Seibertron.com Energon Pub Forums

[craggy]

whilst it's nice to see them making an effort now, those questions

if you're the sort of person who puts in your credit card or bank details on a public, unsecured wireless network you're probably also the sort of person who doesn't realise that you're on a public unsecured wireless network in the first place.

[UltraPrimal]

No. Sorry, FunPub. You are NOT Michael Bay. You can't get away with saying, "Oh it wasn't our fault. It was yours. You must have screwed up somewhere. It certainly wasn't us." Bullshit. It can't be a coincidence that so many people have been reporting credit card fraud after using their store. Especially considering they pulled in a different credit card processing service at the last minute because they saw that their usual one couldn't handle the load. Did they even research this other company? Probably not. They probably were like, "Oh shit! Our site's crashing! How are we going to get our money for these shitty toys? Quick! To Google! ... OK, folks. We're all good now. We've got this new credit card processing company. Apparently it's owned by a Nigerian prince. And you can always trust royalty right? Now let's flip the switch and watch our money roll in! Money, money, money!"

[chuckdawg1999]

I never knew not to use a mobile browser to make purchases, but I've never done that and I won't now. But it's worth a mention that FunPubs practices often lead people to use mobile browsers since it's the only browser they have access to, to register for the convention or pre-order exclusives.

[Cyber Bishop]

They replied on FB after they pulled the other page down..

Customers with concerns over Credit/Debit card information theft can report their concerns to the TCC at 800-772-6673 or
817-448-9863. You and can also email us at admin2@funpubinc.com .

[Vicalliose]

No. Sorry, FunPub. You are NOT Michael Bay. You can't get away with saying, "Oh it wasn't our fault. It was yours. You must have screwed up somewhere. It certainly wasn't us." Bullshit. It can't be a coincidence that so many people have been reporting credit card fraud after using their store. Especially considering they pulled in a different credit card processing service at the last minute because they saw that their usual one couldn't handle the load. Did they even research this other company? Probably not. They probably were like, "Oh shit! Our site's crashing! How are we going to get our money for these shitty toys? Quick! To Google! ... OK, folks. We're all good now. We've got this new credit card processing company. Apparently it's owned by a Nigerian prince. And you can always trust royalty right? Now let's flip the switch and watch our money roll in! Money, money, money!"

Actually it's the other way around from what I've gathered. The company which they switched away from was responsible for information being compromised. The company they are now using was suggested by site owner Seibertron, to the best of my knowledge.

Of course, I could be wrong. Was anybody hacked within a 24 hour period of the pre-orders going back up?

[Seibertron]

No. Sorry, FunPub. You are NOT Michael Bay. You can't get away with saying, "Oh it wasn't our fault. It was yours. You must have screwed up somewhere. It certainly wasn't us." Bullshit. It can't be a coincidence that so many people have been reporting credit card fraud after using their store. Especially considering they pulled in a different credit card processing service at the last minute because they saw that their usual one couldn't handle the load. Did they even research this other company? Probably not. They probably were like, "Oh shit! Our site's crashing! How are we going to get our money for these shitty toys? Quick! To Google! ... OK, folks. We're all good now. We've got this new credit card processing company. Apparently it's owned by a Nigerian prince. And you can always trust royalty right? Now let's flip the switch and watch our money roll in! Money, money, money!"

Actually it's the other way around from what I've gathered. The company which they switched away from was responsible for information being compromised. The company they are now using was suggested by site owner Seibertron, to the best of my knowledge.

Of course, I could be wrong. Was anybody hacked within a 24 hour period of the pre-orders going back up?

Yes, some of Seibertron.com's staff members had accounts with fraudulent charges AFTER they placed an order on the new system.

If they went with Authorize.net, that's great. But that doesn't mean their site is secure. They have different plans and programs, they're just the credit card processor ... Authorize.net most likely didn't perform a security test of their website (which would most likely entail some kind of a service fee). The club store, or any e-commerce website that you use, could be storing credit card information locally in their database instead of passing it along to a company like Authorize.net who in turn provides you with a transaction ID or an approval number/message of some sort (I'd have to look at my code from some e-commerce sites from a few years ago) which you use locally on the website end to know that the card is valid and that the payment can go through. The only information that should be stored locally pertaining to a customer order is the shipping information, the billing address is fine, no CC card, no expiration date, no CID, and obviously information relevant to the customers cart/purchase/order/subscription.

We determined that Authorize.net's AIM API method was the best and most secure as it meant that we stored none of the credit card information locally. You can find out more information about how Authorize.net operates by reading about their different API's in the developer section of their website at http://developer.authorize.net/api/. You can see a discussion about the different payment processing methods at http://community.developer.authorize.net/t5/Integration-and-Testing/Which-method-to-use-AIM-SIM-CIM-DPM/m-p/16638#M9371.

Authorize.net's AIM API also required sites to be PCI (Payment Card Industry Data Security Standard) compliant, which was something that I liked. One of the steps in order to be PCI compliant is no credit card information can be stored in the local database. This is to protect customers. I do not know one way or another if TCC stores credit card information in their order database. It is not up for them to disclose this information either (they shouldn't), but hopefully if they're not and if someone is reading this message they will take the steps necessary to correct that huge oversight.

More information about PCI compliance can be found at the links below:

https://www.pcisecuritystandards.org/merchants/index.php
http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

[Seibertron]

Here's an error message I'm currently receiving on transformersclub.com's store. On the day I placed my order, I had the secure padlock to the left of the URL. Did some of you not have the secure padlock? I wonder what is prompting the warning message in Chrome? Hopefully the warning message in Chrome is an overstatement and is not related to all of these other supposed issues.





According to Google Support at https://support.google.com/chrome/bin/answer.py?hl=en&answer=95617

Your connection to the site

Google Chrome lets you know whether your connection is fully encrypted. If your connection is insecure, third parties might be able to view or tamper with the information you provide on the site.

Your connection to the site is encrypted, but Google Chrome has detected mixed scripting on the page. Be careful if you’re entering personal information on this page. Mixed scripting can provide a loophole for someone to take over the page. This content could be third-party scripts or videos embedded on the page.

If you’re connected to the Internet via a public wireless network, mixed scripting is especially risky because wireless networks are easier to tamper with than wired networks.

And here's the same basic error message in Firefox, but way less dramatic than how Chrome states it.

[gavinfuzzy]

That is all i can say.
Seriously, for the kind of money these guys make, it seems like the site is runned by a team of 5 13-year-olds. Seems to be only 1 customer service agent responding to my questions, and even then it takes over a week to get their response. The site has insanely bad UI and design, and often has coding bugs. This is very disturbing, especially when we are trusting the site with our credit card information. Hasbro better do something about the TFCC division, its ruining the TF name.


Remember the infamous "We would pass on your comments to our marketing team?" Here's a new one from the TFCC Facebook : "I have passed all your suggestions on to the appropriate persons. That's all "I" can do."

[chuckdawg1999]

What kills me is that for all the valid; well thought out and researched complaints, comments, and suggestions, no one will say a peep at Bot-Con

[gavinfuzzy]

What kills me is that for all the valid; well thought out and researched complaints, comments, and suggestions, no one will say a peep at Bot-Con

I guess people are all having such a great time, all of a sudden, they don't blame funpub anymore. Then botcon ends, and people reflect on the amount they spent at botcon, then Funpub's being flammed again.