Feeds

UK cyclists hit by fraud after online purchase at website

Caught in the middle of a chain reaction

Security for virtualized datacentres

Updated A suspected security breach at popular UK-based biking site chainreactioncycles.com has been linked by victims to multiple instances of fraud.

Various bike enthusiast forums are alive with complaints (here and here) from customers of the site, several of whom are reporting unauthorised charges on their credit or debit cards. The victims are tied together by having shopped at the bike site over the last fortnight or so.

The majority of fraudulent transactions reported seem to involve mobile phone top-ups to either Vodafone or O2, typically two transactions valued at £15 or so for a total fraudulent amount of £30. However, a small percentage of victims have been taken for thousands of pounds.

The experiences of a Reg reader, who wishes to remain anonymous and was the first to tell us of potential problems, seems typical: "I recently purchased items from the online cycling retailer Chain Reaction. A few days after payment went through, I had a couple of fraudulent transactions on my Visa card, which I cancelled, and got money refunded."

Banking regulations in the UK mean that victims should be able to recover the lost sums, but in the meantime they face an anxious wait and the possibility of being short of cash to pay bills until the mess is sorted out.

Chain Reaction Cycles (CRC) released a holding statement, republished via a thread on popular mountain biking portal MoreDirt.com, that acknowledged reports of problems and stating that it had started an investigation. "Our own infrastructure is routinely and independently tested and we are confident that it is robust," it said. "We are working with industry experts including the card processing companies to identify possible causes both inside and outside the control of CRC."

A spokesman for CRC told El Reg that the ongoing investigation, started on Monday, had thus far not come across anything amiss.

Digital forensics blog ForHacSec adds that the common theme of the fraudulent transactions was that they occurred between seven and 10 days after victims purchased goods from chainreactioncycles.com. Purchases at CRC between March 4 to 12 seem to be those most closely associated with subsequent fraud, it adds. ®

Secure remote control for conventional and virtual desktops

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.