Go Back  Bike Forums > Bike Forums > General Cycling Discussion
Reload this Page >

WARNING! Probable CC fraud through R**ble Cycles!

Notices
General Cycling Discussion Have a cycling related question or comment that doesn't fit in one of the other specialty forums? Drop on in and post in here! When possible, please select the forum above that most fits your post!

WARNING! Probable CC fraud through R**ble Cycles!

Old 02-23-09, 08:52 PM
  #1  
vitualis
Senior Member
Thread Starter
 
vitualis's Avatar
 
Join Date: Apr 2008
Location: Sydney, NSW
Posts: 51

Bikes: 2008 Cannondale Six13 3, 1982 Colnago Super, 2007 Cell SS101

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
WARNING! Probable CC fraud through R**ble Cycles!

In the past couple of days, there have been numerous reports in two Australian cycling forums of members credit cards being hit with unauthorised transactions after buying from a particular UK store. Tickets for obscure airlines seems to be a common theme...

https://www.bicycles.net.au/forums/vi...er=asc&start=0
https://www.bv.com.au/forums/viewtopi...er=asc&start=0

Beware!

Regards.
vitualis is offline  
Old 02-23-09, 09:17 PM
  #2  
rankin116
Senior Member
 
rankin116's Avatar
 
Join Date: Jun 2007
Location: ChapelBorro NC
Posts: 4,126
Mentioned: 8 Post(s)
Tagged: 0 Thread(s)
Quoted: 98 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
Why not just say Ribble? What's the point of hiding the name?
rankin116 is offline  
Old 02-23-09, 09:40 PM
  #3  
10 Wheels
Galveston County Texas
 
10 Wheels's Avatar
 
Join Date: Nov 2007
Location: In The Wind
Posts: 31,512

Bikes: 2010 Catrike Expedition, 02 GTO, 2011 Magnum

Mentioned: 16 Post(s)
Tagged: 0 Thread(s)
Quoted: 857 Post(s)
Liked 280 Times in 141 Posts
I had unknown charges added to my CC after buying from Wiggle on Feb 03.2009.
My CC company called me and asked if I made the purchases.
They also locked my account.
__________________
Fred "The Real Fred"

10 Wheels is offline  
Old 02-24-09, 12:22 AM
  #4  
johnny0
Senior Member
 
Join Date: Jun 2008
Location: Arlington VA
Posts: 142

Bikes: 2008 Generic Carbon Frame with full Ultegra, 2007 Iron Horse Victory 3, 2007 Fuji Absolute LX, 2005 Leader LD735 with Ultegra kit

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
wiggle too? whew...i paid with paypal for my one order with them.
johnny0 is offline  
Old 02-24-09, 12:32 AM
  #5  
f4rrest
Farmer tan
 
f4rrest's Avatar
 
Join Date: May 2008
Location: Burbank, CA
Posts: 7,986

Bikes: Allez, SuperSix Evo

Mentioned: 38 Post(s)
Tagged: 1 Thread(s)
Quoted: 2870 Post(s)
Liked 24 Times in 20 Posts
Seems like much speculation. Just because someone "last purchased online at shop X" and then had some other online charges doesn't mean their details were obtained via shop X. Often, online fraud begins offline. It's just as likely that the local gas station or restaurant didn't properly guard your details -- or that you tossed out some details in the trash. Those merchants don't deserve this kind of trashing without proof.
f4rrest is offline  
Old 02-24-09, 01:33 AM
  #6  
Lug
Senior Member
 
Lug's Avatar
 
Join Date: Jun 2006
Location: Anchorage AK
Posts: 146

Bikes: 2015 Salsa Fargo 3, 2000 Specialized Rockhopper

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 8 Post(s)
Likes: 0
Liked 1 Time in 1 Post
Received a notice from my credit union that I will be receiving a new check card because a third party credit card processor had a theft of records that effected "millions" of visa account numbers. So it isn't always the business you've done business withn or a breech of your personal safeguard habits. It can also be the outfit that is hired to process the transactions from a multitude of businesses.
Justin
Lug is offline  
Old 02-24-09, 01:39 AM
  #7  
Ziemas
Senior Member
 
Ziemas's Avatar
 
Join Date: Nov 2004
Posts: 10,082
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 4 Post(s)
Likes: 0
Liked 1 Time in 1 Post
Originally Posted by rankin116 View Post
Why not just say Ribble? What's the point of hiding the name?
I've noticed this a lot on different forums. It's totally bizarre. Can anyone explain this phenomena?
Ziemas is offline  
Old 02-24-09, 01:47 AM
  #8  
Panthers007
Great State of Varmint
 
Panthers007's Avatar
 
Join Date: Sep 2008
Location: Dante's Third Ring
Posts: 7,476
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Likes: 0
Liked 10 Times in 10 Posts
When this happens (and it does more frequently than most suspect), it is unlikely to be merchant of the last shop's fault - directly. What is usually the culprit is the merchant didn't have good security on their computer system. And they got hacked. If you see those little boxes that say: Can we/May we/ keep your credit-card on file for future purchases? NO! Make sure you uncheck, or whatever, box they have to prevent this.

This happened to me with a science outlet. My bank called me to ask if I was doing business in Russia.
Panthers007 is offline  
Old 02-24-09, 04:42 AM
  #9  
10 Wheels
Galveston County Texas
 
10 Wheels's Avatar
 
Join Date: Nov 2007
Location: In The Wind
Posts: 31,512

Bikes: 2010 Catrike Expedition, 02 GTO, 2011 Magnum

Mentioned: 16 Post(s)
Tagged: 0 Thread(s)
Quoted: 857 Post(s)
Liked 280 Times in 141 Posts
Originally Posted by f4rrest View Post
Seems like much speculation. Just because someone "last purchased online at shop X" and then had some other online charges doesn't mean their details were obtained via shop X. Often, online fraud begins offline. It's just as likely that the local gas station or restaurant didn't properly guard your details -- or that you tossed out some details in the trash. Those merchants don't deserve this kind of trashing without proof.
No gas station or restaurant used here.
Get Real.
__________________
Fred "The Real Fred"

10 Wheels is offline  
Old 02-24-09, 04:50 AM
  #10  
linux_author
370H-SSV-0773H
 
linux_author's Avatar
 
Join Date: May 2005
Location: Penniless Park, Fla.
Posts: 2,750

Bikes: Merlin Fortius, Specialized Crossroads & Rockhopper, Serotta Fierte, Pedal Force RS2

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
Originally Posted by Lug View Post
Received a notice from my credit union that I will be receiving a new check card because a third party credit card processor had a theft of records that effected "millions" of visa account numbers. So it isn't always the business you've done business withn or a breech of your personal safeguard habits. It can also be the outfit that is hired to process the transactions from a multitude of businesses.
Justin
these problems won't end until Visa and Mastercard change the process that allows transactions without proper authorization...

things are so bad nowadays that my bank uses a tertiary password for its credit card accounts; in order to process a transaction, the following is required:

1. name
2. address
3. card #
4. expiration
5. security number (3-digit on back of card)
6. separately processed security password

IOW, 'bad' merchants can charge to credit card numbers without even requiring a date of expiration! Visa and Mastercard allow transactions using only item #3! (and only implement more secure processing as a 'feature' [which costs vendors])

Last edited by linux_author; 02-24-09 at 05:01 AM.
linux_author is offline  
Old 02-24-09, 10:35 AM
  #11  
wahoonc
Membership Not Required
 
wahoonc's Avatar
 
Join Date: Jan 2005
Location: On the road-USA
Posts: 16,855

Bikes: Giant Excursion, Raleigh Sports, Raleigh R.S.W. Compact, Motobecane? and about 20 more! OMG

Mentioned: 5 Post(s)
Tagged: 0 Thread(s)
Quoted: 68 Post(s)
Likes: 0
Liked 6 Times in 5 Posts
Originally Posted by Lug View Post
Received a notice from my credit union that I will be receiving a new check card because a third party credit card processor had a theft of records that effected "millions" of visa account numbers. So it isn't always the business you've done business withn or a breech of your personal safeguard habits. It can also be the outfit that is hired to process the transactions from a multitude of businesses.
Justin
Yup...I just got two new debit cards and two new credit cards...now I have to learn new PINs

Aaron
__________________
Webshots is bailing out, if you find any of my posts with corrupt picture files and want to see them corrected please let me know. :(

ISO: A late 1980's Giant Iguana MTB frameset (or complete bike) 23" Red with yellow graphics.

"Cycling should be a way of life, not a hobby.
RIDE, YOU FOOL, RIDE!"
_Nicodemus

"Steel: nearly a thousand years of metallurgical development
Aluminum: barely a hundred
Which one would you rather have under your butt at 30mph?"
_krazygluon
wahoonc is offline  
Old 02-24-09, 08:24 PM
  #12  
JanMM
rebmeM roineS
 
JanMM's Avatar
 
Join Date: Jan 2006
Location: Metro Indy, IN
Posts: 16,012

Bikes: Bacchetta Giro A20, RANS V-Rex, RANS Screamer

Mentioned: 15 Post(s)
Tagged: 0 Thread(s)
Quoted: 602 Post(s)
Liked 251 Times in 163 Posts
Had to get a new Visa card in December after charges for $500+ for iTunes gift cards and a $29 charge for "membership" to mediamogulme.com appeared. Go to that site and see if you can figure out what the hell they offer other than money for nothing.
JanMM is offline  
Old 02-26-09, 02:44 PM
  #13  
f4rrest
Farmer tan
 
f4rrest's Avatar
 
Join Date: May 2008
Location: Burbank, CA
Posts: 7,986

Bikes: Allez, SuperSix Evo

Mentioned: 38 Post(s)
Tagged: 1 Thread(s)
Quoted: 2870 Post(s)
Liked 24 Times in 20 Posts
Originally Posted by 10 Wheels View Post
No gas station or restaurant used here.
Get Real.
I deal with this stuff regularly, I am "real" (experienced, that is). The local gas station or restaraunt was an example of an alternate way your card could get stolen, not the only way. I think you misinterpreted that part.

Here's another way people often get credit card scammed online which has nothing to do with a particular merchant:

1. You sign up for a seemingly "ok" website, such as a forum that has nothing to do with online purchases or credit cards. You happen to use the same password for signing up that you also use for your email account -- people do this all the time out of laziness. Any schmuck can put up a website and ask people to join it.
2. They guy who runs the site (or one of his employees, or his hosting company, or a hacker even) can have access to your email address and password. If the password matches your email, he can sign into your email account as if he were you.
3. Anybody that has access to your email account can go to various other financial-related websites and have password reminders sent from those sites to the email address on file. This gives them access to your financial accounts.
4. They steal your identity, etc.

Here's yet another common way your credit card can be stolen (again, not having anything to do with a particular online merchant):
1. You own a PC.
2. You download shareware, screensavers, toolbars, anthing else with a trojan embedded.
3. You have antivirus, but they are not all 100% effective (I was in the industry, this is true) so you are not aware.
4. The trojan grabs your credit card details whenever you enter them for an online purchase, whether it's ribble or amazon, doesn't matter, sends them to whomever deployed it.

An alternate version of the above is when the trojan is actually installed on a merchant's website (could involve ribble or any other site). This is often accomplished without the assistance of any employees. So, it's is misguided to say they have a thief working inside. I've even seen trojans installed on the web hosting company's servers (which means that many ecommerce websites were placed at risk).

All I'm saying is don't jump to conclusions about a particular merchant or their staff. Based on what I saw in the referenced threads, there was no conclusive evidence. Just coincidence.

Last edited by f4rrest; 02-26-09 at 08:34 PM.
f4rrest is offline  
Old 02-26-09, 03:01 PM
  #14  
f4rrest
Farmer tan
 
f4rrest's Avatar
 
Join Date: May 2008
Location: Burbank, CA
Posts: 7,986

Bikes: Allez, SuperSix Evo

Mentioned: 38 Post(s)
Tagged: 1 Thread(s)
Quoted: 2870 Post(s)
Liked 24 Times in 20 Posts
Oh, check this out: my wife used a brand new credit card (I mean no transactions on it ever) to buy a bike from our LBS in person. She made no other purchases on it after that. About a week later, the card company calls us and says someone was using it to charge stuff online. That's another example of offline purchase data being swiped for online fraud.
f4rrest is offline  
Old 02-26-09, 03:53 PM
  #15  
badmother
Senior Member
 
badmother's Avatar
 
Join Date: Nov 2007
Posts: 3,720
Mentioned: 3 Post(s)
Tagged: 0 Thread(s)
Quoted: 317 Post(s)
Likes: 0
Liked 1 Time in 1 Post
Tryed to enter the homepage of a UK based bikeshop last week and got a warning about a trojan from my Norton antivirus. Several other BF members also had problems (Folder forums).
badmother is offline  
Old 02-26-09, 04:18 PM
  #16  
Panthers007
Great State of Varmint
 
Panthers007's Avatar
 
Join Date: Sep 2008
Location: Dante's Third Ring
Posts: 7,476
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Likes: 0
Liked 10 Times in 10 Posts
Okay - that goes back to what I'd said earlier. Someone hacked their site and planted a bug to track transactions. And the business didn't have it's security up-to-snuff. I'd contact the business and let them know what happened. And contact local police. Tell them they should file the complaint with the Feds and Interpol.
Panthers007 is offline  
Old 02-26-09, 08:23 PM
  #17  
TomM
Senior Member
 
Join Date: Sep 2004
Posts: 982

Bikes: Trek5000

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 17 Post(s)
Likes: 0
Liked 8 Times in 6 Posts
Originally Posted by Lug View Post
Received a notice from my credit union that I will be receiving a new check card because a third party credit card processor had a theft of records that effected "millions" of visa account numbers. So it isn't always the business you've done business withn or a breech of your personal safeguard habits. It can also be the outfit that is hired to process the transactions from a multitude of businesses.
Justin
That might be Heartland. Their "breach" is worst than TJ Max's.
TomM is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright 2021 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.