[UPDATE] Official statement from Fun Pub about Credit Card issues, Official Statement from Hasbro added 03-05-2012 Options

[Cheetimus Primal]

This is going out to all members:



Fun Publications wants to take this opportunity to apologize to all of our members.



After many days of analysis, Fun Publications has determined that there is a security issue with our e-commerce systems. We appreciate all of you who have sent in your details. Your help has allowed us to ferret out several different patterns of fraudulent charges that have appeared on some members' cards (any that have been used over the last year with both the club store and our event registration system).



We have several different internet/networking companies looking into the matter. Unfortunately, as of yet, we have not been able to identify any forcible entry either into our internet service provider's servers or network. This is like chasing a ghost through the wires, as unfortunately, the perpetrator did not leave a trail, foot prints or finger prints.



For those of you who have been affected, we apologize for all of your time this has wasted and any inconvenience it has caused you. We understand your frustration as this same type of fraud has happened to everyone in our office on our personal credit cards at some point in the past. Our merchant services provider wants us to remind everyone that even though this can be a huge annoyance for you, the customer, your issuing bank will not hold you responsible for any fraudulent charges that might be placed on your card(s).



We know that this issue has been a huge topic of discussion on all of the boards for the past few weeks. However, we are required to investigate to determine and confirm a security issue thoroughly before making any public statements. This is why we put out a general alert statement two weeks ago.



Until the analysis is finished (can take several weeks) we don't know if the shut down by our former (Jan 31st) e-commerce provider caused the security issue or not. We do know that it has not been limited to those who have purchased before the change to our new provider.



Please, watch your cards closely as this type of security issue appears to be on the increase across the net. No site is 100% safe. You may want to consider having any cards you have used with Fun Publications in the last year replaced.



At this time, we do not know how long our e-commerce site will be offline for both the store and registrations. We will get back to you once we have a solution for this security issue.



Thanks for your support - Brian

[Shattered]

After many days of analysis, Fun Publications has determined that there is a security issue with our e-commerce systems.

After many weeks of reading these threads, no jive.

However, we are required to investigate to determine and confirm a security issue thoroughly before making any public statements.

Required by whom?

This is why we put out a general alert statement two weeks ago.

The statement that read as indicating that there was nothing wrong and no connection to the Club?

Please, watch your cards closely as this type of security issue appears to be on the increase across the net. No site is 100% safe. You may want to consider having any cards you have used with Fun Publications in the last year replaced.

Smoke and mirrors. Because it happens to other merchants it doesn't matter that it happened to you on a major scale? That's an insane tract to take in a public statement like this.

At this time, we do not know how long our e-commerce site will be offline for both the store and registrations. We will get back to you once we have a solution for this security issue.

Have you reported this to the proper authorities? Are you PCI compliant? If not, when do you pay your $500,000 fine?

Thanks for your support - Brian

Someone at the Club needs to prevent you from making public statements in the future.

This post has been edited by Shattered: Feb 24 2012, 08:23 PM

[awa64]

However, we are required to investigate to determine and confirm a security issue thoroughly before making any public statements.

Required by whom?

Law enforcement can request delay of notification if they think it'll impede their investigation into the issue, and the business that suffered the security breach can delay notification until they've identified the scope of the breach and taken measures to re-secure their system (so they don't just, y'know, wave a giant red flag and yell "WE ARE VULNERABLE, PLEASE HACK US AGAIN").

Other than that, they're legally required (at least in the state of Texas, where they're located, and similar laws in effect in 37 out of 50 states in the US) to notify the victims as soon as possible.

At this time, we do not know how long our e-commerce site will be offline for both the store and registrations. We will get back to you once we have a solution for this security issue.

Have you reported this to the proper authorities? Are you PCI compliant? If not, when do you pay your $500,000 fine?

For PCI purposes, FunPub isn't a level 1 organization (they're most likely level 4), and even level 1 organizations aren't subject to fines that large simply for a breach of compliance.

Visa, Mastercard, etc. will be the ones dealing with whether they're PCI compliant or not. And it's going to cost them a lot. But probably closer to $50,000 than $500,000.