Fun Publications Issues Apology and Statement Regarding Recent Security Issues
Friday, February 24th, 2012 5:26PM CST
Category: Collector's Club NewsPosted by: El Duque Views: 32,207
Topic Options: View Discussion · Sign in or Join to reply
This is going out to all members:
Fun Publications wants to take this opportunity to apologize to all of our members.
After many days of analysis, Fun Publications has determined that there is a security issue with our e-commerce systems. We appreciate all of you who have sent in your details. Your help has allowed us to ferret out several different patterns of fraudulent charges that have appeared on some members' cards (any that have been used over the last year with both the club store and our event registration system).
We have several different internet/networking companies looking into the matter. Unfortunately, as of yet, we have not been able to identify any forcible entry either into our internet service provider's servers or network. This is like chasing a ghost through the wires, as unfortunately, the perpetrator did not leave a trail, foot prints or finger prints.
For those of you who have been affected, we apologize for all of your time this has wasted and any inconvenience it has caused you. We understand your frustration as this same type of fraud has happened to everyone in our office on our personal credit cards at some point in the past. Our merchant services provider wants us to remind everyone that even though this can be a huge annoyance for you, the customer, your issuing bank will not hold you responsible for any fraudulent charges that might be placed on your card(s).
We know that this issue has been a huge topic of discussion on all of the boards for the past few weeks. However, we are required to investigate to determine and confirm a security issue thoroughly before making any public statements. This is why we put out a general alert statement two weeks ago.
Until the analysis is finished (can take several weeks) we don't know if the shut down by our former (Jan 31st) e-commerce provider caused the security issue or not. We do know that it has not been limited to those who have purchased before the change to our new provider.
Please, watch your cards closely as this type of security issue appears to be on the increase across the net. No site is 100% safe. You may want to consider having any cards you have used with Fun Publications in the last year replaced.
At this time, we do not know how long our e-commerce site will be offline for both the store and registrations. We will get back to you once we have a solution for this security issue.
Thanks for your support - Brian
News Search
Got Transformers News? Let us know here!
Most Popular Transformers News
ROTB Optimus Prime Lead Designer Discusses Why the Face Looks Similar to the 2007 Movie
56,234 viewsMost Recent Transformers News
Posted by Banjo-Tron on February 24th, 2012 @ 5:31pm CST
Posted by NebulanFree on February 24th, 2012 @ 5:44pm CST
Posted by Mkall on February 24th, 2012 @ 5:53pm CST
NebulanFree wrote:"Sorry about your luck to those who got screwed, but after weeks of super-sleuthing, we at FunPubs still have no clue about any of this mess.
Welcome to the world of cybercrime. More often than not the perp gets away.
Posted by bionic_radical on February 24th, 2012 @ 7:14pm CST
Posted by Stormrider on February 24th, 2012 @ 7:15pm CST
Posted by G1 Legacy on February 24th, 2012 @ 7:41pm CST
OK sooo, I need some advice guys (and gals): I was planning to get a TFCC membership this past month to get the Runamuck figure, but all this Credit Card ID theft stuff has REALLY scared the hell out of me, so I backed off to silently watch how all of this was gonna play out. With Botcon fast approaching I don't have time to deal with the hassle that would come along with having to re-set a card number etc. But I already missed out on the "Over-Run" pre-order figure and have been reduced to having to get it on the secondary market...I really don't wanna have to do that again with Runamuck so I'm having this internal struggle on whether or not to go ahead and risk joining TFCC, I mean isn't March 15 the deadline for the Runamuck figure? I don't know if I should risk it. Oh why oh why can't they just take Paypal? LOL
Thanks in advance gang!
Posted by LiKwid on February 24th, 2012 @ 7:48pm CST
*moderate sarcasm...
Posted by AutobotCliffjumper on February 24th, 2012 @ 7:51pm CST
Posted by GetRightRobot on February 24th, 2012 @ 8:19pm CST
I can't believe it. Thank you. Thank you for being a stand up company and accepting responsibilities. And to do it on your volition. Without any outcry from innocent consumers or nothin!
Posted by Burn on February 24th, 2012 @ 9:17pm CST
G1 Legacy wrote:This seems like a typical P.R. spiel, all words and no real solution. But hey, atleast their owning up to it at this point instead of seemingly keeping their heads buried in the sand.
OK sooo, I need some advice guys (and gals): I was planning to get a TFCC membership this past month to get the Runamuck figure, but all this Credit Card ID theft stuff has REALLY scared the hell out of me, so I backed off to silently watch how all of this was gonna play out. With Botcon fast approaching I don't have time to deal with the hassle that would come along with having to re-set a card number etc. But I already missed out on the "Over-Run" pre-order figure and have been reduced to having to get it on the secondary market...I really don't wanna have to do that again with Runamuck so I'm having this internal struggle on whether or not to go ahead and risk joining TFCC, I mean isn't March 15 the deadline for the Runamuck figure? I don't know if I should risk it. Oh why oh why can't they just take Paypal? LOL
Thanks in advance gang!
Same boat. I went out and got a pre-paid credit card. They can only take whatever money is on it and I plan to only put on enough to cover expenses. So if it were to get hit they wouldn't get anything.
Posted by Rated X on February 24th, 2012 @ 9:41pm CST
G1 Legacy wrote:This seems like a typical P.R. spiel, all words and no real solution. But hey, atleast their owning up to it at this point instead of seemingly keeping their heads buried in the sand.
OK sooo, I need some advice guys (and gals): I was planning to get a TFCC membership this past month to get the Runamuck figure, but all this Credit Card ID theft stuff has REALLY scared the hell out of me, so I backed off to silently watch how all of this was gonna play out. With Botcon fast approaching I don't have time to deal with the hassle that would come along with having to re-set a card number etc. But I already missed out on the "Over-Run" pre-order figure and have been reduced to having to get it on the secondary market...I really don't wanna have to do that again with Runamuck so I'm having this internal struggle on whether or not to go ahead and risk joining TFCC, I mean isn't March 15 the deadline for the Runamuck figure? I don't know if I should risk it. Oh why oh why can't they just take Paypal? LOL
Thanks in advance gang!
Call the Funpub phone number and ask Angie if you can send a money order. Is she says yes, send it pronto. If she says no, youre outta gas buddy. If you are that paranoid, maybe you should just buy Runamuck on the secondary market and have peace of mind. Whats better, spending $100 on a figure or having $1000 worth of credit fraud ? Not trying to be harsh, but it's a no brainer.
Posted by Kibble on February 24th, 2012 @ 9:43pm CST
Burn wrote:G1 Legacy wrote:This seems like a typical P.R. spiel, all words and no real solution. But hey, atleast their owning up to it at this point instead of seemingly keeping their heads buried in the sand.
OK sooo, I need some advice guys (and gals): I was planning to get a TFCC membership this past month to get the Runamuck figure, but all this Credit Card ID theft stuff has REALLY scared the hell out of me, so I backed off to silently watch how all of this was gonna play out. With Botcon fast approaching I don't have time to deal with the hassle that would come along with having to re-set a card number etc. But I already missed out on the "Over-Run" pre-order figure and have been reduced to having to get it on the secondary market...I really don't wanna have to do that again with Runamuck so I'm having this internal struggle on whether or not to go ahead and risk joining TFCC, I mean isn't March 15 the deadline for the Runamuck figure? I don't know if I should risk it. Oh why oh why can't they just take Paypal? LOL
Thanks in advance gang!
Same boat. I went out and got a pre-paid credit card. They can only take whatever money is on it and I plan to only put on enough to cover expenses. So if it were to get hit they wouldn't get anything.
You could do that or it sounds like Paypal offers a similar deal where they offer a 'credit card' off your paypal account that you feed it money or something. I haven't looked too much into it, but I probably will in the not too distant future.
Posted by G1 Legacy on February 24th, 2012 @ 10:16pm CST
Whats better, spending $100 on a figure or having $1000 worth of credit fraud ? Not trying to be harsh, but it's a no brainer.
Oh, I totally agree. There was even a guy on ebay that was selling both togetheir in the box set, but he was still mailing them seperatly as they would be released, which left me thinking I would be a fool not to atleast look into getting the runamuck at cost first and then opting for the 'ol screwgie if that didn't work. LOL I guess what I was trying to ask was, is there anyone who is more familiar with this situation or has their ear along the track/rail that might be able to say one way or the other if they thought TFCC is safe to deal with now...and the answer I'm getting from everyones mood seems to be NAY. But I trust your input "X". No "counterpunch" required here.
Burn wrote:
Same boat. I went out and got a pre-paid credit card.
Kibble wrote:
Paypal offers a similar deal where they offer a 'credit card' off your paypal account that you feed it money or something. I haven't looked too much into it, but I probably will in the not too distant future.
I think this or a pre-paid card in general is a great idea. And is probobly the way I'll go next week. I think I can pick one up at Wal-Mart (even though I try to go there as little as possible). Thanks again for everyone's input.
Anyway, I hope TFCC can get this resolved to everyones satisfaction soon.
Posted by autobot_goldbug on February 24th, 2012 @ 10:42pm CST
Anyway a virtual credit card would be a good option.
http://www.washingtonpost.com/wp-dyn/co ... 01679.html
Paypal isn't any safer.
Posted by Megatron Wolf on February 24th, 2012 @ 11:08pm CST
Posted by metaphorge on February 25th, 2012 @ 12:37am CST
Posted by Primacron's Little Helper on February 25th, 2012 @ 8:11am CST
I got a new card no problems so props to my bank, they were on the ball. Imagine if this was a major retailer or an airline perhaps, they'd be a laughing stock.
Posted by Bed Bugs on February 25th, 2012 @ 1:59pm CST
I have been checking my credit card daily, just in case.
I'm very annoyed and kind of disappointed a little that I won't be at Botcon. Would be quite entertaining to see the rage that shows up in person, or if the majority of collectors only talk tough online.
Regardless, I look forward to hearing about the Club Roundtable and how that goes. Would be nice if they web-casted it on behalf of "Club Members" rather than Botcon Attendees to discuss the current problems with the Club.
Posted by ae_productions on February 25th, 2012 @ 10:06pm CST
I only used my card to sign up to TFCC (my first and probably last time) to get Rumamuck and Runabout.
Tried to use my card today and there was a TON of charges from "google". My card is frozen until I get a new one (2 - 4 weeks) and I have to wait for the funds to clear from the fraudulent charges before I can dispute them (2 - 5 business days).
Many of my pals who ordered the exclusive figures have gotten theirs. So far I have not gotten anything. (Except for a frozen cc and a bunch of unauthorized charges). I hope at least get my two figures out of this. It would really piss me off if they messed up on my order and I get nothing but the stolen ID from it.
Color me not very impressed with this whole mess.
Posted by harrogatebantam31 on February 26th, 2012 @ 7:06am CST
Purchased over-run before the system crashed. Then got hit again on my new card.
Recieved a call from by bank on Friday asking if I'd bought $415.00 worth of tyres in the US, along with payment to a kareoke firm in New Jersey?!
Second time in 3 months I've been hit, I certainly won't be buying anything else or renewing my membership until they can confirm they have sorted the issue, or offer a method such as PayPal as an alternative.
Posted by Stormrider on February 26th, 2012 @ 8:57am CST
I got my identity stolen two years ago, which is much worse than fraudulent charges. The thief had opened over $60,000 in credit cards and loans and destroyed my credit history. He had applied to over 70 store credit and loans. And I only found out the fraudulent accounts when collection agencies began contacting me a year later. Anyway, the point is that the thief was caught (a very rare thing). And even though he is a repeat offender and a convicted felon, he most likely will only receive a slap on the wrist from the courts.
Posted by bvzxa on February 26th, 2012 @ 8:24pm CST
Stormrider wrote:Fraudulent charges and identity theft are becoming a huge pain. Part of the problem is that it's near impossible to catch the thieves and the penalties are not harsh enough when they do.
I got my identity stolen two years ago, which is much worse than fraudulent charges. The thief had opened over $60,000 in credit cards and loans and destroyed my credit history. He had applied to over 70 store credit and loans. And I only found out the fraudulent accounts when collection agencies began contacting me a year later. Anyway, the point is that the thief was caught (a very rare thing). And even though he is a repeat offender and a convicted felon, he most likely will only receive a slap on the wrist from the courts.
My heart goes out to you. I got hit last year. And what sucks is I ordered on the supposed upgrade to the TFCC credit card system.
I'm sorry but apologizing just doesn't cut it. Why??
Yeah it's nice to hear we admit we had a problem, but either way you got your $100+ regardless of whether your company got hit. Who is the real loser, us. I stayed away for a year and really didn't miss anything, decide to comeback and may get screwed by the pooch. That's why I am leaving the TF community because it's getting bad. First we can't sleep at night wondering if we're gonna lose any money, then we get FE figures in a sh*tty release and now we get inferior molds because Hasbro is a bloodsucker.
I get any fraudulent charges I am gonna exercise my American right to sue.
Posted by Simes on February 27th, 2012 @ 4:01am CST
We have been using PayPal to handle all our transactions safely since 2004 and are happy to offer alternative methods of payment for anyone wishing to attend the convention if you are concerned about paying using any electronic method but we can assure you that none of our team have access to any of your credit card details or any of your personal details other than your name, address and email address which we need for the purpose of the convention itself.
Simon Plumbe
Auto Assembly Committee Head
Posted by Banjo-Tron on February 28th, 2012 @ 6:22am CST
To say I'm cross is somewhat of an understatement. Would love to be at Botcon to give FunPub what for. I think It's high time that Hasbro made a statement like this, as their brand is being damaged indirectly, as well. Should Hasbro allow FunPub to keep their license in the light of this? The way I see it, FunPub owes us all a lot more than a pithy apology. On a positive note, I did get my Runamuck today, and he is nice indeed. It's just a shame that what is an awesome exclusive has been marred by a laundry list of amateur mistakes.
Posted by Delicon on February 28th, 2012 @ 7:21am CST
breastforce wrote:Thought I got through this unscathed, but resolved to cancel my card anyway in case. I rang my bank today. Aparently they were trying to get through to me, because in the last week they had blocked hundreds of attempts to use my card. Loads of transactions traced back to Ohio, plus some from all over Europe. If my bank hadn't been proactive, I would now have about £1500 of fraudulent charges on my card. One errant charge for around £10 got through.
To say I'm cross is somewhat of an understatement. Would love to be at Botcon to give FunPub what for. I think It's high time that Hasbro made a statement like this, as their brand is being damaged indirectly, as well. Should Hasbro allow FunPub to keep their license in the light of this? The way I see it, FunPub owes us all a lot more than a pithy apology. On a positive note, I did get my Runamuck today, and he is nice indeed. It's just a shame that what is an awesome exclusive has been marred by a laundry list of amateur mistakes.
My biggest fear is the same as Seibertron's, that Hasbro will pull the license and start doing their own HasbroCon...
Posted by Banjo-Tron on February 28th, 2012 @ 8:13am CST
Delicon wrote:My biggest fear is the same as Seibertron's, that Hasbro will pull the license and start doing their own HasbroCon...
Well if they ever wanted a compelling reason to do so, they have been handed one. It would be a sad day indeed if that happened, though.
Posted by Stormrider on February 29th, 2012 @ 5:40pm CST
Posted by Seibertron on February 29th, 2012 @ 5:57pm CST
Transformers Collectors' Club wrote:As we continue to work on our systems, you will see some of our services go offline and then come back, so please be patient as we preserve data and clone servers and websites.
We are also taking this opportunity to remove all non-essential services from our ecomerce server. So in the short term in the next day or so, the club forums will be discontinued. It will be several days until we are ready to bring them back under an entierly new piece of software. I know alot of you have been asking for this so, we have decided to replace several of our systems with new packages. This means that you will not have access to the forum for a while at all. We do plan to make the old forum viewable (no posts) in the future.
Since we do not know exactly what data was taken, we are recommending that if your have used common logins or passwords with our system and any other system that your change your passwords in those systems immidiately (especially any financial sysstems)! We will be resetting all of the passwords in our system very soon. Please don't delay in changing your passwords in other locations.
In addition, we have found a few recent aticles concerning security issues with other vendors. If you use these services, these issues could possibly impact you. Please read the attached links:
http://www.huffingtonpost.com/2012/02/1 ... 68593.html?
http://www.greenpois0n.co/itunes-accoun ... redit.html
Thanks for your support in this difficult time. We will continue to work with our vendors to correct the issues and we apologize for any inconvenience this has caused any of our members.
Brian Savage
If you have not cancelled your credit or debit cards that you have used in the past, you MUST cancel those numbers. It's a very simple process. You just need to call the phone number on the back of your card, explain what happened, and your bank or credit card company will send you a new card which you should received in 7 to 10 business days or sooner (I received one of mine in 4 business days). You MUST do this. It is inevitable that failure to do this will only result in your card being used for fraudulent purposes. Do NOT wait for you to get hit. The only way you can protect yourself is by cancelling your current card numbers and having new cards sent to you.
It is also strongly recommended that you immediately change your passwords if you use your password on TransformersClub.com on any other website or banking website. The passwords in their database are not encrypted and it should be assumed at this point that all of our account information was taken along with our payment information.
Posted by Mighty_Galvatron on February 29th, 2012 @ 6:12pm CST
What kind of incompetents are running that place?! This is pure stupidity - unacceptable.
Posted by DISCHARGE on February 29th, 2012 @ 6:13pm CST
Posted by AutobotCliffjumper on February 29th, 2012 @ 6:21pm CST
Posted by Trikeboy on February 29th, 2012 @ 6:48pm CST
Posted by Seibertron on February 29th, 2012 @ 6:55pm CST
Trikeboy wrote:Instead of continuing to proceed their career in credit reports, has the club actually said sorry and accepted full responsibility yet?
They're apologized, not sure about accepting full responsibility. They might not be able to legally, I'm assuming that's the advice a lawyer would give them (which I hope they have consulted because this is all extremely serious and delicate stuff). Their latest apology is in the email that was quoted in the latest news story about this.
Transformers Collectors' Club wrote:As we continue to work on our systems, you will see some of our services go offline and then come back, so please be patient as we preserve data and clone servers and websites.
We are also taking this opportunity to remove all non-essential services from our ecomerce server. So in the short term in the next day or so, the club forums will be discontinued. It will be several days until we are ready to bring them back under an entierly new piece of software. I know alot of you have been asking for this so, we have decided to replace several of our systems with new packages. This means that you will not have access to the forum for a while at all. We do plan to make the old forum viewable (no posts) in the future.
Since we do not know exactly what data was taken, we are recommending that if your have used common logins or passwords with our system and any other system that your change your passwords in those systems immidiately (especially any financial sysstems)! We will be resetting all of the passwords in our system very soon. Please don't delay in changing your passwords in other locations.
In addition, we have found a few recent aticles concerning security issues with other vendors. If you use these services, these issues could possibly impact you. Please read the attached links:
http://www.huffingtonpost.com/2012/02/1 ... 68593.html?
http://www.greenpois0n.co/itunes-accoun ... redit.html
Thanks for your support in this difficult time. We will continue to work with our vendors to correct the issues and we apologize for any inconvenience this has caused any of our members.
Brian Savage
Posted by Autobot032 on February 29th, 2012 @ 7:33pm CST
-_- *sighs*
Posted by mattwhite924 on February 29th, 2012 @ 7:39pm CST
There is absolutely NO excuse for not encrypting passwords.
Posted by DevastaTTor on February 29th, 2012 @ 8:46pm CST
Posted by Naked Magnus on February 29th, 2012 @ 9:32pm CST
mattwhite924 wrote:They didn't encrypt the passwords!? Who the heck is running that site, a 4 year-old?
There is absolutely NO excuse for not encrypting passwords.
That is correct. I am a professional software developer and have a masters degree in computer science. The entire site is built like sites were literally 10 years ago. Either they do not want to invest the money to modernize or their own in-house developers are seriously behind the times. Their software is a complete hackjob by todays standards. Nobody uses Cold Fusion anymore. I used to, but that was in 2002.
I haven't done shopping cart sites in a long time, but I can't help but think there are off-the-shelf products out there that could easily be customized in a short period of time to replace this legacy piece of garbage.
It isn't hard to encrypt passwords. Either they are too lazy or their developers are compete idiots. It is completely trivial now'adays to encrypt passwords. Probably writing a migration script to encrypt the existing passwords is beyond their technical capabilities.
Seriously, we need to stop putting up with this crap. Another option for them is to outsource the online store to an entity that knows what it is doing.
Posted by funeralthirst7 on February 29th, 2012 @ 9:58pm CST
Posted by Stormrider on February 29th, 2012 @ 10:26pm CST
Posted by shin_hibiki on February 29th, 2012 @ 11:17pm CST
Posted by bvzxa on March 1st, 2012 @ 12:46am CST
Naked Magnus wrote:mattwhite924 wrote:They didn't encrypt the passwords!? Who the heck is running that site, a 4 year-old?
There is absolutely NO excuse for not encrypting passwords.
That is correct. I am a professional software developer and have a masters degree in computer science. The entire site is built like sites were literally 10 years ago. Either they do not want to invest the money to modernize or their own in-house developers are seriously behind the times. Their software is a complete hackjob by todays standards. Nobody uses Cold Fusion anymore. I used to, but that was in 2002.
I haven't done shopping cart sites in a long time, but I can't help but think there are off-the-shelf products out there that could easily be customized in a short period of time to replace this legacy piece of garbage.
It isn't hard to encrypt passwords. Either they are too lazy or their developers are compete idiots. It is completely trivial now'adays to encrypt passwords. Probably writing a migration script to encrypt the existing passwords is beyond their technical capabilities.
Seriously, we need to stop putting up with this crap. Another option for them is to outsource the online store to an entity that knows what it is doing.
I have a degree in Network Security and management and I see so much is wrong with how the website was setup. I know that letting an outside company handle commerce can get expensive if you aren't making alot of sales to support the cost.
What I see is just a lack of security and thinking. They thought no one would hack them, which of course is foolish thinking. For some reason the way the ordering page was setup, it felt like I was ordering from a company back in the late 90's.
As far as them accepting full responsibility, they can't. technically because the breach is well known, and has caused problems for people they are on the hook. However FunPub is no Sony, this hack job could ruin them and probably for good. I just better get what I paid for before that happens.
Posted by G1 Legacy on March 1st, 2012 @ 1:19am CST
Oh, how cool would that be?
Posted by Banjo-Tron on March 1st, 2012 @ 2:17am CST
I will only forgive FunPub if they send me a free Punch/Counterpunch, with FREE shipping. (I'm only semi-joking about that)
Posted by Autobot032 on March 1st, 2012 @ 2:43am CST
I'm not trying to be mean, I'm really not, but I mean this is their umpteenth problem and it's costing people a LOT of money.
The CC companies must be losing dough with all the canceled charges, cards, etc. TFCC is lucky the companies don't file against them. They probably could.
Posted by jbliss on March 1st, 2012 @ 5:14am CST
Naked Magnus wrote:Nobody uses Cold Fusion anymore.
Just 778,000 of us and growing. http://wwwimages.adobe.com/www.adobe.co ... st-kit.pdf
Posted by Andrius on March 1st, 2012 @ 2:07pm CST
On a related note, I'm still waiting for my exclusives to ship... Insult to injury and all that.
Posted by mattwhite924 on March 1st, 2012 @ 3:44pm CST
At this point I wish I wouldn't have joined the Transformers Club, no toy is worth this kind of crap.
Posted by Kibble on March 1st, 2012 @ 4:43pm CST
Andrius wrote:Just got fraudulent charges today. Closed my CC account. Keep checking, guys.
On a related note, I'm still waiting for my exclusives to ship... Insult to injury and all that.
Don't keep checking...cancel your cards NOW!
Posted by Autobot032 on March 1st, 2012 @ 5:26pm CST
mattwhite924 wrote:At this point I wish I wouldn't have joined the Transformers Club, no toy is worth this kind of crap.
This statement says it all. You should never have to say this over a toy. Never. Ya know?
I'm so saddened and dismayed by this whole thing.
Posted by bvzxa on March 1st, 2012 @ 9:02pm CST
As I was checking my bank account I got a $298.54 charge from Walmart.com
I was in the process of cancelling my card when I saw this. Talked to the bank rep and she told me there was a $1 authorization charge to my card account to test the card. They did that on the 2/29. Then either last night or early this morning the attempt to use the card was made at Walmart.com
Now my bank kinda sucks but they did proceed the normal way of disputing the charge and proceeded to cancel the card.
Then I decided to give Walmart.com a call, and believe it or not, I got top quality customer service over the phone than I ever did at the many Walmart stores I shopped in. I began to explain to "Kevin" that I believe my card was used without my consent for a purchase. Since I have a Walmart.com account I checked that and the last .com purchase I made was a TV back in 2010. "Kevin" asked me for the last 4 digits of the card and what the amount was. I gave him the information and he found the charge. It went through but he said Walmart canceled the charge because the address did not match and there was an account already in my name. So he said even though it was on my bank statement the charge would drop off in 3 to 5 business days. He also took it a step further and escalate the situation to the financial security department.
he couldn't tell me the entire address but the thieves were trying to purchase an iPod Touch and trying to send it to California.
So I have no card but I have some peace of mind that this charge won't stick as well as not having to fight it out with the bank.
MODS: I'm gonna post this in the threads related to the TFCC fiasco so people can have some hope if they visit one of the three threads.