Chain Reaction Cycles have today acknowledged that some of their customers have become victims of what appears to be systematic credit card fraud, though at this stage the precise nature or even the existence of any possible breach of the company’s online security has yet to be confirmed.
Online forums, including our own, have carried anecdotal evidence of fraudulent activity on the bank accounts of people who have recently purchased goods from Chain Reaction, and the company has confirmed that it is carrying out an urgent investigation into the matter. It has enlisted the services of a specialist internet security company to help with the investigation.
Some of the fraudulent transactions have been for relatively minor sums of up to £30, usually, it seems, to pay for mobile phone top ups, but it appears that others victims have seen their accounts debited for considerably larger amounts.
If there is evidence of a range of fraudulent uses of card details it could indicate that either Chain Reaction's own security has been breached, or that of the credit card gateway that processes card payment, or of the link between the two. Card information might then be being sold on to a variety of criminals who are targeting individual victim’s bank accounts in different ways.
Alternatively it may be that an individual or single gang is testing individual accounts with relatively innocuous-looking transactions which may go unnoticed before attempting to make much larger purchases on the compromised cards.
Chain Reaction has responded to media enquiries with a carefully worded Q&A statement emailed to road.cc and posted on the Singletrackworld forum from senior manager Michael Cowan which says:
What do we know?
We know that some of our customers have experienced credit card fraud after placing an order with CRC.
When did we find out?
Senior staff in CRC where alerted to forum comments on Sunday 6th of March. We immediately began our investigations enabling to release information via community forums on Wednesday the 9th, acknowledging that we were actively investigating the situation.
How big is the problem?
So far, we have been contacted by customers who purchased in February and the beginning of March. The contacts we have had both directly and via forums equates to under 0.1% of on-line orders placed In that same time period. However, we understand that for those effected this is of great concern and as we take our customer's security extremely seriously we are taking all the steps we can to understand what has happened.
What steps have we taken?
CRC have employed one of the UKs leading internet security companies to carry out immediate and full forensic investigation into CRCs infrastructure. This investigation has so far uncovered no evidence of any breach. We are also fully engaged with our card processing companies and the card schemes. This investigation is still underway.
Purely as a precaution, Card Issuers may make the decision to reissue new cards to recent CRC customers. If your card is reissued it does not mean that your details have been compromised but the banks take an ultra cautious view on this as the cost of re-issuing a card is much smaller than resolving any potential issue in the future.
When will CRC have more information?
We are working round the clock to get an understanding of what has happened; as we get greater understanding we will continue to keep you up to date and intend to issue a further updates over the next week or so.
Can you order safely?
So far the investigation has uncovered no evidence of any breach but if you want to order on CRC without CRC being in contact with your credit card details then choose Pay by PayPal and checkout using your credit card via the PayPal express checkout.
Please contact us directly
We want people who have been directly affected to contact us so we can personally update you by email. Please contact us on +44 (0)2893343758 between 9am – 5.30pm or emailenquiries [at] chainreactioncycles.com and we will be glad to help you.”
road.cc has placed calls to the company and we will update you once we have more information.