Feeds

UK cyclists hit by fraud after online purchase at website

Caught in the middle of a chain reaction

Boost IT visibility and business value

Updated A suspected security breach at popular UK-based biking site chainreactioncycles.com has been linked by victims to multiple instances of fraud.

Various bike enthusiast forums are alive with complaints (here and here) from customers of the site, several of whom are reporting unauthorised charges on their credit or debit cards. The victims are tied together by having shopped at the bike site over the last fortnight or so.

The majority of fraudulent transactions reported seem to involve mobile phone top-ups to either Vodafone or O2, typically two transactions valued at £15 or so for a total fraudulent amount of £30. However, a small percentage of victims have been taken for thousands of pounds.

The experiences of a Reg reader, who wishes to remain anonymous and was the first to tell us of potential problems, seems typical: "I recently purchased items from the online cycling retailer Chain Reaction. A few days after payment went through, I had a couple of fraudulent transactions on my Visa card, which I cancelled, and got money refunded."

Banking regulations in the UK mean that victims should be able to recover the lost sums, but in the meantime they face an anxious wait and the possibility of being short of cash to pay bills until the mess is sorted out.

Chain Reaction Cycles (CRC) released a holding statement, republished via a thread on popular mountain biking portal MoreDirt.com, that acknowledged reports of problems and stating that it had started an investigation. "Our own infrastructure is routinely and independently tested and we are confident that it is robust," it said. "We are working with industry experts including the card processing companies to identify possible causes both inside and outside the control of CRC."

A spokesman for CRC told El Reg that the ongoing investigation, started on Monday, had thus far not come across anything amiss.

Digital forensics blog ForHacSec adds that the common theme of the fraudulent transactions was that they occurred between seven and 10 days after victims purchased goods from chainreactioncycles.com. Purchases at CRC between March 4 to 12 seem to be those most closely associated with subsequent fraud, it adds. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?