Seibertron.com Energon Pub Forums

bvzxa wrote:

Pete@BotCon wrote:

bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

So if you say this with conviction, why offer the option to accept credit cards to begin with

This is not really that important, but the link is specifically about debit cards; not credit cards.

TL;DR: Debit cards have less protection against fraud than credit cards and they are directly linked to your bank account.

Seibertron wrote:

Pete@BotCon wrote:

bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

Some people only have the ability to pay with debit cards. It is not the place of an e-commerce company to tell their customers how they should or shouldn't be paying for items.

The current primary focus of Fun Pub/BotCon/Transformers Collectors' Club should simply be fixing the problems, returning the services for which we have paid in an extremely timely fashion, and getting paid products out to customers (many of which have still not received their Club exclusives). It should not be deflecting or telling customers about problems at other companies (i.e. iTunes) or what best practices are for credit card usage online.

The core problem is that the Club website was programmed in a very poor manner, which created various security holes. Our passwords should be encrypted, your website should be PCI Compliant (which it was not), our credit card information should NOT be stored locally in your database, etc.

Resolving those problems and getting Club exclusives delivered should be the only focus right now.

Pete@BotCon wrote:

Seibertron wrote:

Pete@BotCon wrote:I would suggest contacting us next time as we would have been happy to have passed this information along...

Thanks for the suggestion.

Great. Just want to make sure you are giving your readers accurate information in regard to our practices...

I assure you that I am giving very accurate information in regard to your practices.

That is why I said it is what I PERSONALLY have taken away from this...

Your previous comment you made publicly were NOT accurate as I pointed out. We are working with various sources to determine the security issues. We look forward to filling everyone in once we get an official finding.

bvzxa wrote:

Pete@BotCon wrote:

bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

It's easy to say that, and post news articles and the like. But to get what I want I shop online. Whether it be my debit card or my credit card. I had less stress with my debit card than my credit card.

So if you say this with conviction, why offer the option to accept credit cards to begin with if you are 100% against using debit/credit cards online in the first place. You should have been only taking money orders if you believe the use of a card will cause you to get hacked.

There have been two times that my card was accessed unauthorized, TFsource 2011 and TFCC 2012.

I'm sorry don't tell me to not use my card only after the fact I got a $300 because I wanted to re-up with the club.

What I want to hear is what measures will be in place that may sway me enough to comeback next year. It's been 30 days I'm out more money and still no club item.

I'm sorry if I'm mad but y'all got some work to do to fix this.

Big difference between credit and debit cards. He was suggesting you use credit cards instead of debit cards, but a lot of customers don't have that luxury. Some, like me, don't care. I understand the risk of using my debit card, but that's for me to decide and educate myself about. It is NOT the place of the company that just lost all of our personal user information and billing/payment information. I'll let them lecture us about best practices with credit card usage online when they listen to our lectures about best practices with running an e-commerce website.

I think that with the economy as it is, a lot of people either choose to only have debit cards or are left with that option, honestly.

F Prime wrote:

bvzxa wrote:

Pete@BotCon wrote:

bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

So if you say this with conviction, why offer the option to accept credit cards to begin with

This is not really that important, but the link is specifically about debit cards; not credit cards.

TL;DR: Debit cards have less protection against fraud than credit cards and they are directly linked to your bank account.

never go by news reports:
When my card debit card was hacked in 2011, I had certain safeguards place on my debit card, which is a credit card too with a credit limit. They were able to charge $11.99, and $35.89 but when they began to try to charge more items for higher prices, $450 at best buy, $1000 at Amazon, the card immediately flagged. So I lost $50 basically until those charges was disputed and the retailer returned them.

When I noticed the first two charges and called BoA on my cell phone, BoA was calling me on the house phone. Now that was the bank working fast and secure.

But like seibs said, debit card or credit card it should not matter. This is commerce. E-Commerce. So if they have a debit card, they should be able to purchase right along with the credit card. I prefer the debit because I don't have to pay interest.

What it should come down to is security from the retailer who wants your business. As a consumer I will protect myself in any way I can, but the retailer needs to protect my information, not discern whether I have a debit or credit card. The consumer should not feel guilty for using their debit card.

Stop this foolishness.

Delicon wrote:I think that with the economy as it is, a lot of people either choose to only have debit cards or are left with that option, honestly.

FWIW, you still have options such as a Visa pre-paid credit card, which is basically a universal gift card, at least anywhere Visa is accepted.

Here's an awesome idea for the TFCC, implement PayPal payments not just credid and debit cards.

Kibble wrote:

Delicon wrote:I think that with the economy as it is, a lot of people either choose to only have debit cards or are left with that option, honestly.

FWIW, you still have options such as a Visa pre-paid credit card, which is basically a universal gift card, at least anywhere Visa is accepted.

You can also use the Pay Pal debit mastercard. It'll only take from your Pay Pal account so you can control what's in there.

Um ok. I'm sorry but putting people's private home addresses into Google and posting images of their homes is wrong. That's an invasion of privacy. How would you like it if someone did that to you?

This address is on their website... under: where to send money orders.

Court Jester wrote:This address is on their website... under: where to send money orders.

And in an earlier post it was said this was Brian Savages home, my point still stands.

What was your point? Invasion of privacy? My privacy has already been invaded. So, I'd call this back to square.

Court Jester wrote:****

What was your point? Invasion of privacy? My privacy has already been invaded. So, I'd call this back to square.

When history looks back on this it will be remembered as the moment Rome began to smolder.

Rome was overrated anyways.

Court Jester wrote:Rome was overrated anyways.

I have my Toga and violin ready

chuckdawg1999 and CourtJester. Knock it off.

If Brian is having the checks sent to his home, than that image counts as a image of a business. Last time I checked anyways.

I really hope he's zoned for business. Otherwise, having those checks sent to his house is poor form.

robofreak wrote:chuckdawg1999 and CourtJester. Knock it off.

If Brian is having the checks sent to his home, than that image counts as a image of a business. Last time I checked anyways.

I really hope he's zoned for business. Otherwise, having those checks sent to his house is poor form.

Not familiar with the history of Rome eh?

I do hope he's zoned for business, I'm light on the specifics of the law but there's tax issues no?

Absolutely no ill will between us Tronians. I just wanted to make sure every TFCC member knew. When you send a money order, please make sure to send it with signature confirmation. I understand people tend to accidentally dig into mailboxes at times in the burbs. It would be fairly easy to forge an ID with a suburban address, and, well... nah forget it. It couldn't possibly happen with hackers' primitive tools these days.

Proceed with the nonchalant toy harvest.

(just to be clear) TFCC is the analogy to Rome? One of the most advanced civilizations of its time in regards to governing body, technology, scholastic endeavor, and other facets of human evolution - correct? Sorry, I'm quite slow when attempting to perceive unfit comparisons. TFCC vs BBTS preorder sales via paypal or Seibertron's forums. I could have totally misunderstood you. In that respect, please accept my apology, Dawg.

Sorry. I thought you 2 were arguing.

Anyways. Can we get a confirmation on whether or not the money orders are in fact being sent to Brian Savage's house? Google can be wrong sometimes.

Unless I get a confirmation that his house is zoned for business, I take serious issue with just sending a money order to that address.

Pete, I know you're still reading this. How about doing something nice and extending the deadline for Runamuck? It would not be that hard to do. I think it's a perfectly acceptable request considering the fact that the online store is down.

I'm staggered by the tone of Pete's replies - given the situation, I would expect someone to be a bit less defensive/confrontational. Given that this thread alone is over 20 pages along, I am surprised that the first time he bothered to post in ages was to berate someone for 'not going through the proper channels'. Oh the irony.

Telling people to not use debit cards to purchase goods via the internet in 2012 is nothing short of ridiculous, and is another example of trying to shift the blame away from Fun Pub. For the record, I used my Credit card, and my bank thankfully stopped over £1,000 worth of fraudulent transactions. Others weren't so lucky.

Pete, how much money do you think your company has cost your customers and their banks over the last month? How much worry and inconvenience? Your antiquated website essentially left the door open and allowed unencrypted data to be mined en masse. Unacceptable pal.

I work with risk management on a daily basis, and I can tell you that your organisation has completely failed to adequately load test your website. Had you conducted any cursory risk analysis, then this entire scenario could have been averted. The highest impact risk is always the security of your customer's data. Any number of mitigating actions could have salvaged this mess, but you guys did not do your homework.

Now you are dealing with the fallout; How you guys conduct yourselves now, will ultimately decide whether you continue to operate as a viable business. With this in mind, I suggest that you moderate your tone and listen to the concerns of your customers, without the attitude. If anyone should be annoyed, it is your customers; and in the main, they have been patient and understanding. I suggest you guys pay us the same courtesy.

Banjo-Tron wrote:I'm staggered by the tone of Pete's replies - given the situation, I would expect someone to be a bit less defensive/confrontational. Given that this thread alone is over 20 pages along, I am surprised that the first time he bothered to post in ages was to berate someone for 'not going through the proper channels'. Oh the irony.

Telling people to not use debit cards to purchase goods via the internet in 2012 is nothing short of ridiculous, and is another example of trying to shift the blame away from Fun Pub. For the record, I used my Credit card, and my bank thankfully stopped over £1,000 worth of fraudulent transactions. Others weren't so lucky.

Pete, how much money do you think your company has cost your customers and their banks over the last month? How much worry and inconvenience? Your antiquated website essentially left the door open and allowed unencrypted data to be mined en masse. Unacceptable pal.

I work with risk management on a daily basis, and I can tell you that your organisation has completely failed to adequately load test your website. Had you conducted any cursory risk analysis, then this entire scenario could have been averted. The highest impact risk is always the security of your customer's data. Any number of mitigating actions could have salvaged this mess, but you guys did not do your homework.

Now you are dealing with the fallout; How you guys conduct yourselves now, will ultimately decide whether you continue to operate as a viable business. With this in mind, I suggest that you moderate your tone and listen to the concerns of your customers, without the attitude. If anyone should be annoyed, it is your customers; and in the main, they have been patient and understanding. I suggest you guys pay us the same courtesy.

Banjo-Tron wrote:I'm staggered by the tone of Pete's replies - given the situation, I would expect someone to be a bit less defensive/confrontational.

I'm not the least bit surprised, honestly.

I was angered by it, no doubt, but not surprised. I can't blame him for being defensive, I think we all would, really. But confrontational? Yeah, not the best approach, all things considered.

Banjo-Tron wrote:Given that this thread alone is over 20 pages along, I am surprised that the first time he bothered to post in ages was to berate someone for 'not going through the proper channels'. Oh the irony.

Yeah... That whole handling it privately line IS sweeping it under the rug. Ballsy for him to say, all things considered. Proper channels? People did exactly that and look at what it's gotten them.

Banjo-Tron wrote:Telling people to not use debit cards to purchase goods via the internet in 2012 is nothing short of ridiculous, and is another example of trying to shift the blame away from Fun Pub.

I was stunned to read that. At least he's consistent. Yay! *facepalms*

Banjo-Tron wrote:I suggest you guys pay us the same courtesy.

I wouldn't hold your breath. Sad to say.

Autobot032 wrote:

Banjo-Tron wrote:Given that this thread alone is over 20 pages along, I am surprised that the first time he bothered to post in ages was to berate someone for 'not going through the proper channels'. Oh the irony.

Yeah... That whole handling it privately line IS sweeping it under the rug. Ballsy for him to say, all things considered. Proper channels? People did exactly that and look at what it's gotten them.

I feel like "going through the proper channels" has gotten us nowhere over the past 8 years. I have various legitimate comments and concerns that have been sent via email over the past few weeks, some of which were addressed while others were overlooked, and some were met with more explanations about why something has happened. Unfortunately, I feel I've been put into a corner where if I want to make sure something is addressed, I need to discuss it in public. You guys should know that there was a current situation where the username for their SQL database was exposed ... I can no longer assume that their programmer/developers took down the database that contains all of our information and can no longer be accessed publicly. I can no longer assume that best practices are being implemented.

My trust was destroyed when my credit card information was stolen, followed by my personal user information which will lead to identity theft (the whole credit card situation will pale in comparison to the inevitable identity thefts), and the realization that my wife's information was also stolen with all of this because I used her information for a 2nd Club account instead of mine, which I had to explain to her that she needed to change her account information on banking websites, etc.

Autobot032 wrote:

Banjo-Tron wrote:Telling people to not use debit cards to purchase goods via the internet in 2012 is nothing short of ridiculous, and is another example of trying to shift the blame away from Fun Pub.

I was stunned to read that. At least he's consistent. Yay! *facepalms*

You guys should read up on some of what was trying to be said about that. If you have credit cards and debit cards, you should probably use credit cards instead when making purchases online. The difference is the money on a credit card isn't technically yours, it's the bank's money (though since I run balances on three of my major cards it sure feels like it's my money). Money on a debit card comes out of your checking account that contains your money.

Here's some additional information about this ...

CreditCards.com wrote:"You don't use a debit card online," says Susan Tiffany, director of consumer periodicals for the Credit Union National Association. Since the debit card links directly to a checking account, "you have potential vulnerability there," she says.

Her reasoning: If you have problems with a purchase or the card number gets hijacked, a debit card is "vulnerable because it happens to be linked to an account," says Linda Foley, founder of the Identity Theft Resource Center. She also includes phone orders in this category.

The Federal Reserve's Regulation E (commonly dubbed Reg E), covers debit card transfers. It sets a consumer's liability for fraudulent purchases at $50, provided they notify the bank within two days of discovering that their card or card number has been stolen.

Most banks have additional voluntary policies that set their own customers' liability with debit cards at $0, says Nessa Feddis, vice president and senior counsel for the American Bankers Association.

But the protections don't relieve consumers of hassle: The prospect of trying to get money put back into their bank account, and the problems that a lower-than-expected balance can cause in terms of fees and refused checks or payments, make some online shoppers reach first for credit cards.

Read more: http://www.creditcards.com/credit-card- ... z1oXjJ7Clk
Compare credit cards here - CreditCards.com

As for the error message I was receiving the other day, bottom line is that I shouldn't be receiving an error message like that. TransformersClub.com is the production website that consumers use ... major changes should be implemented first in a local test environment offline or at a separate subdomain or IP address. Once all of the fixes/changes/modifications have been implemented, then the changes should be rolled out to the place where customers can utilize those changes. The production site, in the meantime, should have sections closed off or friendly error pages so that error messages that expose the SQL database username can't be viewed.

It appears our account information is back online. I was able to login again and could view all of my personal information.

https://www.transformersclub.com/members/index.cfm