TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity
Thursday, February 2nd, 2012 4:36PM CST
Categories: Toy News, Store NewsPosted by: Seibertron Views: 62,804
Topic Options: View Discussion · Sign in or Join to reply
In the past few days, we have received emails from several fellow Seibertronians that they recently had fraudulent activity on their credit or debit cards. If you've recently ordered a Transformers item online, you should double check your credit and bank accounts to verify whether or not any unauthorized charges have appeared or if there are any pending charges for suspicious activity.
If you found something fishy like a Sharkticon with one of your accounts, please let us know and where you might have used your card online recently for Transformers purchases. Hopefully we can all collectively figure out where the source of the problem is!
Thank you for helping out and doing your part to keep the online Transformers community safe and informed. Happy hunting!
News Search
Got Transformers News? Let us know here!
Most Popular Transformers News
ROTB Optimus Prime Lead Designer Discusses Why the Face Looks Similar to the 2007 Movie
56,365 viewsMost Recent Transformers News
Posted by xyl360 on February 2nd, 2012 @ 4:50pm CST
I was one of the ones who got an order through with the old processor and I've seen no fraudulent charges so far, but my bank is also often slow about posting transactions to my account so it will likely be a few days or more before I know for certain, so until I'm sure, I'll be keeping a watchful eye on it. I highly recommend that anyone who ordered Overrun and/or SG Drift on the first day of pre-orders do the same, even if your order did not go through, as I suspect their original CC handler got hacked/infected.
Posted by shesmovedon on February 2nd, 2012 @ 4:58pm CST
1. 1/31/12 Gamestop.com $49.99 purchase
2. 1/16/12 Experian credit report purchase of ~$17 (which is odd and the AMEX rep said "maybe they're trying to steal your ID"....great....)
Really lame but AMEX is great and am disputing them with no issues.
I use my AMEX for everything I can, BBTS, TFSource, and, most recently, Toy Arena in late December. My first purchase from them so maybe that's related? I use it on plenty of non-TF stuff as well so who knows.
Posted by necr0blivion on February 2nd, 2012 @ 5:09pm CST
http://www.bbc.co.uk/news/technology-16812064
This may be too early to report on, but after reading Seibertron's post I checked both of my credit accounts via phone application and verified all recent transactions (pending and completed). To XYL360, I tried to order from TFCC on Monday and my transaction was suspended. I was able to purchase my figures on Wednesday night once the Club successfully switched vendors. It's too early to lay blame on a TFCC purchase, but will be diligent and report back if I see any suspicious transactions beginning 1/30/12.
*sighs* Just went through this last year, possibly due to the PSN hack. Thankfully, none of the charges held and there was minimal inconvenience.
Posted by cybercat on February 2nd, 2012 @ 5:18pm CST
Posted by mbd88prime on February 2nd, 2012 @ 5:34pm CST
nevermind, im big enough to admit im a big dumbass sometimes, sorry tfcc, you didnt screw me
Posted by geokaiser on February 2nd, 2012 @ 5:49pm CST
Posted by Heavy B on February 2nd, 2012 @ 6:08pm CST
Posted by xyl360 on February 2nd, 2012 @ 6:18pm CST
venon wrote:Since Nov, I have had all 3 of my credit cards used fraudulently. One of them just 6 weeks after canceling the prior card. 1 is visa and 2 are mastercard. 2 of them I used only rarely. I'm thinking info was stolen from a business with records going back for sometime. Unfortunately this doesn't narrow it down for me. Coulda be BBTS, TFSource, Robotkingdom, Amazon, or even Paypal. I doubt it was TFCC because I havent used all 3 there. I am suspicious of the TF stores because I know another local TF fan that had had the same thing happen. For what its worth, I buy from BBTS the most, rarely from TFSource for this very reason, and try to use paypal at Robotkingdom. I alerted BBTS & Paypal but didn't really get much of a response. Hope this helps.
TFSource was hacked a while back as I recall (like last year or even earlier) so that may be the source of your woes. I've only used them once or twice myself and the card I used has long since expired.
Posted by kirbenvost on February 2nd, 2012 @ 6:37pm CST
Well, luckily I was checking my credit card earlier today and there don't seem to be any problems so far. I generally use my card through Paypal to pay for online purchases anyway.
Posted by Megatron Wolf on February 2nd, 2012 @ 7:04pm CST
Posted by FurStreak on February 2nd, 2012 @ 8:05pm CST
Posted by Stormrider on February 2nd, 2012 @ 8:15pm CST
venon wrote:Since Nov, I have had all 3 of my credit cards used fraudulently. One of them just 6 weeks after canceling the prior card. 1 is visa and 2 are mastercard. 2 of them I used only rarely. I'm thinking info was stolen from a business with records going back for sometime. Unfortunately this doesn't narrow it down for me. Coulda be BBTS, TFSource, Robotkingdom, Amazon, or even Paypal. I doubt it was TFCC because I havent used all 3 there. I am suspicious of the TF stores because I know another local TF fan that had had the same thing happen. For what its worth, I buy from BBTS the most, rarely from TFSource for this very reason, and try to use paypal at Robotkingdom. I alerted BBTS & Paypal but didn't really get much of a response. Hope this helps.
I also had fraudulent charges on my credit card a few months ago and then again a couple weeks ago. Each time, I was issued a new card. I only use my credit card online at TF Stores.
Posted by Stumpybot on February 2nd, 2012 @ 8:21pm CST
January I got stung for £1000 in fraudulent charges (there could be more)
I've never been a victim of fraud before and the timing made me think immediately it was one of them since the only time I normally buy from the US is thru PayPal
If its tfcc using cheap crap software that caused it I hope they get some prison quality ass torture
Guess we'll wait and see
Posted by Constantine on February 2nd, 2012 @ 9:12pm CST
The card was canceled and reissued and the fraudulent charge was refunded to the account. I have recently used this card on BBTS, although in the semi-recent past I have also used it on TFSource, Amazon, Netflix, Vudu, Hulu, iTunes, Equifax, Mozy, and the NYS DMV. This card is not linked to my PayPal account. The only other thing for which I used it recently was a small donation to the Arbor Day Foundation.
Posted by Rated X on February 2nd, 2012 @ 10:28pm CST
Posted by 3.8TransAM on February 2nd, 2012 @ 11:52pm CST
When u call in they are polite, speak english and are even based in the United States, not someone in India named Bob. Somewhere in Arizona, believe it or not.
I use it for everything and checked my account just a little bit ago and called due to a gas station charge amount being wrong. Found out it is nothing to worry about and common with gas stations till the transaction actually clears processing.
So everything is good on my end, no fraudulent charges to speak of.
I did order from FunPub on Wedns after they changed credit card processors.
I hope everyone here at a bare minimum goes thru their entire credit card statement when they get it.
Posted by bvzxa on February 3rd, 2012 @ 12:31am CST
Posted by amtm on February 3rd, 2012 @ 1:08am CST
I did get a notice from my bank a few years ago when someone stole thousands of credit and debit card numbers from TJX (TJ Maxx, Ross, Marshalls), but my card number wasn't one of the ones stolen. Got a new one anyway but obviously there wasn't a problem since there were no false charges.
Posted by alldarker on February 3rd, 2012 @ 2:32am CST
However, BBTS did charge my card for Stepper coming into stock on January 4th. I have no idea if that has any relation to the fraud and I am not accusing them, 'cause I use the card for Amazon as well. Still, apart from Paypal, it's the most Transformers-related recent usage of my CC. I haven't bought anything from TFSource or any other online retailer in ages.
The pre-order of SG Drift and Over-run this monday is literally the very first and only usage I have made with my new CC. No strange charges have shown up on my CC since Monday, though.
Posted by mattwhite924 on February 3rd, 2012 @ 9:26am CST
Posted by thestealthmc on February 3rd, 2012 @ 11:34am CST
Posted by Slick_Prime on February 3rd, 2012 @ 4:53pm CST
Posted by necr0blivion on February 3rd, 2012 @ 5:02pm CST
Kamidake wrote:I just got hit with a charge for $3.50. Glad I caught it early, but now I have to cancel all my orders this month at BBTS till I get a new card.
You don't have to cancel your preorders. The items will come in and you will get an e-mail from them showing that they were unable to process your card for payment; you will then be given time to find another source of payment. Send a reply stating your situation and an approximate time you expect to receive your new card.
This happened to me last year, and they were very understanding and provided ample time for me to provide another payment source.
Posted by Cyberseven on February 3rd, 2012 @ 7:12pm CST
shesmovedon wrote:I noticed a couple on my AMEX when I was looking over my bill last night.
1. 1/31/12 Gamestop.com $49.99 purchase
2. 1/16/12 Experian credit report purchase of ~$17 (which is odd and the AMEX rep said "maybe they're trying to steal your ID"....great....)
Really lame but AMEX is great and am disputing them with no issues.
I use my AMEX for everything I can, BBTS, TFSource, and, most recently, Toy Arena in late December. My first purchase from them so maybe that's related? I use it on plenty of non-TF stuff as well so who knows.
I am so glad that Seibertron posted this. I recently caught the fraudulent charge of an Experian credit report membership on my card, and filed a fraud report with my card company and they have refunded the charge and issued me a new card.
The reason I am glad Seibertron posted this and that I read the post here from Shemovedon is that now I am almost sure I know where it came from. It was either BBTS, or Paypal that got hacked. My charge for the Experian report membership was dated right after I had purchased items via Paypal, and BBTS.
I suspect Paypal more, but since Shemovedon had same fraud charge after BBTS purchase, unfortunately I think they might have been the ones hacked. For me to have the same fraud charge as a Seibertron member I don't even know, and using a different card then mine, is too much of a coincidence to be sure.
I love BBTS, but they may need to do some investigating for hacks. I am holding off on further purchases via BBTS until further information is researched.
Posted by shesmovedon on February 3rd, 2012 @ 9:16pm CST
It's so hard to figure out the source of these when we're using our cards all over the place. It might not even be any one merchant. It could just be their credit card processors.
We should figure out a way to crowd source this information. We could enter dates of TF charges and dates of fraudulent charges and see if there is any meaningful correlation. Maybe I'll see if I can get a Google form put together.....
Posted by Cyberseven on February 3rd, 2012 @ 10:19pm CST
I am copying some links that shed a little light on this Experian credit report membership scam.
http://complaintwire.org/Complaint.aspx ... jLzxVbhA/5
http://creditreport.pissedconsumer.com/ ... rvice.html
Based on what I found I agree that this may not be BBTS, but just another payment processing system hack, and a company set up to make money on this.
Isn't online shopping fun??
Posted by shesmovedon on February 3rd, 2012 @ 11:29pm CST
Moral of this story, the best way to pay for things online is with a CREDIT CARD. If you use your Bank Card/Debit Card, you have far more hoops to jump through to get your money back. Also, as long as the charge is in dispute, if you can even dispute it, the cash is as good as gone from your bank account. Credit cards at least put a hold on the payment for that transaction so you do have to worry about it during the investigation. I know of too many people that get burned using debit cards. Also, any recurring payment scams that get tacked on will last for MONTHS on a debit card.
Posted by fenrir72 on February 4th, 2012 @ 5:45am CST
Posted by Slick_Prime on February 4th, 2012 @ 10:11pm CST
necr0blivion wrote:Kamidake wrote:I just got hit with a charge for $3.50. Glad I caught it early, but now I have to cancel all my orders this month at BBTS till I get a new card.
You don't have to cancel your preorders. The items will come in and you will get an e-mail from them showing that they were unable to process your card for payment; you will then be given time to find another source of payment. Send a reply stating your situation and an approximate time you expect to receive your new card.
This happened to me last year, and they were very understanding and provided ample time for me to provide another payment source.
Thanks for the advice. I'll do that.
Posted by Seibertron on February 8th, 2012 @ 12:55pm CST
Just got off the phone with my bank and canceled two of my cards, I'll cancel the other two next week once the new cards arrive so that I'm not left without a debit or credit card.
Posted by shesmovedon on February 8th, 2012 @ 1:09pm CST
Posted by Seibertron on February 8th, 2012 @ 1:12pm CST
shesmovedon wrote:That's a pretty good idea. A lot easier to update some accounts with new CC information than to be disputing charges.
I think because I regularly do this, I have never once been hit with a fraudulent charge in the 15 or 16 years since I've been using debit/credit cards online. I've got my fingers crossed, but this method seems to work fairly well.
Posted by GuyIncognito on February 8th, 2012 @ 3:29pm CST
Posted by Seibertron on February 8th, 2012 @ 3:59pm CST
GuyIncognito wrote:If PayPal was hacked, this would be a national headline, not a rumor on a Transformers website. I doubt it's a PayPal issue.
It's not Paypal.
Posted by Stockade on February 9th, 2012 @ 7:19am CST
Has this been confirmed if buying from BBTS and/or TFsource when the activity is done?
Posted by bvzxa on February 9th, 2012 @ 7:33am CST
In essence an attack form a hacker will try to break in to the weakest of credit card companies. I have a degree in Network Security and Management, and many online retailers pay big costs for better security. With BBTS, you have Paypal as an option, I use that. TFSource I haven't used since my card was hacked. I wasn't a member of the TFCC last year at all, but I am this year. When I heard they were updating there CC processing I believe they were probably switching to a company that was more secure.
Posted by Seibertron on February 9th, 2012 @ 9:44am CST
bvzxa wrote:The problem is many online retailers have to use CC processing services and you get what you (the company) pay for. Which ever CC processing company they use needs to have secure data secured. Even some of the pron sites are using tougher standards that the companies you buy transformers from.
In essence an attack form a hacker will try to break in to the weakest of credit card companies. I have a degree in Network Security and Management, and many online retailers pay big costs for better security. With BBTS, you have Paypal as an option, I use that. TFSource I haven't used since my card was hacked. I wasn't a member of the TFCC last year at all, but I am this year. When I heard they were updating there CC processing I believe they were probably switching to a company that was more secure.
One of Seibertron.com's staff members got hit after this switch.
Posted by Skalor on February 9th, 2012 @ 12:22pm CST
I then called FunPub, after reading about all of the problems people on this and other fansites were having for the last several days. I was told by FunPub that I was only the fourth caller to complain/inquire about fraudulent charges (which I thought was strange given the number of issues I've read about). From what I can gather, they're still trying to compile information on what happened before going forward, but what they did ask is that I email them the information on the fraudulent transactions, as well as info on when I placed the orders. I ordered Over-Run AFTER the reestablishment of the CC system, and only yesterday renewed my membership, both with the same card.
I have not had any issues with my cards or bank in 15+ years, and I can put two and two together. I have made no other Transformer related purchases in quite some time (i.e. BBTS, TFSource, etc.) Please make sure that if you have issues, and have made recent purchases to FunPub, that you contact them immediately and share your information. Of course, you will still have to contact respective banks/cc companies to rectify any fraudulent charges, but we can also help FunPub find out what happened, and hopefully prevent future problems.
Skalor
Posted by El Duque on February 9th, 2012 @ 4:25pm CST
We have been receiving feedback that there has been a higher than
usual number of fraud complaints posted on online Transformers
forums.
While we have nothing to suggest that there was an issue with the TCC
and Fun Publications, we look into every concern that is sent to us. All
of your transactions are in a secure socket with the strongest encryption
available to any site on the web. If you have a specific concern about
any transaction with us, please use the “contact us” link located at the
bottom of the TCC page and provide us with as much information as
possible including:
1. The EXACT name of merchant as it is written on your statement.
2. Amount and date of suspect charge.
3. Bank your card is drawn on and if it is a debit or credit card.
4. Device and browser (and version) you used for your last payment
with us before you saw a fraudulent charge (ie, android phone,
computer, iphone, browser and version).
6. Were you on a public computer?
7. Were you on a public wi‐fi network?
8. If you were at home or work, what Internet provider did you use?
9. On your last transaction with us, did you receive any kind of error
message (card declined, 404 error, programming type error)? If you did
receive an error, how many times did you resubmit your information?
It is very difficult to track credit card fraud. With your help, we can see
if there are any parallels between those reporting an issue.
In order to better protect yourself, here are some guidelines:
Never log into a secure site from a public computer, public wi‐fi, or
through android/windows phones. Only use your mobile device on a
mobile app for transactions, never a browser. Turn off your bluetooth
and wi‐fi to prevent people from hacking your credit card information
from your phone/computer.
If you have a card that has an rfid chip, make sure your card is shielded
when not in use.
Always make sure you are using a secure socket (https://) for any login
that requires a password or a monetary transaction.
Never email your credit card information to anyone.
As should be common practice, on a regular basis, be sure to check your
statements and make note of any suspicious activity on your card. If you
see an unauthorized charge, turn it in to your bank or card company, the
charge will be reversed, they will issue a new card for you and the
security system in place will have done its job.
Please also take the time to read the attached article and research credit
card security. We are very aware that security concerns have risen
exponentially in the last couple years and we are doing our part to stay
ahead of the curve.
Can Hackers Destroy The Internet? - Forbes
Posted by craggy on February 9th, 2012 @ 4:47pm CST
if you're the sort of person who puts in your credit card or bank details on a public, unsecured wireless network you're probably also the sort of person who doesn't realise that you're on a public unsecured wireless network in the first place.
Posted by UltraPrimal on February 9th, 2012 @ 4:57pm CST
Posted by chuckdawg1999 on February 9th, 2012 @ 6:56pm CST
Posted by Cyber Bishop on February 9th, 2012 @ 7:59pm CST
Customers with concerns over Credit/Debit card information theft can report their concerns to the TCC at 800-772-6673 or
817-448-9863. You and can also email us at admin2@funpubinc.com .
Posted by Vicalliose on February 9th, 2012 @ 9:20pm CST
UltraPrimal wrote:No. Sorry, FunPub. You are NOT Michael Bay. You can't get away with saying, "Oh it wasn't our fault. It was yours. You must have screwed up somewhere. It certainly wasn't us." Bullshit. It can't be a coincidence that so many people have been reporting credit card fraud after using their store. Especially considering they pulled in a different credit card processing service at the last minute because they saw that their usual one couldn't handle the load. Did they even research this other company? Probably not. They probably were like, "Oh shit! Our site's crashing! How are we going to get our money for these shitty toys? Quick! To Google! ... OK, folks. We're all good now. We've got this new credit card processing company. Apparently it's owned by a Nigerian prince. And you can always trust royalty right? Now let's flip the switch and watch our money roll in! Money, money, money!"
Actually it's the other way around from what I've gathered. The company which they switched away from was responsible for information being compromised. The company they are now using was suggested by site owner Seibertron, to the best of my knowledge.
Of course, I could be wrong. Was anybody hacked within a 24 hour period of the pre-orders going back up?
Posted by Seibertron on February 9th, 2012 @ 11:21pm CST
Vicalliose wrote:UltraPrimal wrote:No. Sorry, FunPub. You are NOT Michael Bay. You can't get away with saying, "Oh it wasn't our fault. It was yours. You must have screwed up somewhere. It certainly wasn't us." Bullshit. It can't be a coincidence that so many people have been reporting credit card fraud after using their store. Especially considering they pulled in a different credit card processing service at the last minute because they saw that their usual one couldn't handle the load. Did they even research this other company? Probably not. They probably were like, "Oh shit! Our site's crashing! How are we going to get our money for these shitty toys? Quick! To Google! ... OK, folks. We're all good now. We've got this new credit card processing company. Apparently it's owned by a Nigerian prince. And you can always trust royalty right? Now let's flip the switch and watch our money roll in! Money, money, money!"
Actually it's the other way around from what I've gathered. The company which they switched away from was responsible for information being compromised. The company they are now using was suggested by site owner Seibertron, to the best of my knowledge.
Of course, I could be wrong. Was anybody hacked within a 24 hour period of the pre-orders going back up?
Yes, some of Seibertron.com's staff members had accounts with fraudulent charges AFTER they placed an order on the new system.
If they went with Authorize.net, that's great. But that doesn't mean their site is secure. They have different plans and programs, they're just the credit card processor ... Authorize.net most likely didn't perform a security test of their website (which would most likely entail some kind of a service fee). The club store, or any e-commerce website that you use, could be storing credit card information locally in their database instead of passing it along to a company like Authorize.net who in turn provides you with a transaction ID or an approval number/message of some sort (I'd have to look at my code from some e-commerce sites from a few years ago) which you use locally on the website end to know that the card is valid and that the payment can go through. The only information that should be stored locally pertaining to a customer order is the shipping information, the billing address is fine, no CC card, no expiration date, no CID, and obviously information relevant to the customers cart/purchase/order/subscription.
We determined that Authorize.net's AIM API method was the best and most secure as it meant that we stored none of the credit card information locally. You can find out more information about how Authorize.net operates by reading about their different API's in the developer section of their website at http://developer.authorize.net/api/. You can see a discussion about the different payment processing methods at http://community.developer.authorize.net/t5/Integration-and-Testing/Which-method-to-use-AIM-SIM-CIM-DPM/m-p/16638#M9371.
Authorize.net's AIM API also required sites to be PCI (Payment Card Industry Data Security Standard) compliant, which was something that I liked. One of the steps in order to be PCI compliant is no credit card information can be stored in the local database. This is to protect customers. I do not know one way or another if TCC stores credit card information in their order database. It is not up for them to disclose this information either (they shouldn't), but hopefully if they're not and if someone is reading this message they will take the steps necessary to correct that huge oversight.
More information about PCI compliance can be found at the links below:
https://www.pcisecuritystandards.org/merchants/index.php
http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
Posted by Seibertron on February 9th, 2012 @ 11:47pm CST
According to Google Support at https://support.google.com/chrome/bin/answer.py?hl=en&answer=95617
Google Support wrote: Your connection to the site
Google Chrome lets you know whether your connection is fully encrypted. If your connection is insecure, third parties might be able to view or tamper with the information you provide on the site.
Your connection to the site is encrypted, but Google Chrome has detected mixed scripting on the page. Be careful if you’re entering personal information on this page. Mixed scripting can provide a loophole for someone to take over the page. This content could be third-party scripts or videos embedded on the page.
If you’re connected to the Internet via a public wireless network, mixed scripting is especially risky because wireless networks are easier to tamper with than wired networks.
And here's the same basic error message in Firefox, but way less dramatic than how Chrome states it.
Posted by gavinfuzzy on February 10th, 2012 @ 3:54am CST
That is all i can say.
Seriously, for the kind of money these guys make, it seems like the site is runned by a team of 5 13-year-olds. Seems to be only 1 customer service agent responding to my questions, and even then it takes over a week to get their response. The site has insanely bad UI and design, and often has coding bugs. This is very disturbing, especially when we are trusting the site with our credit card information. Hasbro better do something about the TFCC division, its ruining the TF name.
Remember the infamous "We would pass on your comments to our marketing team?" Here's a new one from the TFCC Facebook : "I have passed all your suggestions on to the appropriate persons. That's all "I" can do."
Posted by chuckdawg1999 on February 10th, 2012 @ 3:59am CST
Posted by gavinfuzzy on February 10th, 2012 @ 4:03am CST
chuckdawg1999 wrote:What kills me is that for all the valid; well thought out and researched complaints, comments, and suggestions, no one will say a peep at Bot-Con
I guess people are all having such a great time, all of a sudden, they don't blame funpub anymore. Then botcon ends, and people reflect on the amount they spent at botcon, then Funpub's being flammed again.