Jump to content

Photo
- - - - -

[UPDATE] Official statement from Fun Pub about Credit Card issues


321 replies to this topic

#1 Cheetimus Primal

Cheetimus Primal

    Commissions! cheetimus@cheetimus.com

  • Forum Moderator
  • 44540 posts
  • Gender:Male
  • Location:Baltimore
  • Faction::RIBFIR

Posted 24 February 2012 - 05:44 PM

QUOTE
This is going out to all members:



Fun Publications wants to take this opportunity to apologize to all of our members.



After many days of analysis, Fun Publications has determined that there is a security issue with our e-commerce systems. We appreciate all of you who have sent in your details. Your help has allowed us to ferret out several different patterns of fraudulent charges that have appeared on some members' cards (any that have been used over the last year with both the club store and our event registration system).



We have several different internet/networking companies looking into the matter. Unfortunately, as of yet, we have not been able to identify any forcible entry either into our internet service provider's servers or network. This is like chasing a ghost through the wires, as unfortunately, the perpetrator did not leave a trail, foot prints or finger prints.



For those of you who have been affected, we apologize for all of your time this has wasted and any inconvenience it has caused you. We understand your frustration as this same type of fraud has happened to everyone in our office on our personal credit cards at some point in the past. Our merchant services provider wants us to remind everyone that even though this can be a huge annoyance for you, the customer, your issuing bank will not hold you responsible for any fraudulent charges that might be placed on your card(s).



We know that this issue has been a huge topic of discussion on all of the boards for the past few weeks. However, we are required to investigate to determine and confirm a security issue thoroughly before making any public statements. This is why we put out a general alert statement two weeks ago.



Until the analysis is finished (can take several weeks) we don't know if the shut down by our former (Jan 31st) e-commerce provider caused the security issue or not. We do know that it has not been limited to those who have purchased before the change to our new provider.



Please, watch your cards closely as this type of security issue appears to be on the increase across the net. No site is 100% safe. You may want to consider having any cards you have used with Fun Publications in the last year replaced.



At this time, we do not know how long our e-commerce site will be offline for both the store and registrations. We will get back to you once we have a solution for this security issue.



Thanks for your support - Brian

14541958317_8e698fb72b_o.jpg

#2 CORVUS

CORVUS

    Its showtime, folks!

  • Supporter
  • 28431 posts
  • Gender:Male
  • Location:Philadelphia, PA
  • Faction::Autobot

Posted 24 February 2012 - 05:48 PM

And there you have it. Thank you Cheets!

Edited by ^0^CORVUS^o^, 24 February 2012 - 05:48 PM.

Transformers is a brand that really has something for everyone. We are a darn lucky fandom.


#3 Detective Fork

Detective Fork

    Generic Purple Wavey Avatar

  • Citizen
  • 2832 posts
  • Gender:Male
  • Location:Parsippany, NJ
  • Faction::Autobot

Posted 24 February 2012 - 06:24 PM

I think it's time to call my credit card company and have them issue me a new card.

#4 Detective Fork

Detective Fork

    Generic Purple Wavey Avatar

  • Citizen
  • 2832 posts
  • Gender:Male
  • Location:Parsippany, NJ
  • Faction::Autobot

Posted 24 February 2012 - 06:30 PM

Would it be feasible at all for FunPub to switch over to using Paypal? That way, they won't touch your credit card info.

#5 Mouse_Pad

Mouse_Pad

    It's a nice day for a...

  • Citizen
  • 6794 posts
  • Gender:Male
  • Location:Memphis, TN

Posted 24 February 2012 - 06:47 PM

Admitting you have a problem is the first step to recovery.
I have signatures disabled because they suck.

#6 Geoff

Geoff

    he created the vibe...

  • Supporter
  • 1608 posts
  • Gender:Male
  • Location:Northern Ireland
  • Faction::Autobot

Posted 24 February 2012 - 07:55 PM

QUOTE(Detective Fork @ Feb 24 2012, 11:24 PM) <{POST_SNAPBACK}>
I think it's time to call my credit card company and have them issue me a new card.


I had my current account emptied and my credit card maxed because of this, cancel your cards immediately!


Follow me on twitter

#7 Shattered

Shattered

    Please Stand By...

  • Citizen
  • 4509 posts
  • Gender:Male
  • Faction::Free Agent

Posted 24 February 2012 - 08:18 PM

QUOTE
After many days of analysis, Fun Publications has determined that there is a security issue with our e-commerce systems.


After many weeks of reading these threads, no jive.

QUOTE
However, we are required to investigate to determine and confirm a security issue thoroughly before making any public statements.


Required by whom?

QUOTE
This is why we put out a general alert statement two weeks ago.


The statement that read as indicating that there was nothing wrong and no connection to the Club?

QUOTE
Please, watch your cards closely as this type of security issue appears to be on the increase across the net. No site is 100% safe. You may want to consider having any cards you have used with Fun Publications in the last year replaced.


Smoke and mirrors. Because it happens to other merchants it doesn't matter that it happened to you on a major scale? That's an insane tract to take in a public statement like this.

QUOTE
At this time, we do not know how long our e-commerce site will be offline for both the store and registrations. We will get back to you once we have a solution for this security issue.


Have you reported this to the proper authorities? Are you PCI compliant? If not, when do you pay your $500,000 fine?

QUOTE
Thanks for your support - Brian


Someone at the Club needs to prevent you from making public statements in the future.

Edited by Shattered, 24 February 2012 - 08:23 PM.


#8 Lisbon Virgo

Lisbon Virgo

    Temperamental Kuvrawk. You've been warned.

  • Supporter
  • 2755 posts
  • Gender:Male
  • Location:Star Rock Falls
  • Faction::Cannonball's Pirate Crew

Posted 24 February 2012 - 08:44 PM

What I want to know is, what is the club going to do for those members affected by this? Restitution is more than just two PR statements.
3DS Friend Code: 5155 - 3611 - 9787
I was Ursa'ed on 10/22/13!

#9 awa64

awa64
  • Citizen
  • 12477 posts
  • Gender:Not Telling

Posted 24 February 2012 - 09:18 PM

QUOTE
QUOTE
However, we are required to investigate to determine and confirm a security issue thoroughly before making any public statements.


Required by whom?


Law enforcement can request delay of notification if they think it'll impede their investigation into the issue, and the business that suffered the security breach can delay notification until they've identified the scope of the breach and taken measures to re-secure their system (so they don't just, y'know, wave a giant red flag and yell "WE ARE VULNERABLE, PLEASE HACK US AGAIN").

Other than that, they're legally required (at least in the state of Texas, where they're located, and similar laws in effect in 37 out of 50 states in the US) to notify the victims as soon as possible.

QUOTE
QUOTE
At this time, we do not know how long our e-commerce site will be offline for both the store and registrations. We will get back to you once we have a solution for this security issue.


Have you reported this to the proper authorities? Are you PCI compliant? If not, when do you pay your $500,000 fine?


For PCI purposes, FunPub isn't a level 1 organization (they're most likely level 4), and even level 1 organizations aren't subject to fines that large simply for a breach of compliance.

Visa, Mastercard, etc. will be the ones dealing with whether they're PCI compliant or not. And it's going to cost them a lot. But probably closer to $50,000 than $500,000.

#10 awa64

awa64
  • Citizen
  • 12477 posts
  • Gender:Not Telling

Posted 24 February 2012 - 09:21 PM

QUOTE(Lurkercon @ Feb 24 2012, 08:44 PM) <{POST_SNAPBACK}>
What I want to know is, what is the club going to do for those members affected by this? Restitution is more than just two PR statements.


The fines that'll be levied against them by the credit card companies should, theoretically, go toward the cost of issuing replacement cards and having the credit card companies reimburse you for fraudulent transactions. There's still a long way to go for FunPub to recover from this from a public relations standpoint, but from a legal standpoint the system has it pretty well covered.

#11 Nanite

Nanite

    Imminently Ignorable

  • Supporter
  • 4727 posts
  • Gender:Male
  • Location:The Screaming Moist (Vancouver, WA)

Posted 24 February 2012 - 09:26 PM

This email needs to be going out to all former members too, not just current ones (I haven't gotten club e-mail since I let my membership expire this year)
On them twitters

#12 awa64

awa64
  • Citizen
  • 12477 posts
  • Gender:Not Telling

Posted 24 February 2012 - 09:29 PM

QUOTE(Detective Fork @ Feb 24 2012, 06:30 PM) <{POST_SNAPBACK}>
Would it be feasible at all for FunPub to switch over to using Paypal? That way, they won't touch your credit card info.


It would be more expensive (transaction fees would probably be about 50% higher than they are currently), and there are a lot of issues with Paypal locking down sellers' accounts for 3+ months based on a single unsubstantiated claim.

#13 CORVUS

CORVUS

    Its showtime, folks!

  • Supporter
  • 28431 posts
  • Gender:Male
  • Location:Philadelphia, PA
  • Faction::Autobot

Posted 24 February 2012 - 10:05 PM

Bingo. Paypal is a non-solution.

Transformers is a brand that really has something for everyone. We are a darn lucky fandom.


#14 Cat

Cat

    Knows No Title

  • News and Content
  • 8043 posts
  • Gender:Not Telling
  • Location:Australia
  • Faction::Autobot

Posted 25 February 2012 - 04:58 AM

QUOTE(Shattered @ Feb 24 2012, 08:18 PM) <{POST_SNAPBACK}>
QUOTE
After many days of analysis, Fun Publications has determined that there is a security issue with our e-commerce systems.


After many weeks of reading these threads, no jive.

QUOTE
However, we are required to investigate to determine and confirm a security issue thoroughly before making any public statements.


Required by whom?

QUOTE
This is why we put out a general alert statement two weeks ago.


The statement that read as indicating that there was nothing wrong and no connection to the Club?

QUOTE
Please, watch your cards closely as this type of security issue appears to be on the increase across the net. No site is 100% safe. You may want to consider having any cards you have used with Fun Publications in the last year replaced.


Smoke and mirrors. Because it happens to other merchants it doesn't matter that it happened to you on a major scale? That's an insane tract to take in a public statement like this.

QUOTE
At this time, we do not know how long our e-commerce site will be offline for both the store and registrations. We will get back to you once we have a solution for this security issue.


Have you reported this to the proper authorities? Are you PCI compliant? If not, when do you pay your $500,000 fine?

QUOTE
Thanks for your support - Brian


Someone at the Club needs to prevent you from making public statements in the future.


I'm sorry, but I have to strongly disagree with you.

Just because it's been talked about in threads for awhile is of little relevance to the actual investigations that need/needed to be done.

It's just not that simple.

We also don't really know the scale. That's an absolute bitch to determine, and while there have been people posting about it, how big is that in percentage terms? These things tend to look larger than they actually are (Not always, of course, and I don't know either way here. But it's incredibly difficult to accurately estimate the scale)

Edited by Cat, 25 February 2012 - 05:01 AM.


#15 TF Silverbolt

TF Silverbolt
  • MORON
  • 2711 posts
  • Gender:Male
  • Location:Greenville, NC
  • Faction::Cannonball's Pirate Crew

Posted 25 February 2012 - 07:44 AM

Yet another example of just how technically incompetent Fun Pub really is. I mean you can tell it just by looking at their sites, but then you have things like this. Things that cost fans not just money but their financial security. At some point it would just be easier to have the license pulled and given to someone who knows how to run the web/financial side of things. Mom and Pop operations just don't cut it anymore, not when a franchise has become as high profile as TF. I'd rather Hasbro run the convention and contract out a few long time fans who know the franchise and fan base at this point. That's more or less what Brian did anyway, as he admittedly does not or did not know TF's at the time the license was awarded to FP. The creative product would still stay at the same level, if not improve, and all these ridiculous problems as a result of technical ignorance would be resolved. As it stands now, FP is at least 5 if not closer to 10 years behind in terms of web services. This is simply not acceptable anymore.

#16 Chip

Chip

    The light which smashes lies!

  • Citizen
  • 5552 posts

Posted 25 February 2012 - 08:04 AM

QUOTE(Nanite @ Feb 24 2012, 09:26 PM) <{POST_SNAPBACK}>
This email needs to be going out to all former members too, not just current ones (I haven't gotten club e-mail since I let my membership expire this year)


Yes. If this is how the club treats former members, it needs to be under new management. It's probably also a violation of state law.

#17 Jeysie

Jeysie

    Geekbot & Nerdicon Fangirl

  • Citizen
  • 3863 posts
  • Gender:Female
  • Location:Western Massachusetts
  • Faction::RIBFIR

Posted 25 February 2012 - 08:31 AM

QUOTE(TF Silverbolt @ Feb 25 2012, 07:44 AM) <{POST_SNAPBACK}>
Yet another example of just how technically incompetent Fun Pub really is. I mean you can tell it just by looking at their sites, but then you have things like this. Things that cost fans not just money but their financial security. At some point it would just be easier to have the license pulled and given to someone who knows how to run the web/financial side of things.

Agreed, much as I hate to say it.

I mean, I am very happy with the creative side of FunPub, and will always continue to fully support the fiction and art side of things.

But the web and technical sides are just ridiculous. They could improve their web presence a hundredfold just by moving to a new PHP-enabled server and setting up 100% free software, never mind if they invested some money in business software or a pro webmaster... which considering how many members they have times the costs of everything, they ought to be able to afford.

And these sorts of security-related issues could be solved by... you know... using freakin' PayPal. The increased fees would amount to maybe a few bucks extra in prices, tops, and it would avoid the major loss of business caused by things like this.

I mean, while I haven't been hit yet, now I'm going to have to change my debit card just in case... and since I don't have any checks or other cards to use, paying for things is going to be irritating until the reissue is all finished.

Edited by Jeysie, 25 February 2012 - 08:33 AM.


#18 Kevin S

Kevin S

    Unswerving in my duties

  • Supporter
  • 3693 posts
  • Gender:Male
  • Location:I live in a Lake
  • Faction::Cannonball's Pirate Crew

Posted 25 February 2012 - 08:35 AM

QUOTE(^0^CORVUS^o^ @ Feb 24 2012, 10:05 PM) <{POST_SNAPBACK}>
Bingo. Paypal is a non-solution.


What about Amazon? We're using it for the fundraising, but does Amazon offer Paypal like services that are reasonable?
My FlickR folder...

And yes, I was too lazy to come up with a decent TF related forum name, and just *GASP* used my own.

#19 Suspsy

Suspsy

    This Title Section Needs To Be Longer

  • Citizen
  • 3814 posts

Posted 25 February 2012 - 08:45 AM

So glad I'm not going to Botcon.
If You Even Dream Of Beating Me, You'd Better Wake Up And Apologise.

#20 Robowang

Robowang
  • Citizen
  • 614 posts
  • Gender:Male
  • Location:McDonaldland

Posted 25 February 2012 - 09:30 AM

QUOTE(Suspsy @ Feb 25 2012, 08:45 AM) <{POST_SNAPBACK}>
So glad I'm not going to Botcon.


You'd probably antagonize Savage and then embarrassingly drag him around the hotel lobby by his feet. Y'know, like that one time icon-hotrod.gif
Attention rich people: Complete/loose G1 collection for sale $20,000. Includes all figures and accessories from U.S. G1

My Wants List
Robowang's eBay Store - lots of TFs
My feedback




Reply to this topic



  


1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


    Google (1)