Fun Publications Statement Regarding Recent Suspicious Credit Card Activity

Transformers News: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity

Thursday, February 9th, 2012 4:26PM CST

Categories: Press Releases, Collector's Club News
Posted by: El Duque   Views: 28,275

Topic Options: View Discussion · Sign in or Join to reply

Fun Publications has issued the following statement regarding recent suspicious activity on TFCC member's credit cards. Please read their statement below.



Image



We have been receiving feedback that there has been a higher than
usual number of fraud complaints posted on online Transformers
forums.

While we have nothing to suggest that there was an issue with the TCC
and Fun Publications, we look into every concern that is sent to us. All
of your transactions are in a secure socket with the strongest encryption
available to any site on the web. If you have a specific concern about
any transaction with us, please use the “contact us” link located at the
bottom of the TCC page and provide us with as much information as
possible including:

1. The EXACT name of merchant as it is written on your statement.
2. Amount and date of suspect charge.
3. Bank your card is drawn on and if it is a debit or credit card.
4. Device and browser (and version) you used for your last payment
with us before you saw a fraudulent charge (ie, android phone,
computer, iphone, browser and version).
6. Were you on a public computer?
7. Were you on a public wi‐fi network?
8. If you were at home or work, what Internet provider did you use?
9. On your last transaction with us, did you receive any kind of error
message (card declined, 404 error, programming type error)? If you did
receive an error, how many times did you resubmit your information?

It is very difficult to track credit card fraud. With your help, we can see
if there are any parallels between those reporting an issue.

In order to better protect yourself, here are some guidelines:

Never log into a secure site from a public computer, public wi‐fi, or
through android/windows phones. Only use your mobile device on a
mobile app for transactions, never a browser. Turn off your bluetooth
and wi‐fi to prevent people from hacking your credit card information
from your phone/computer.

If you have a card that has an rfid chip, make sure your card is shielded
when not in use.

Always make sure you are using a secure socket (https://) for any login
that requires a password or a monetary transaction.

Never email your credit card information to anyone.

As should be common practice, on a regular basis, be sure to check your
statements and make note of any suspicious activity on your card. If you
see an unauthorized charge, turn it in to your bank or card company, the
charge will be reversed, they will issue a new card for you and the
security system in place will have done its job.

Please also take the time to read the attached article and research credit
card security. We are very aware that security concerns have risen
exponentially in the last couple years and we are doing our part to stay
ahead of the curve.

Can Hackers Destroy The Internet? - Forbes


Credit(s): Fun Publications
Search Got Transformers News? Let us know here!
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345024)
Posted by craggy on February 9th, 2012 @ 4:47pm CST
whilst it's nice to see them making an effort now, those questions :BANG_HEAD:

if you're the sort of person who puts in your credit card or bank details on a public, unsecured wireless network you're probably also the sort of person who doesn't realise that you're on a public unsecured wireless network in the first place.
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345029)
Posted by UltraPrimal on February 9th, 2012 @ 4:57pm CST
No. Sorry, FunPub. You are NOT Michael Bay. You can't get away with saying, "Oh it wasn't our fault. It was yours. You must have screwed up somewhere. It certainly wasn't us." Bullshit. It can't be a coincidence that so many people have been reporting credit card fraud after using their store. Especially considering they pulled in a different credit card processing service at the last minute because they saw that their usual one couldn't handle the load. Did they even research this other company? Probably not. They probably were like, "Oh shit! Our site's crashing! How are we going to get our money for these shitty toys? Quick! To Google! ... OK, folks. We're all good now. We've got this new credit card processing company. Apparently it's owned by a Nigerian prince. And you can always trust royalty right? Now let's flip the switch and watch our money roll in! Money, money, money!"
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345093)
Posted by chuckdawg1999 on February 9th, 2012 @ 6:56pm CST
I never knew not to use a mobile browser to make purchases, but I've never done that and I won't now. But it's worth a mention that FunPubs practices often lead people to use mobile browsers since it's the only browser they have access to, to register for the convention or pre-order exclusives.
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345125)
Posted by Cyber Bishop on February 9th, 2012 @ 7:59pm CST
They replied on FB after they pulled the other page down..

[quote]Customers with concerns over Credit/Debit card information theft can report their concerns to the TCC at 800-772-6673 or
817-448-9863. You and can also email us at admin2@funpubinc.com .[/quote]
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345146)
Posted by Vicalliose on February 9th, 2012 @ 9:20pm CST
UltraPrimal wrote:No. Sorry, FunPub. You are NOT Michael Bay. You can't get away with saying, "Oh it wasn't our fault. It was yours. You must have screwed up somewhere. It certainly wasn't us." Bullshit. It can't be a coincidence that so many people have been reporting credit card fraud after using their store. Especially considering they pulled in a different credit card processing service at the last minute because they saw that their usual one couldn't handle the load. Did they even research this other company? Probably not. They probably were like, "Oh shit! Our site's crashing! How are we going to get our money for these shitty toys? Quick! To Google! ... OK, folks. We're all good now. We've got this new credit card processing company. Apparently it's owned by a Nigerian prince. And you can always trust royalty right? Now let's flip the switch and watch our money roll in! Money, money, money!"

Actually it's the other way around from what I've gathered. The company which they switched away from was responsible for information being compromised. The company they are now using was suggested by site owner Seibertron, to the best of my knowledge.

Of course, I could be wrong. Was anybody hacked within a 24 hour period of the pre-orders going back up?
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345190)
Posted by Seibertron on February 9th, 2012 @ 11:21pm CST
Vicalliose wrote:
UltraPrimal wrote:No. Sorry, FunPub. You are NOT Michael Bay. You can't get away with saying, "Oh it wasn't our fault. It was yours. You must have screwed up somewhere. It certainly wasn't us." Bullshit. It can't be a coincidence that so many people have been reporting credit card fraud after using their store. Especially considering they pulled in a different credit card processing service at the last minute because they saw that their usual one couldn't handle the load. Did they even research this other company? Probably not. They probably were like, "Oh shit! Our site's crashing! How are we going to get our money for these shitty toys? Quick! To Google! ... OK, folks. We're all good now. We've got this new credit card processing company. Apparently it's owned by a Nigerian prince. And you can always trust royalty right? Now let's flip the switch and watch our money roll in! Money, money, money!"

Actually it's the other way around from what I've gathered. The company which they switched away from was responsible for information being compromised. The company they are now using was suggested by site owner Seibertron, to the best of my knowledge.

Of course, I could be wrong. Was anybody hacked within a 24 hour period of the pre-orders going back up?


Yes, some of Seibertron.com's staff members had accounts with fraudulent charges AFTER they placed an order on the new system.

If they went with Authorize.net, that's great. But that doesn't mean their site is secure. They have different plans and programs, they're just the credit card processor ... Authorize.net most likely didn't perform a security test of their website (which would most likely entail some kind of a service fee). The club store, or any e-commerce website that you use, could be storing credit card information locally in their database instead of passing it along to a company like Authorize.net who in turn provides you with a transaction ID or an approval number/message of some sort (I'd have to look at my code from some e-commerce sites from a few years ago) which you use locally on the website end to know that the card is valid and that the payment can go through. The only information that should be stored locally pertaining to a customer order is the shipping information, the billing address is fine, no CC card, no expiration date, no CID, and obviously information relevant to the customers cart/purchase/order/subscription.

We determined that Authorize.net's AIM API method was the best and most secure as it meant that we stored none of the credit card information locally. You can find out more information about how Authorize.net operates by reading about their different API's in the developer section of their website at http://developer.authorize.net/api/. You can see a discussion about the different payment processing methods at http://community.developer.authorize.net/t5/Integration-and-Testing/Which-method-to-use-AIM-SIM-CIM-DPM/m-p/16638#M9371.

Authorize.net's AIM API also required sites to be PCI (Payment Card Industry Data Security Standard) compliant, which was something that I liked. One of the steps in order to be PCI compliant is no credit card information can be stored in the local database. This is to protect customers. I do not know one way or another if TCC stores credit card information in their order database. It is not up for them to disclose this information either (they shouldn't), but hopefully if they're not and if someone is reading this message they will take the steps necessary to correct that huge oversight.

More information about PCI compliance can be found at the links below:

https://www.pcisecuritystandards.org/merchants/index.php
http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345199)
Posted by Seibertron on February 9th, 2012 @ 11:47pm CST
Here's an error message I'm currently receiving on transformersclub.com's store. On the day I placed my order, I had the secure padlock to the left of the URL. Did some of you not have the secure padlock? I wonder what is prompting the warning message in Chrome? Hopefully the warning message in Chrome is an overstatement and is not related to all of these other supposed issues.





According to Google Support at https://support.google.com/chrome/bin/answer.py?hl=en&answer=95617

Google Support wrote: Your connection to the site

Google Chrome lets you know whether your connection is fully encrypted. If your connection is insecure, third parties might be able to view or tamper with the information you provide on the site.

Your connection to the site is encrypted, but Google Chrome has detected mixed scripting on the page. Be careful if you’re entering personal information on this page. Mixed scripting can provide a loophole for someone to take over the page. This content could be third-party scripts or videos embedded on the page.

If you’re connected to the Internet via a public wireless network, mixed scripting is especially risky because wireless networks are easier to tamper with than wired networks.


And here's the same basic error message in Firefox, but way less dramatic than how Chrome states it.

Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345229)
Posted by gavinfuzzy on February 10th, 2012 @ 3:54am CST



That is all i can say.
Seriously, for the kind of money these guys make, it seems like the site is runned by a team of 5 13-year-olds. Seems to be only 1 customer service agent responding to my questions, and even then it takes over a week to get their response. The site has insanely bad UI and design, and often has coding bugs. This is very disturbing, especially when we are trusting the site with our credit card information. Hasbro better do something about the TFCC division, its ruining the TF name.


Remember the infamous "We would pass on your comments to our marketing team?" Here's a new one from the TFCC Facebook : "I have passed all your suggestions on to the appropriate persons. That's all "I" can do." #-o
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345230)
Posted by chuckdawg1999 on February 10th, 2012 @ 3:59am CST
What kills me is that for all the valid; well thought out and researched complaints, comments, and suggestions, no one will say a peep at Bot-Con
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345232)
Posted by gavinfuzzy on February 10th, 2012 @ 4:03am CST
chuckdawg1999 wrote:What kills me is that for all the valid; well thought out and researched complaints, comments, and suggestions, no one will say a peep at Bot-Con


I guess people are all having such a great time, all of a sudden, they don't blame funpub anymore. Then botcon ends, and people reflect on the amount they spent at botcon, then Funpub's being flammed again. :lol:
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345234)
Posted by Burn on February 10th, 2012 @ 4:14am CST
gavinfuzzy wrote:Seriously, for the kind of money these guys make,


You're privy to their financials?
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345260)
Posted by KnightStrike on February 10th, 2012 @ 6:50am CST
I have to say I am glad I didn't sign up for TFCC now. I never joined before because I was never that interested in their exclusives, but classics versions of Runabout and Runamuck made me want to sign up. I debated it for a good while and was ready to sign up a few days ago, but then the news of the TF community getting hit with card fraud stopped me in my tracks, especially as it came to look like it is likely TFCC that was the source of the problem. I won't be signing up with TFCC at all now. As it stands, it looks like paying inflated eBay prices for the figures will be still be cheaper than running the risk of unauthorized card charges.
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345267)
Posted by gavinfuzzy on February 10th, 2012 @ 7:54am CST
Burn wrote:
gavinfuzzy wrote:Seriously, for the kind of money these guys make,


You're privy to their financials?


Ok, fine. Maybe they don't earn loads, but they should at least have a decent site, since they are dealing with our credit card information. :oops:
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345269)
Posted by freetouch on February 10th, 2012 @ 8:01am CST
So... they are deleting comments off of their facebok page now.

They deleted mine where i said: You should really fix this problem before march 16th, because at this point, you are basically holding toys at ransom, for the cost of possible credit card theft.
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345283)
Posted by F Prime on February 10th, 2012 @ 9:05am CST
freetouch wrote:So... they are deleting comments off of their facebok page now.

They deleted mine where i said: You should really fix this problem before march 16th, because at this point, you are basically holding toys at ransom, for the cost of possible credit card theft.


Really? That is unfortunate. There are still plenty of negative comments....why do you think yours was singled out?
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345324)
Posted by Genocide G2.0 on February 10th, 2012 @ 10:42am CST
My GF went to use the card today in a store keepin in mind it hasnt been used since paying for TCC and the card was declined

Then went to use the cash machine and the same happened so she poped in the bank to see what was wrong and there was a caution on the acount

At the bottom of the the statement dated 7th feb funpub had been taken out

2 days later on the 9th feb an unknown company name called M*TAKEMORE based in South Korea there had been fraudulant actions

So the bank got on the the fraud squad and things are been takin care of, just a heads up for anybody else as this only happend yesterday.
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345408)
Posted by Burn on February 10th, 2012 @ 2:21pm CST
I spent the first five years subscribing to this club, and every year they had trouble with my card because their provider couldn't handle international cards properly.

After I got my crappy combiner I quit the club, didn't care. But Runabout and Runamuck ... do want. So I have to re-join, and if I do, I think i'm going to use a pre-paid credit card. Just not worth it after all this.
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345450)
Posted by Genocide G2.0 on February 10th, 2012 @ 3:49pm CST
Burn wrote:I spent the first five years subscribing to this club, and every year they had trouble with my card because their provider couldn't handle international cards properly.

After I got my crappy combiner I quit the club, didn't care. But Runabout and Runamuck ... do want. So I have to re-join, and if I do, I think i'm going to use a pre-paid credit card. Just not worth it after all this.


Mate its not worth the hassel this is my first time joining TCC and the experience has been shit

Sweatin buckets for a couple of days incase i didnt get one then to pay through the roof for the bastard and then me card gets hit

Its a toy for gods sake some times a think av lost the plot in fact i know i have i get to obsessed collecting these transformers sometimes.
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345451)
Posted by Genocide G2.0 on February 10th, 2012 @ 3:51pm CST
Burn wrote:I spent the first five years subscribing to this club, and every year they had trouble with my card because their provider couldn't handle international cards properly.

After I got my crappy combiner I quit the club, didn't care. But Runabout and Runamuck ... do want. So I have to re-join, and if I do, I think i'm going to use a pre-paid credit card. Just not worth it after all this.


Mate its not worth the hassel this is my first time joining TCC and the experience has been shit

Sweatin buckets for a couple of days incase i didnt get one then to pay through the roof for the bastard and then me card gets hit

Its a toy for gods sake some times a think av lost the plot in fact i know i have just get to obsessed collecting these transformers sometimes.
Re: Fun Publications Statement Regarding Recent Suspicious Credit Card Activity (1345452)
Posted by F Prime on February 10th, 2012 @ 3:53pm CST
It sucks that so many people have had such negative interactions. I joined the club on day 1 and have had no regrets. I love the figures, I love the bi-monthly "magazine", and the club-only figures I have purchased have been top notch with little to no hassle in purchasing.

I realize I am in the minority and I am in no way trying to dismiss peoples' negative experiences, but despite the problems I will still be a member of TFCC for the foreseeable future.

Transformers Podcast: Twincast / Podcast #145 - May Mayhem
Twincast / Podcast #145:
"May Mayhem"
MP3 · iTunes · RSS · View · Discuss · Ask
Posted: Thursday, May 26th, 2016