Attention GIJCC members

[Charade]

Just a heads up to everyone who's recently dealt with GIJCC:

There's some rampaging credit card fraud/fraudulent charges among current members, and much of it seems to be linked to the Club's database. Apparently, the Club has been hacked:

From HT:
http://www.hisstank.com/forum/g-i-joe-news-rumors/202849-possible-credit-card-fraud.html

I haven't placed an order from them since December, and so far all charges on my "discretionary" debit card are accounted for, but according to this thread, there's doesn't seem to be a pattern to the timing of the false charges: some appear days after using the Club's checkout, and some appearing months later.

Those of you who have dealt with the Club in the last several months (including renewing your membership), it's worth it to double check your bank statements, and keep a close eye on them in the future.

 

[Charade]

And kudos to the GIJCC for their timely alerting their paying members about this security breach. I'm glad I didn't have to randomly stumble across this information in a forum I rarely visit anymore... [/SARCASM]

 

[unclassified]

i wanted to redo my sub for the figure, i don't know what to do now.

 

[K-Tiger]

Glad to know the paranoia I treat all online e-transactions with isn't unfounded.


Ah, hackers...

 

[Monkeywrench]

damn hackers

 

[NSA]

According to some, there have been fraudulent charges for people who last bought with the club during Slaughtergate 2010! So if you've used your CC with them and it's still active I'd be careful. LOTS of people getting hit.

I've never cared to shop with them thankfully, but the shitty way they've handled this deserves that Hasbro take away the Joe licence from them.

 

[Mandingo Rex]

I monitor my card billing quite frequently because I've had my accounts compromised before. In fact, I only have one active debit and one active CC.

They have mine on file, I believe, from last Spring. I was going to renew for the 2012 figure, but hadn't yet. Guess I'll keep an eye on it till it gets closer to cutoff. I sure as shit don't wanna miss out on the Footloose or sub, though. (Yes, I'm a Joe Sheep.)

 

[NSA]

You can do a money order or check now I believe.

People have been canceling the cards that were on file to preempt the fraud basically.

I've seen it before, someone got all the info and sold them off in chunks. People have cards they rewrite with your CC data, but their name and # on the actual card. They buy a bunch of shit, swipe the card, bam you're out the cash.

Sure, the bank will refund you the money, but meanwhile you can't use that card for a week and have to wait for the investigation (think 30 days) to finish before you get your money accessible again.

Huge pain in the ass.

 

[Mandingo Rex]

I can't even find on their site where the card is stored. I may have selected to not store the info on file, or I maybe paid with Paypal? That's what the fuck they should use, is just Paypal or check/money orders. I hate giving out my CC info to all the damn online stores. Granted, I'm covered with fraud protection, but like you said, it's the pain in the ass to deal with...

 

[Mandingo Rex]

The Club finally sent an e-mail:

This is going out to all members:

Fun Publications wants to take this opportunity to apologize to all of our members.

After many days of analysis, Fun Publications has determined that there is a security issue with our e-commerce systems. We appreciate all of you who have sent in your details. Your help has allowed us to ferret out several different patterns of fraudulent charges that have appeared on some members' cards (any that have been used over the last year with both the club store and our event registration system).

We have several different internet/networking companies looking into the matter. Unfortunately, as of yet, we have not been able to identify any forcible entry either into our internet service provider's servers or network. This is like chasing a ghost through the wires, as unfortunately, the perpetrator did not leave a trail, foot prints or finger prints.

For those of you who have been affected, we apologize for all of your time this has wasted and any inconvenience it has caused you. We understand your frustration as this same type of fraud has happened to everyone in our office on our personal credit cards at some point in the past. Our merchant services provider wants us to remind everyone that even though this can be a huge annoyance for you, the customer, your issuing bank will not hold you responsible for any fraudulent charges that might be placed on your card(s).

We know that this issue has been a huge topic of discussion on all of the boards for the past few weeks. However, we are required to investigate to determine and confirm a security issue thoroughly before making any public statements. This is why we put out a general alert statement two weeks ago.

Until the analysis is finished (can take several weeks) we don't know if the shut down by our former (Jan 31st) e-commerce provider caused the security issue or not. We do know that it has not been limited to those who have purchased before the change to our new provider.

Please, watch your cards closely as this type of security issue appears to be on the increase across the net. No site is 100% safe. You may want to consider having any cards you have used with Fun Publications in the last year replaced.

At this time, we do not know how long our e-commerce site will be offline for both the store and registrations. We will get back to you once we have a solution for this security issue.

Thanks for your support - Brian

 

[Charade]

Yeah, I just got my notice too. I can tell you that these two statements are false:

However, we are required to investigate to determine and confirm a security issue thoroughly before making any public statements. This is why we put out a general alert statement two weeks ago.

As for the first statement: if you suspect something dangerous is going on, you warn the people involved ASAP, not after "thoroughly" investigating the issue. If you strongly suspect a building is on fire, you don't try to figure out what might have started it before warning people they might want to get out. I love their use of "required," passing the responsibility to some nameless, imaginary power that prevented them from directly and timely warning their customers.

As for the second: I don't know about anyone else, but this is the first communication I've received from Fun Publications about this. From what I can tell from the HT thread, they've made some comments on Facebook in response to customer complaints, but that is NOT a "general alert statement".

I fully understand that any credit accounts can be compromised. About 8 years, I was a Bank of America customer, and they had somehow lost thousands of their credit and debit card information. (It was huge national news at the time.) In that case, though, I received warning from BoA almost immediately with a sincere-sounding apology.

I'm not pissed that the Club's account got hacked as I am that they sat on this information for several weeks now (including keeping their store open until just recently) without warning anyone.

 

[Mandingo Rex]

I've got a duplicate debit card/checking account due to my bank being bought out and switching over to the new one, and due to my direct deposit, I've kept 2 open for the last few months as I phase out the old one with bill pay, etc.

I may just use this as the chance to finally close that old account. But not until they get their shit together first and reopen the store. Ideally, they'd go to Paypal, though, and folks won't have to hassle with CCs in the first place.

 

[Cloud Strife]

Heck, I can't even log into my account to check and see if I paid with my Credit Card, or PayPal.

 

[Monkeywrench]

I also got the email today

 

[Mandingo Rex]

Heck, I can't even log into my account to check and see if I paid with my Credit Card, or PayPal.

It was with a CC, if you didn't do a money order or check. Apparently they don't use PayPal. I tried to do the same thing. Check your receipt from last year, but mine said "payment info withheld". Ironic, no?

I must've paid with my CC, but there's nowhere on the site to even update it. Maybe it's because the site's down, but I found that weird.

 

[MAJOR BLOOD]

So I guess someone shot the carrier pigeon the club uses to pass information? Maybe one day they will figure that "internet" out. I hear it's going to take off.

 

[unclassified]

how the hell am i gonna get my foot loose now? and i used a card last year to buy the rip off sub to get my dial tone.

 

[Charade]

how the hell am i gonna get my foot loose now? and i used a card last year to buy the rip off sub to get my dial tone.

Reportedly, money orders are being accepted. But I would get on that now, as the FL deadline is coming up, and I can see the Club being overwhelmed, and blaming any delay on processing membership renewal on the customer.

What I find very odd about people's cards being ripped from last years events and memberships is the fact that apparently they've kept that information digitally for no apparent reason. I bought a lot of stuff from the Club over the past several months when they were doing their End of the Year Clearance sales...and each time, even though I had to log in to prove I'm a Officer-level member, I had to re-enter my credit card info from scratch. I assumed it was because they didn't save my payment information. Now we know they had. So I'm wondering if they weren't saving credit card information to make checkouts more convenient, why the hell were they saving it???

 

[Mandingo Rex]

You can't pay right now. Their checkout system is down for both registration and their store.

I'm assuming they better extend the March 15-16 deadline for the 2012 figure.

Because my membership expires on March 4, and I've been holding off on re-registering since all this bullshit happened. I honestly figured it would be settled by now. Heh.

 

[MAJOR BLOOD]

They had to keep the credit card info so the person that leaked the figure list could get them easier. You gotta' wonder what kind of jabrones they got running that thing. Probably no different than giving a chimp a loaded hand gun.

 

[Goldbug]

Some Transformer club members have created a form letter to Hasbro.
http://www.seibertron.com/energonpu...ro-concerning-funpub-credit-breach-t84652.php
https://docs.google.com/document/d/1KZudqarbNJUo1xT0-ls8WtL4143pddP_ipjuMt0kUq8/edit?pli=1
I asked for them to add the G.I. Joe Club to it.


I think those who have been hit should also file a complaint with BBB.org.
http://www.bbb.org/fort-worth/busin...s/fun-publications-in-fort-worth-tn-15207875/

Some banks you can create a virtual credit card for one time payments. I am definitely trying that for the FSS. That is if Hasbro hasn't shut them down by then.

 

[NSA]

Rabble!!

I think they've lost a lot of cred with everyone on the forums (the main people who would buy their figs I'm guessing). We'll see how it affects JoeCon, but if people are scared away it could spell the end for Funwhatever.

 

[unclassified]

Reportedly, money orders are being accepted. But I would get on that now, as the FL deadline is coming up, and I can see the Club being overwhelmed, and blaming any delay on processing membership renewal on the customer.

What I find very odd about people's cards being ripped from last years events and memberships is the fact that apparently they've kept that information digitally for no apparent reason. I bought a lot of stuff from the Club over the past several months when they were doing their End of the Year Clearance sales...and each time, even though I had to log in to prove I'm a Officer-level member, I had to re-enter my credit card info from scratch. I assumed it was because they didn't save my payment information. Now we know they had. So I'm wondering if they weren't saving credit card information to make checkouts more convenient, why the hell were they saving it???

i guess i will email em when i get a chance.

 

[Charade]

i guess i will email em when i get a chance.

People on HT are claiming they sending in MO to renew their memberships, but yeah, emailing them ahead of time is probably the way to go. I don't anticipate their online store being reinstated anytime soon. And as MW will attest, the Club is a stickler for that "register by" deadline to get the figure.

 

[unclassified]

People on HT are claiming they sending in MO to renew their memberships, but yeah, emailing them ahead of time is probably the way to go. I don't anticipate their online store being reinstated anytime soon. And as MW will attest, the Club is a stickler for that "register by" deadline to get the figure.

i just emailed em about how to go about doing it, and what the final cost will be. honsetly, i rather hasbro just make footloose and save me the money. the magizine is so worthless, and i don't buy nothing from them since the 25th ended. last time i bought a case was the last 25th case ever made. so buying from them has been worthless to me for the past few years.

i rejoined last year for the dial tone, even though i think it was a poor choice of parts and seen customs that blew out the sky, i still got it because it was the closest i will ever have of him.

 

[xhairs]

Yeah, I just got my notice too. I can tell you that these two statements are false:



As for the first statement: if you suspect something dangerous is going on, you warn the people involved ASAP, not after "thoroughly" investigating the issue. If you strongly suspect a building is on fire, you don't try to figure out what might have started it before warning people they might want to get out. I love their use of "required," passing the responsibility to some nameless, imaginary power that prevented them from directly and timely warning their customers.

As for the second: I don't know about anyone else, but this is the first communication I've received from Fun Publications about this. From what I can tell from the HT thread, they've made some comments on Facebook in response to customer complaints, but that is NOT a "general alert statement".

I fully understand that any credit accounts can be compromised. About 8 years, I was a Bank of America customer, and they had somehow lost thousands of their credit and debit card information. (It was huge national news at the time.) In that case, though, I received warning from BoA almost immediately with a sincere-sounding apology.

I'm not pissed that the Club's account got hacked as I am that they sat on this information for several weeks now (including keeping their store open until just recently) without warning anyone.

THIS IS WHY I WONT DEAL WITH THEM they keep customers in the dark and then after they get bashed enough on the boards or FB they do something. they got hacked and knew about it but yet didnt tell anyone about it. to give everyone a heads up to keep a eye on our accounts. the club has gone down hill for yrs now but this is something they should of took care of asap!!!!!!!!! as now ppl have lost money cant pay bills and have to wait to get the money back yet the bills are still piling up for ppl. this is not right nor a way to do business. i had my card number stolen once and the company called me to let me know as soon as they saw there system was hacked. the club should of shut down the store as soon as they saw they where hacked. but no they where more worried about making money then the safety of there customers.

 

[Mandingo Rex]

They better move the date, or they're gonna lose a lot more business than their dumbasses already have.

As silly as some people are about not using things like Paypal these days (yeah, I said it) I am as adamant about not doing money orders. The last time I had to do it was for a deposit on an apartment when I moved to SF, and that was for $3000. There's no fucking way I'm going through all the hassle of a damned money order for $42. They can suck a bag of dicks if they don't budge.

 

[xhairs]

They better move the date, or they're gonna lose a lot more business than their dumbasses already have.

As silly as some people are about not using things like Paypal these days (yeah, I said it) I am as adamant about not doing money orders. The last time I had to do it was for a deposit on an apartment when I moved to SF, and that was for $3000. There's no fucking way I'm going through all the hassle of a damned money order for $42. They can suck a bag of dicks if they don't budge.

i hate money orders i would rather use paypal its faster and safer as the mo could get lost in the mail or they say they never got it.

 

[Mandingo Rex]

i hate money orders i would rather use paypal its faster and safer as the mo could get lost in the mail or they say they never got it.

Exactly. Plus, it's such a pain in the ass to get one. They forget, collectors are lazy, too.

But seriously, Paypal would be the smartest, but they need to push the deadline by at least a month, regardless.

 

[Monkeywrench]

Exactly. Plus, it's such a pain in the ass to get one. They forget, collectors are lazy, too.

But seriously, Paypal would be the smartest, but they need to push the deadline by at least a month, regardless.

agreed on all points

 

[nacho]

I've had two different credit cards compromised in the last month, and ironically enough, neither of them was the card I used to renew my GIJCC/TFCC subscriptions or order Runabout from TFCC. They were actually the two cards I use the least. According to my different issuing banks, CC fraud/theft seems to be on the rise everywhere. So in some sense, I don't think FunPub is much different than anyone else. I suspect that if you dug deep, half the companies you deal with have similar security flaws/holes; you simply don't know about them.

 

[K-Tiger]

Exactly. Plus, it's such a pain in the ass to get one. They forget, collectors are lazy, too.

But seriously, Paypal would be the smartest, but they need to push the deadline by at least a month, regardless.

I forget you live is Assfuckufornia. I've got at least 3 easy MO options.


Lazy fuckers.

 

[MAJOR BLOOD]

You don't have to tell me about lazy. Fucking Spicholi's.

 

[Goldbug]

Wonderful there is a small band on HT defending the club.

 

[K-Tiger]

Hacks happen. That I can see defending. I don't find much defensible about them not telling their customers immediately.

 

[nacho]

I'm not exactly clear when they actually determined they had a problem. I agree they should be very timely when they do discover something like that, but I understood they only learned of the issue when a lot of people had problems, realized they all had the club in common, and complained to FunPub who then investigated. Is that not correct?

 

[Goldbug]

I'm not exactly clear when they actually determined they had a problem. I agree they should be very timely when they do discover something like that, but I understood they only learned of the issue when a lot of people had problems, realized they all had the club in common, and complained to FunPub who then investigated. Is that not correct?

Nope they claimed it wasn't their fault at all.
Someone at TFW2005 even screen capped their response.

They obviously lied because the delay of the FSS was because of this fraud according to their response on Facebook.

 

[nacho]

When was the conversation/screencap? I guess I'm still not clear on the timeline of events or who said what when.

 

[xhairs]

Nope they claimed it wasn't their fault at all.
Someone at TFW2005 even screen capped their response.

They obviously lied because the delay of the FSS was because of this fraud according to their response on Facebook.

see that shows they dont care about there customers and will do whatever to pass the buck. i would report there asses with the links goldbug gave. This is why i wont deal with them agin.

 

[MAJOR BLOOD]

Someone else posted a picture that had the forums on the TF site and when you clicked on a link saying what type of software it was it took you to a Bulgarian site to sell houses. Didn't know that they were sponsored.