CornerStoreComics and Credit Card Exposure.

One sixth kit
Comic concepts
Collector Freaks Forum

Help Support Collector Freaks Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Status
Not open for further replies.
GordonGekko said:
Wow, that's actually surprising. Without an existing and public plan for some type of compensation for time and trouble, CSC is really not helping themselves in this situation.

Just speculation, but based on what people have said and the patterns, sounds internal to me. Of course, if it was, CSC has no incentive to reveal that it was internal. If it was internal, people should consider their names, addresses and phone numbers were also probably compromised.

This situation happened with Dragon Models Limited, Cyber Hobby ( their exclusives dealer segment) a few years back.

I'm sorry to hear this happened to so many people here. Hope it all works out for you guys.

Gekko
Click to expand...


Where you been GG? You need to post more, I enjoy them.
 
GordonGekko said:
Wow, that's actually surprising. Without an existing and public plan for some type of compensation for time and trouble, CSC is really not helping themselves in this situation.

Just speculation, but based on what people have said and the patterns, sounds internal to me. Of course, if it was, CSC has no incentive to reveal that it was internal. If it was internal, people should consider their names, addresses and phone numbers were also probably compromised.

This situation happened with Dragon Models Limited, Cyber Hobby ( their exclusives dealer segment) a few years back.

I'm sorry to hear this happened to so many people here. Hope it all works out for you guys.

Gekko
Click to expand...

Whoa, where is all this inside job stuff coming from? No internet business, except maybe Amazon processes the credit cards themselves. They pay an outside service such as these
https://credit-card-processing-review.toptenreviews.com/

So it was a company like this that was compromised, not CSC.
 
Darklord Dave said:
Whoa, where is all this inside job stuff coming from? No internet business, except maybe Amazon processes the credit cards themselves. They pay an outside service such as these
https://credit-card-processing-review.toptenreviews.com/

So it was a company like this that was compromised, not CSC.
Click to expand...

Mesa said:
I think what someone explained was the CSC uses some CC processor for their orders (not really sure how that works), and many other businesses use the same company to process their shopping orders, and that processing compnay was hacked, not just CSC. So other people are going through the same crap, not just us geeks who collect dolls.

Fortunately there's this forum to at least alert us to we can take somewhat immediate action or at least monitor the situation.
Click to expand...

That's what I was trying to say. Certainly not CSC's fault directly. But still, someone who has been scammed is going to blame whoever they dealt with, not any intangible companies. Really sucks for CSC, as they most likely are a victim themselves, only to a much larger scale.
 
I'm a little scared to buy some of their stuff right now.

A friend of mine that bought something from them almost got charged $600+ for a trip to Spain. I'm glad that his credit card company put the charge on hold and called him to verify that it was really him that made the purchase 30 minutes after it was charge.
 
I've been keeping an eye on my accounts a lot more than usual since I found out about this and after having to get a new debit card since it got hit I was glad to see my bank get ready of the B.S. $1.00 test charge these punks tried to get through on my account.

Still checking the others though. Doesn't hurt to be a little paranoid right now.
 
Really, you've got to be cautious with any CC transactions you make. Just blaming CSC isn't the solution. The CC processing company they use is probably the same one many other vendors use.
 
Marvel Legends Series Venom, Marvel Comics Collectible Action Figure 6” - Exclusive
$59.99
Marvel Legends Series Venom, Marvel Comics Collectible Action Figure 6” - Exclusive Agora Capital
DC Comics The Flash Collectible Action Figure, 12 Inches Tall, 11 Articulation Points, Red Suit, Action Poses, Children's Toy
-25%
$7.49 $9.99
DC Comics The Flash Collectible Action Figure, 12 Inches Tall, 11 Articulation Points, Red Suit, Action Poses, Children's Toy Amazon.com
San Diego 2024 Previews Exclusive Marvel Comics: Wolverine DS-151 D-Stage Statue
-12%
$35.00 $39.99
San Diego 2024 Previews Exclusive Marvel Comics: Wolverine DS-151 D-Stage Statue Amazon.com
CJINMFMN 5pcs Superhero Doll Sets, 4.7-inch Collectible Action Dolls
-13%
$12.11 $13.99
CJINMFMN 5pcs Superhero Doll Sets, 4.7-inch Collectible Action Dolls JINNI
Marvel Comics: Throg DS-107SP SDCC Exclusive D-Stage Statue
-14%
$21.03 $24.54
Marvel Comics: Throg DS-107SP SDCC Exclusive D-Stage Statue AnimeTruck
Movie Themed Action Figure - 8 Inch Collectible Action Figures Toy, Hero Series Model Figurines with Accessories, Toy Figure Anime Statue for Boys Fans Birthday Gift Decoration
$40.99
Movie Themed Action Figure - 8 Inch Collectible Action Figures Toy, Hero Series Model Figurines with Accessories, Toy Figure Anime Statue for Boys Fans Birthday Gift Decoration Deejacke Party Gifts
Marvel 60th Anniversary Captain America DS-086 D-Stage Previews Exclusive Statue
$33.99
Marvel 60th Anniversary Captain America DS-086 D-Stage Previews Exclusive Statue Amazon.com
ZKTSRY Anime Action Figure,Removable and Replaceable Face,Collectible Statue Action Figures Anime Desktop Decoration Ornaments Gift
$43.99
ZKTSRY Anime Action Figure,Removable and Replaceable Face,Collectible Statue Action Figures Anime Desktop Decoration Ornaments Gift XKJUUIL
DC Comics Theatrical Multi-Pack, Limited Edition 6 Super Hero Action Figures, WB Anniversary Collectible, Superhero Kids Toys for Boys Ages 3+
$25.00
DC Comics Theatrical Multi-Pack, Limited Edition 6 Super Hero Action Figures, WB Anniversary Collectible, Superhero Kids Toys for Boys Ages 3+ Hoppy's Deals
Marvel Legends Series Deadpool, Deadpool 2 Adult Collectible 6-Inch Action Figure
-43%
$26.78 $47.10
Marvel Legends Series Deadpool, Deadpool 2 Adult Collectible 6-Inch Action Figure Amazon Global Store UK
I don't blame CSC for this happening in the first place. I do blame them for lack of ANY direct COMMUNICATION from them at this point. If not for the members here, I still would not know and if not for this thread, would they have posted?

I had two fraudulent charges go through: Betamax and AARP - the last one being the 'funniest'

Two other pending charges were happening, both looked like betamax - communication software type companies and apparaently fronts for illegal activity

I emailed CSC this morning to have my card removed and to voice my concerns - I have close to $600 of preorders with them and another $300 or more actually paid for/received. Still like them, but they BETTER DAMN WELL MAKE GOOD BY US regarding this situation.

Closed my card and having a new one issued - now the fun part - waiting for the new one and then having to call all the places I do billpay through.
 
Well in their defense they can't legally say much yet. On another forum they said that as soon as they are allowed to they will be sending out emails.
 
Dally said:
Well in their defense they can't legally say much yet. On another forum they said that as soon as they are allowed to they will be sending out emails.
Click to expand...

Laws that prevent them from warning their customers? I'm not saying spill their guts but a general 'heads up' email would have been nice...

Anyway, thanks again to all the board members that brought this up to our attention.
 
AmanaMatt said:
Laws that prevent them from warning their customers? I'm not saying spill their guts but a general 'heads up' email would have been nice...

Anyway, thanks again to all the board members that brought this up to our attention.
Click to expand...

Yeah they should have at least warned people to check their cards. If they blamed it on their proccessor yet then they could be sued.
 
I believe the name of the CC processing company is "Heartland". They were the ones that were hacked. I've been hit for a total of ~$180 and have formally filed a dispute of the charges, waiting for an affadavid (30 days), disputing the charges, will then need to get it notarized and returned to them before I can get it off my statement.

These are some links. If CSC used Heartland, this is the cause. In my scenario, this is why I'm having to go through the hassle, and it is a hassle.

https://voices.washingtonpost.com/securityfix/2009/01/payment_processor_breach_may_b.html

https://www.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htm

https://www.bankinfosecurity.com/articles.php?art_id=1195

https://consumerist.com/5154010/three-men-arrested-in-heartland-data-breach-for-using-fake-visa-gift-cards
 
I'm surprised how long it's taking some of you to get a new card. When I had to replace mine back in October, I called the bank on the phone, and they canceled the old card, reversed the transactions, and began the process of issuing a new card, all within about 30 minutes. After getting off the phone, I then went to my local branch and they issued a temporary card within minutes; it had the same number as my new permanent card was going to have, and the only thing different on it I had to update after getting the new card, was the expiration date. So I was never down for more than a couple of hours without a card...
 
Washington Post

Payment Processor Breach May Be Largest Ever
A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have compromised tens of millions of credit and debit card transactions, the company said today.

If accurate, such figures may make the Heartland incident one of the largest data breaches ever reported.

Robert Baldwin, Heartland's president and chief financial officer, said the company, which processes payments for more than 250,000 businesses, began receiving fraudulent activity reports late last year from MasterCard and Visa on cards that had all been used at merchants which rely on Heartland to process payments.

Baldwin said 40 percent of transactions the company processes are from small to mid-sized restaurants across the country. He declined to name any well-known establishments or retail clients that may have been affected by the breach.

Baldwin said it would be unfair to mention any one of his company's customers.

"No merchant of ours represents even [one-tenth of one percent] of our volume, and to put out any name associated with what is obviously an unfortunate incident is not fair," he said. "Their customers might end up having their cards used fraudulently, but that fraud might turn out to have come from their store, or it might be from another Heartland store and no one will ever really know."

Heartland called U.S. Secret Service and hired two breach forensics teams to investigate. But Baldwin said it wasn't until last week that investigators uncovered the source of the breach: A piece of malicious software planted on the company's payment processing network that recorded payment card data as it was being sent for processing to Heartland by thousands of the company's retail clients.

Baldwin said Heartland does not know how long the malicious software was in place, how it got there or how many accounts may have been compromised. The stolen data includes names, credit and debit card numbers and expiration dates.

"The transactional data crossing our platform, in terms of magnitude... is about 100 million transactions a month," Baldwin said. "At this point, though, we don't know the magnitude of what was grabbed."

The company stressed that no merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were jeopardized as a result of the breach.

The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

"The nature of the [breach] is such that card-not-present transactions are actually quite difficult for the bad guys to do because one piece of information we know they did not get was an address," Baldwin said. As a result, he said, the prospect of thieves using the stolen data to rack up massive amounts of fraud at online merchants "is not impossible, but much less likely."

In many cases where a processor experiences a breach, the affected banks may simply re-issue new cards to some customers. In other cases, consumers may spot the first signs of fraudulent activity by reviewing their bank statements. It is unclear whether consumers who receive new account numbers from their bank will ever be able to definitively tie the re-issuance to the Heartland breach.

Baldwin said it was not appropriate for Heartland to offer affected consumers credit protection or other identity theft protection services.

"Identity theft protection is appropriate when there is enough personal information lost that identity theft is possible," he said. "In this case, the amount of information we know they did not get is long enough that except in very circumscribed cases identity theft is just not possible. At the same time, we recognize and feel badly about the inconvenience this is going to cause consumers."

Avivah Litan, a fraud analyst with Gartner Inc., questioned the timing of Heartland's disclosure -- a day in which many Americans and news outlets are glued to coverage of Barack Obama's inauguration as the nation's 44th president.

"This looks like the biggest breach ever disclosed, and they're doing it on inauguration day?" Litan said. "I can't believe they waited until today to disclose. That seems very deceptive."

Officials from the U.S. Secret Service could not be immediately reached for comment.

Baldwin said Heartland worked to disclose the breach last week.

"Due to legal reviews, discussions with some of the players involved, we couldn't get it together and signed off on until today," Baldwin said. "We considered holding back another day, but felt in the interests of transparency we wanted to get this information out to cardholders as soon as possible, recognizing of course that this is not an ideal day from the perspective of visibility."

The Heartland disclosure follows a year of similar breach disclosures at several major U.S. cards processors. On December 23, RBS Worldpay, a subsidiary of Citizens Financial Group Inc., said a breach of its payment systems may have affected more than 1.5 million people.

In March 2008, Hannaford Brothers Co. disclosed that a breach of its payment systems -- also aided by malicious software -- compromised at least 4.2 million credit and debit card accounts.

In early 2007, TJX Companies Inc., the parent of retailers Marshalls and TJ Maxx said a number of breaches over a three-year period exposed more than 45 million credit and debit card numbers.

In 2005, a breach at payment card processor CardSystems Solutions jeopardized roughly 40 million credit and debit card accounts.

Update, 5:07 p.m. ET: Changed "accounts" in first paragraph to "transactions." Also added information from Heartland chief executive about the timing of the breach and the hiring of outside consultants.
Click to expand...
 
lcummins said:
I'm surprised how long it's taking some of you to get a new card. When I had to replace mine back in October, I called the bank on the phone, and they canceled the old card, reversed the transactions, and began the process of issuing a new card, all within about 30 minutes. After getting off the phone, I then went to my local branch and they issued a temporary card within minutes; it had the same number as my new permanent card was going to have, and the only thing different on it I had to update after getting the new card, was the expiration date. So I was never down for more than a couple of hours without a card...
Click to expand...

I will be cancelling this card, the new one to be reissued. It is awful. My bank outsourced their CC to another compnay, so I have no direct contact anymore, hence the waits. I'm only keeping it so I can use all the points for something, then its' cancelled.
 
Yep. My card got hit yesterday, and I just got a new one. Now I'm debating whether or not I should cancel an order with them that is currently processing.
 
well they got me too, just got a call from my card company, some how they knew it wasn't me. looks like I'll be getting a new card soon.
 
I will be getting a second cc to be used exclusively for Internet transactions...that way if this happens, impact will be minimalized...I am tired of calling my lien holder, companies with bills, etc when this happens...
 
Status
Not open for further replies.

Similar threads

M
  • Locked
Further 10% off sale prices Site Wide @ DX Collectables - Hot Toys, Sideshow & More
Replies
0
Views
2K
maniyac
M
Asta
AUGTOYS - 1/6 Dune Action Figures (Licensed)
31 32 33
Replies
642
Views
80K
Stanlore
Stanlore
Adam1138
SCAM EBAY SELLERS!! Beware of these guys ( red_star2013 and sc store9999 )
14 15 16
Replies
313
Views
46K
IANR
I
j97e1
Master Replicas Group Filed Chapter 11.
Replies
0
Views
7K
j97e1
j97e1
mfisher
MFisher custom gear.... I didn't die or disappear.. promise...
Replies
12
Views
3K
ebor
ebor

Latest posts

Back
Top