVER sell, rent or give your data to any third party organisations for the purposes of marketing.
Please note at this stage no credit card information has been asked for.
2. Payment details
Once you have confirmed your address details you are asked to proceed to the payment processor. At this point you are directed to our payment service provider, Secpay. You are no longer on the ProBikeKit.com website, however the connection to their server remains secure and encrypted at 128 bit SSL. You will see the https:// remains in force and the URL changes to www.secpay.com. Again you can verify the security and encryption of the connection by clicking the padlock to see the SSL certificate provided by Thwate another governmentally licensed certification authority (CA).
Secpay is part of PayPoint.net a subsidiary of PayPoint which is a listed company on the FTSE (London Stock Exchange). As a listed company it is subject to higher levels of regulation and audit than non-listed companies.
As a payment server provider it is subject to regular PCI compliance audit to verify its data security and processes. PCI compliance is a global standard that applies to the processing of credit cards. PayPoint is a highly regarded and significant organisation in the credit card processing industry and is required to maintain level 1 compliance with PCI. This is the highest level of compliance required and to acheive it Secpay must pass the most stringent independent annual audit and is also subject to quarterly vulnerability checks.
To view the PCI tier 1 compliance certification follow this link:
https://www.paypoint.net/assets/downl...et_cert_08.pdf
3. Authorisation and confirmation of your identity
Having entered your payment card details one of two things will occur. If you are enrolled in the Verified By Visa or Mastercard Secure code schemes with your card issuer you will be shown a form provided by your issuing bank with a secure encrypted connection. Your card issuer will show you the transaction amount and ask you to confirm your identity by submitting your password which only you should know.
This ensures that you have authorised the transaction and provides ProBikeKit with certainty that the order is from you. This system is administered by Visa and Mastercard and is the online equivalent of chip and pin. For anybody shopping online and not enrolled with their card issuer for this service I would strongly urge them to do so to take advantage of the additional security it offers.
If the card is not enrolled in the Visa or Mastercard schemes, Secpay will still request authorisation from the card issuer for the funds and provided the funds are avaible the card issuer will return an authorisation code.
4. Transfer of Funds
Following our own fraud checking measures Secpay send valid transactions to our Merchant Services Bank to organise settlement from the various card issuers. We use Lloyds Cardnet as our merchant services provider, a division of Lloyds TSB and one of the the largest banking groups in the world. Settlement files are transmitted to card issuers in encrypted formats using the dedicated secure banking networks.
Actions taken
We take the concerns and comments on this thread very seriously and we have shared these views with our service providers, both Secpay (paypoint) and Lloyds Cardnet. ProBikeKit is an international business that sells worldwide and we are very confident in our payment processing providers and their data security. The comments on this post appear to be polarised around customers in the USA and reference has been made to a number of US based banks which have been highlighted to our service providers.
In order to establish whether there is a true pattern to these events and the relevance they may have to Probikekit. I would kindly request customers that have shopped with Probikekit and then been subject to a credit card fraud within 2 weeks of their order to contact Probikekit directly at admin @ probikekit.com with the name of their card issuing bank and location.
This would include card issuing banks that have automatically issued a new card on the grounds that an existing card has been compromised. I would also encourage cardholders who are informed by their card issuing bank that their details have been compromised to request further information from the card issuing bank about the exact nature of the compromise.
In the meantime PBK customers should be assured that payment security is an issue with the highest visibility at senior management levels and the business is founded on the principles of trust and honesty.
Mark McCance
Commercial Director
ProBikeKit.com
The Online On Road Experts
#82
Just Peddlin' Along
Join Date: Jul 2005
Location: VA
Posts: 931
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 1 Time
in
1 Post
Bank just notified me of fraudulent activity and deactivated my card after discussing the questionable transactions to the following:
CHECKCARD 04/24 WFM*BIKINI BOOTCAMP 866-3... $1.00
Glad I don't have to explain that one to my wife.
CHECKCARD 04/24 WFM*BIKINI BOOTCAMP 866-3... $1.00
Glad I don't have to explain that one to my wife.
#83
Senior Member
Join Date: Nov 2006
Location: Houston, TX
Posts: 3,198
Bikes: 2007 Orbea Onix, 2007 Windsor The Hour, 2008 Kona Jake
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
In order to establish whether there is a true pattern to these events and the relevance they may have to Probikekit. I would kindly request customers that have shopped with Probikekit and then been subject to a credit card fraud within 2 weeks of their order to contact Probikekit directly at admin @ probikekit.com with the name of their card issuing bank and location.
This would include card issuing banks that have automatically issued a new card on the grounds that an existing card has been compromised. I would also encourage cardholders who are informed by their card issuing bank that their details have been compromised to request further information from the card issuing bank about the exact nature of the compromise.
In the meantime PBK customers should be assured that payment security is an issue with the highest visibility at senior management levels and the business is founded on the principles of trust and honesty.
Mark McCance
Commercial Director
ProBikeKit.com
The Online On Road Experts
Last edited by kwrides; 04-25-09 at 06:31 AM. Reason: make the point
#84
Senior Member
Join Date: Oct 2007
Location: Port Jefferson, NY
Posts: 469
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 1 Time
in
1 Post
Well, it depends. If the charges had gone through and shown up on my statement, I'd probably have to pay the bill for that month, then been credited in the following month. So at least temporarily, I'd be out several hundred dollars while the dispute was going through. By having the transactions blocked entirely, this saved me that hassle.
#85
Magnesium Dogmatic
Join Date: Jun 2006
Location: Long Beach, CA
Posts: 1,939
Bikes: Look 585 Ultra, Pinarello Dogma, Pegoretti Duende, Orbea, Cannondale Capo
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
I've been hit twice after buying from PBK, once through the itunes scheme and the other was an attempt to buy bicycle merchandise in the UK at a shop called halfords or something. Both were caught by Chase and the cards replaced.
#86
370H-SSV-0773H
Join Date: May 2005
Location: Penniless Park, Fla.
Posts: 2,750
Bikes: Merlin Fortius, Specialized Crossroads & Rockhopper, Serotta Fierte, Pedal Force RS2
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
and yes, i have the same security password system on my MasterCard - only seems to be required for overseas transactions (Asia) and a few U.S. vendors - such as Newegg
even with those protections, i recently had to have a new card issued due to spurious charges...
#87
Elite Fred
Join Date: Aug 2005
Location: Edge City
Posts: 10,945
Bikes: 2009 Spooky (cracked frame), 2006 Curtlo, 2002 Lemond (current race bike) Zurich, 1987 Serotta Colorado, 1986 Cannondale for commuting, a 1984 Cannondale on loan to my son
Mentioned: 6 Post(s)
Tagged: 0 Thread(s)
Quoted: 60 Post(s)
Liked 42 Times
in
19 Posts
Today my debit card was "not authorized" at the local grocery store. I had just enough cash in my wallet to make my purchase and I investigated when I got home. My bank also thought that it was strange that there were Bikini Boot Camp charges on my card and shut down my card. I'm thinking that the "perps" test the card at this site before selling it.
BTW, I have no problem with PBK. The problem is upstream of them.
#88
Junior Member
Join Date: Jun 2004
Posts: 9
Bikes: yellow one and a red one
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
Add me to the list. Had fraudulent charges on my account after my order from PBK. Pretty sure it that transaction because the charges are from the UK. The bank actually caught it before I did and cancelled my card
#89
Peloton Shelter Dog
Sadly, PBK is too risky to buy from. They can't control the CC fraud.
#90
Cat3.*....Cat2
Join Date: May 2006
Location: Livonia, MI
Posts: 2,171
Bikes: A lot.
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
One way to do it securely, is go to walmart, buy prepaid credit cards for ~ the amount your going to spend at PBK.
#91
Senior Member
Join Date: May 2008
Location: NorCal
Posts: 2,457
Bikes: Cervelo R3 (Force)
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
is everyone having these problems sure their computers are clean? hundreds of millions of people (mostly using windows XP) have spyware on their computer that can be difficult to detect. since they are on the client system, they can log your keystrokes, thus circumventing SSL encryption.
there is a paper on the "torpig" botnet by researchers at UCSB that explains how credit card information is mined from peoples computers.
there is a paper on the "torpig" botnet by researchers at UCSB that explains how credit card information is mined from peoples computers.
#92
Senior Member
Join Date: Jul 2008
Location: San Dimas, Ca
Posts: 213
Bikes: CAAD9, Fulcrum Racing Zero Wheelset
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
American Express anybody?
That was your first problem...
Can't beat their buyer protection services.
It's my only CC for that reason.
I have a backup VISA, but cmon, AMEX is the win.
That was your first problem...
Can't beat their buyer protection services.
It's my only CC for that reason.
I have a backup VISA, but cmon, AMEX is the win.
#94
Senior Member
Join Date: Jul 2008
Location: San Dimas, Ca
Posts: 213
Bikes: CAAD9, Fulcrum Racing Zero Wheelset
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
#95
Senior Member
Join Date: Oct 2008
Location: Los Angeles, Ca.
Posts: 56
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
I have ordered from PBK in the past without any problems.
I just placed another order a few days ago. Unfortunately I will now have to keep on eye on my credit card activity. Theres always some a-s-s-hole(s) that have to ruin a good thing.
I just placed another order a few days ago. Unfortunately I will now have to keep on eye on my credit card activity. Theres always some a-s-s-hole(s) that have to ruin a good thing.
#96
Senior Member
Join Date: Nov 2006
Location: Houston, TX
Posts: 3,198
Bikes: 2007 Orbea Onix, 2007 Windsor The Hour, 2008 Kona Jake
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
is everyone having these problems sure their computers are clean? hundreds of millions of people (mostly using windows XP) have spyware on their computer that can be difficult to detect. since they are on the client system, they can log your keystrokes, thus circumventing SSL encryption.
there is a paper on the "torpig" botnet by researchers at UCSB that explains how credit card information is mined from peoples computers.
there is a paper on the "torpig" botnet by researchers at UCSB that explains how credit card information is mined from peoples computers.
#97
Stand and Deliver
Join Date: Jun 2008
Location: Tampa Bay
Posts: 3,340
Bikes: Cannondale R1000, Giant TCR Advanced, Giant TCR Advanced SL
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 1 Time
in
1 Post
Are you saying AMEX has never had a breach? I had AMEX, but don't like paying to use their card when there are so many free ones available.
Last edited by FLvector; 05-08-09 at 11:25 AM.
#98
Senior Member
Join Date: Mar 2007
Location: Portland, OR
Posts: 571
Bikes: Lots
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 3 Times
in
2 Posts
Question:
I wasn't aware of the Paypal "secure card" feature until reading this thread. I to was hit with a fraudulent charge after ordering from the UK, Ribble.
My question is, I went through the Paypal plug-in to get it installed and when I got to the last part of the install, had picked my secure photo Paypal then asked for my SS# to complete the process and enable me to use their secure card system.
Did everyone else get asked for their SS# when going through this process???
Just want to be sure.
Thanks
KRhea
I wasn't aware of the Paypal "secure card" feature until reading this thread. I to was hit with a fraudulent charge after ordering from the UK, Ribble.
My question is, I went through the Paypal plug-in to get it installed and when I got to the last part of the install, had picked my secure photo Paypal then asked for my SS# to complete the process and enable me to use their secure card system.
Did everyone else get asked for their SS# when going through this process???
Just want to be sure.
Thanks
KRhea
#99
Peloton Shelter Dog
In the meantime PBK customers should be assured that payment security is an issue with the highest visibility at senior management levels and the business is founded on the principles of trust and honesty.
Mark McCance
Commercial Director
ProBikeKit.com
The Online On Road Experts
NOT worth it. Sorry.