Company Discussions Discuss your company experiences here.

Warning FMA website - credit card numbers stolen?

Old 11-19-2008, 06:57 PM
  #76  
aristo63
Member
 
Join Date: Jan 2007
Posts: 42
Default

Myself and turbojoe are going through the same thing after purchases from fma.they are also the only one we have given our full cc info to.When I called them they denied that they had any problems at all.Our thread is on runryder in the off topics keylogger thread.
aristo63 is offline  
Old 11-19-2008, 06:58 PM
  #77  
Jamie Marks
New Member
 
Join Date: Nov 2008
Posts: 12
Default Jamie Marks

During the last week of October, FMA received two inquiries within a matter of days about possible compromised credit cards. In both cases the customer informed us that they had used their card at multiple online sites and could not confirm which site(s) could have been compromised. We promptly notified the company who hosts our website about the possible compromise of our database. After extensive research on their end, our website host notified FMA that no breach could be detected. Nevertheless, as of November 1, 2008 the additional precautionary measures were implemented by FMA’s host:

1) Hardened all login passwords that could have presented an opportunity for such theft.
2) Added stronger encryption algorithms to any credit card transactions received on our partner's web hosting company’s servers.
3) Added additional security measures to further ensure credit card information is secure at our web hosting service.

Unfortunately, we were not aware of the thread on Wattflyer until the same thread was posted on RC Groups yesterday. Had we been aware of the Wattflyer post, FMA would have responded immediately. Although our web provider still contends that no breach has been detected, FMA recognizes from the number of incidents reported on the forums, that a breach of the system may have occurred. As such, we are notifying the readers of RCG and Wattflyer to notify their credit card companies. Additionally, FMA Direct will take steps to notify customers who have transacted business through our online services. We assure you that we will remain vigilant moving forward with regard to any such attempts to compromise the trust between FMA Direct and our loyal customers. I would like to reiterate what others in this thread have stated: online credit card business remains to be a safe and efficient means of transacting business worldwide.


Jamie Marks
FMA Direct
V.P., General Manager
Jamie Marks is offline  
Old 11-19-2008, 07:04 PM
  #78  
Larry3215
Look out for that tree!!!
Thread Starter
 
Larry3215's Avatar
 
Join Date: Mar 2006
Location: Gig Harbor, Wa USA
Posts: 7,061
Default

Originally Posted by rcers View Post
I'll copy the post over here so its easier to get to.

Seems like a reasonable response to me.


(Jamie beet me to it.)
Larry3215 is offline  
Old 11-19-2008, 07:04 PM
  #79  
Fly Time
Ask me how I know
 
Fly Time's Avatar
 
Join Date: Aug 2007
Location: Renton, WA
Posts: 2,142
Default

Thanks for the comments Jamie. And welcome to WattFlyer. Your products are well spoken of on these forums. It's too bad this has happened, but thanks to us all talking and sharing information, I believe the thefts won't be as bad as they could have been. A lot of us don't bother to look closely at our credit card bill until it's actually time to pay it.
Fly Time is offline  
Old 11-19-2008, 07:05 PM
  #80  
Gohmer
Banned
 
Join Date: Sep 2005
Location: Minnesota
Posts: 631
Smile Blah Blah

Same thing posted on RCG except for one sentence that might be taken for an apology.

Originally Posted by Jamie Marks View Post
During the last week of October, FMA received two inquiries within a matter of days about possible compromised credit cards. In both cases the customer informed us that they had used their card at multiple online sites and could not confirm which site(s) could have been compromised. We promptly notified the company who hosts our website about the possible compromise of our database. After extensive research on their end, our website host notified FMA that no breach could be detected. Nevertheless, as of November 1, 2008 the additional precautionary measures were implemented by FMA’s host:

1) Hardened all login passwords that could have presented an opportunity for such theft.
2) Added stronger encryption algorithms to any credit card transactions received on our partner's web hosting company’s servers.
3) Added additional security measures to further ensure credit card information is secure at our web hosting service.

Unfortunately, we were not aware of the thread on Wattflyer until the same thread was posted on RC Groups yesterday. Had we been aware of the Wattflyer post, FMA would have responded immediately. Although our web provider still contends that no breach has been detected, FMA recognizes from the number of incidents reported on the forums, that a breach of the system may have occurred. As such, we are notifying the readers of RCG and Wattflyer to notify their credit card companies. Additionally, FMA Direct will take steps to notify customers who have transacted business through our online services. We assure you that we will remain vigilant moving forward with regard to any such attempts to compromise the trust between FMA Direct and our loyal customers. I would like to reiterate what others in this thread have stated: online credit card business remains to be a safe and efficient means of transacting business worldwide.


Jamie Marks
FMA Direct
V.P., General Manager
Gohmer is offline  
Old 11-19-2008, 07:31 PM
  #81  
firemanbill
Community Moderator
 
firemanbill's Avatar
 
Join Date: Sep 2005
Location: Sevierville, Tennessee
Posts: 20,656
Default

Apology... Heck the Veterans Administration had an employee sell mine, and 3 million or so other vets, personal information and never so much as said I'm sorry either...

Jamie, Thanks for posting this and I appreciate your efforts to secure your system from further attacks and problems. I appreciate what you and your company does for our hobby. Thanks

Signed,
A Valued Customer
firemanbill is online now  
Old 11-19-2008, 08:07 PM
  #82  
Turbojoe
Mountain Models Minion
 
Turbojoe's Avatar
 
Join Date: Aug 2005
Location: Mesa, Arizona
Posts: 1,257
Default

Check your accounts guys!

Especially if you have purchased from FMA Direct!

I thought mine were cleaned up from this debacle. Both cards were closed and new cards issued. I just checked my checking account online an hour ago. New charges of $457.88 at Motorola Direct have been posted and paid out from the old card! These charges could continue to come through depending on how long companies take to do their billing. I have a feeling that my problems are FAR from over now. I have to do a written dispute of every fraudulent charge. That could tie up my account for weeks or months. As if unemployment wasn't bad enough I now have this to deal with!

Joe
Turbojoe is offline  
Old 11-19-2008, 08:10 PM
  #83  
Rolling Thunder
Keep the sunny side up
 
Rolling Thunder's Avatar
 
Join Date: Aug 2008
Location: victorville california
Posts: 1,879
Default

is this fma the same as using paypal?
Rolling Thunder is offline  
Old 11-19-2008, 08:23 PM
  #84  
Fly Time
Ask me how I know
 
Fly Time's Avatar
 
Join Date: Aug 2007
Location: Renton, WA
Posts: 2,142
Default

Originally Posted by Rolling Thunder View Post
is this fma the same as using paypal?
No. FMA Direct sells battery chargers. Very good ones at that. And they do not take PayPal. If they did, my credit card number would not have been stollen.
Fly Time is offline  
Old 11-19-2008, 08:35 PM
  #85  
Turbojoe
Mountain Models Minion
 
Turbojoe's Avatar
 
Join Date: Aug 2005
Location: Mesa, Arizona
Posts: 1,257
Default

Originally Posted by Fly Time View Post
No. FMA Direct sells battery chargers. Very good ones at that. And they do not take PayPal. If they did, my credit card number would not have been stolen.
In the future I won't be buying from anyone online unless they take PayPal. Luckily most places I deal with do use PayPal. Those that don't won't get my money anymore.

Joe
Turbojoe is offline  
Old 11-19-2008, 08:35 PM
  #86  
crxmanpat
Community Moderator
 
crxmanpat's Avatar
 
Join Date: Feb 2006
Location: Mesa, AZ
Posts: 6,906
Default

I purchased adapters for my 4S back on 8/18/08. So far, no suspicious activitiy on my account. But I am keeping a keen eye on my account around the clock for now. The first "hit" I see and I will close my card in an instant. But right now I'll just wait and see as I don't want to go through that hassle if my account has not been compromised.
crxmanpat is offline  
Old 11-19-2008, 08:41 PM
  #87  
Turbojoe
Mountain Models Minion
 
Turbojoe's Avatar
 
Join Date: Aug 2005
Location: Mesa, Arizona
Posts: 1,257
Default

Pat,

Trust me here. DON'T WAIT!!! Call and close that account NOW. Have a new card issued. It only takes a few days to get the new card. You want to make sure you stop charges before they get started. Waiting until they show up is far too late.

Joe
Turbojoe is offline  
Old 11-19-2008, 08:44 PM
  #88  
Turbojoe
Mountain Models Minion
 
Turbojoe's Avatar
 
Join Date: Aug 2005
Location: Mesa, Arizona
Posts: 1,257
Default

To all that have had fraudulent charges you need to call any one of the credit bureaus and have a fraud alert placed on your account. As a courtesy they will notify the other bureaus. It lasts for 90 days and no inquiries will be allowed without first contacting you. Do it today!

Joe
Turbojoe is offline  
Old 11-19-2008, 09:42 PM
  #89  
SlartiCrashFast
New Member
 
Join Date: Nov 2008
Posts: 3
Default

Originally Posted by RC Accessory View Post
I just checked FMA SSL certificate and it is valid, although it is a weak encryption. Standard Network Solutions certificate.

We just upgraded our certificate to the highest certificate available. Took more than 3 weeks to get approved as a background check on the company is performed as well as myself as the CEO.

Click the SiteSafe seal on my web site, ..... and you will see what I mean.

RC Accessory, Inc
Auth US Bantam Importer

Dear RC Accessory Inc.!!!!!!!!!,

You're FOOLING YOURSELF if you think that the best and priciest SSL Certificates with the highest encryption level protects your website. This does NOTHING to protect against SQL Injection attacks (parsing for funny chars doesn't do the job either ). It also does not protect your operating system from being hacked into and then your file systems and database systems from being explored. SQL Injection attacks bypass firewalls too.

Last week I discovered that my server was logged on by somebody from china. I assume they fully explored my file system. They now know what software I run and what database system I use. They can explore my config files and compiled software to find database login stuff. And then they can explore my database. (if your db-login is hard-coded, send me your compiled software and I'll find your database login info.)

While I have no customer info yet, I will NOT be keeping anything of that nature on my server.
SlartiCrashFast is offline  
Old 11-19-2008, 09:47 PM
  #90  
bassplayinDude
Member
 
Join Date: May 2007
Posts: 792
Default

Originally Posted by Turbojoe View Post
In the future I won't be buying from anyone online unless they take PayPal. Luckily most places I deal with do use PayPal. Those that don't won't get my money anymore.

Joe
There's a guy on RCG in the FMA thread who said they opened their PP account today and there is $2500 in fraudulent charges...
bassplayinDude is offline  
Old 11-19-2008, 09:54 PM
  #91  
Larry3215
Look out for that tree!!!
Thread Starter
 
Larry3215's Avatar
 
Join Date: Mar 2006
Location: Gig Harbor, Wa USA
Posts: 7,061
Default

It seems to me that FMA is acting in a reasonable manner in this situation.

They were allerted to a potential problem, investigated the problem and were told there wasnt a problem.

Then, after seeing that there was at least circumstantial evidence that there was indeed a problem, they have taken steps to correct it and are notifying customers.

I think thats a reasonable and professional responce. I cant think I would have done any differently had I been in their place.

I would shop from them in the future - being as carefull as I would with ANY online purchace.
Larry3215 is offline  
Old 11-19-2008, 10:19 PM
  #92  
hillbille
Super Contributor
 
hillbille's Avatar
 
Join Date: May 2007
Location: Barstow, California
Posts: 1,055
Default

Upon my return from Superfly in Las Vegas on October 25-26 I also had a Napster charge against my Mastercard for $1.00 - then a $90.00 computer parts purchase in Canada that triggered my WaMu fraud to notify me - the account was closed as was the card - and new issued. I had not associated it with THIS until now. The charges were made on 29 of October against my account - but denied by the bank thank goodness!!

If Napster is used as a "clearing" of these CC's you would think that some "trigger" would get pulled when multiple (read 100's here!!) of DIFFERENT CC numbers start getting used by 1 IP address!! Also keep in mind that the SERVER need not be compromised beyond allowing FTP access to download the database - usually because the admin's are too complacent or lazy to properly secure their work. This forum as well as other has a genuinely hard time disallowing multiple accounts, usernames, and such from 1 person - and since this is their "cash cow" you wonder why - because normally it ISN'T a problem - but when it becomes a problem it's a flaming roman candle one!!! LOL!!

Also - CYOA - and try to keep a sense of humor about it. The way I see it FMA isn't the culprit here - the people they have as their online server administrators are! BIG TIME!! FMA should at this juncture immediately begin to search for a new home for their website with a LOT more security!! Just my $0.02.


BTW as an aside I have started to use the temporary VISA/MASTERCARD's offered at several retail outlets - essentially intended as "GIFT" cards that you may charge with funds at any time and are usable everywhere just as a normal CC or Debit card is - except when it's out of money - it's out!! I'll use it whenever I make any online purchas from now on - then if a problem arises - shred it!! BUT MY account and number will never be used again!

Hillbille
hillbille is offline  
Old 11-19-2008, 10:47 PM
  #93  
crxmanpat
Community Moderator
 
crxmanpat's Avatar
 
Join Date: Feb 2006
Location: Mesa, AZ
Posts: 6,906
Default

Even though I've not yet had any charges appear on my account, I'm erring on the side of caution and have closed the debit card I used for my purchase at FMA and am having a new one issued.

And I agree with Hillbille. This is not on FMA, but rather their server admin (if not done by FMA themselves).
crxmanpat is offline  
Old 11-20-2008, 02:13 AM
  #94  
Jacket Man
Member
 
Jacket Man's Avatar
 
Join Date: Aug 2005
Location: Los Angeles
Posts: 61
Default

Just a heads up guys. Both Visa and Mastercard have very strict compliance standards for processing credit cards on line. There are a number of companies that perform scans of a providers website to determine vulnerabilities that can result in the theft of credit card numbers.

This is the type of company that I'm referring to:

http://securitymetrics.com/?gclid=CI...FSAUagod80EeZg

Compliance is mandatory.

Mike
www.CommonSenseRC.com
Jacket Man is offline  
Old 11-20-2008, 01:07 PM
  #95  
mike240se
HVFRC
 
Join Date: Nov 2008
Location: NJ
Posts: 10
Default

havent purchased from FMA in a couple months, but my credit card, one i rarely use and used on fma direct was used to run up transactions last week. i had no idea how it was stolen till now. they charged napster, netflix, delta airlines, usdpointsonline and some tools. all declined - bank of america rocks! only $20 went through. but delta? ****? gonna try to board the plane with stolen tickets? this is so crazy, iam so mad, but i do feel bettr knowing how the card was stolen. Reading above, NAPSTER HERE TOOO!!! they started with napster for a couple bucks, it went through too.
mike240se is offline  
Old 11-20-2008, 01:17 PM
  #96  
Bill G
Super Contrubutor
 
Bill G's Avatar
 
Join Date: Oct 2005
Location: West Central PA
Posts: 4,422
Default

Originally Posted by Turbojoe View Post
In the future I won't be buying from anyone online unless they take PayPal. Luckily most places I deal with do use PayPal. Those that don't won't get my money anymore.

Joe
I'm a realist, and I have to agree Joe. It makes sense to fork over the fee, to a company who has EVERYTHING riding on their security. I fought the Ebay idea for a long time, but realistically, they have more reason to be secure than anyone else, since it's the core of their business. If companies took security as seriously as PayPal, then think about it, there would be no Paypal. I really don't see them as a large monopolistic thief anymore. They are there for reasons that they did not create, and are simply making money by solving a problem, that others have had the same opportunity to solve, but didn't.
Bill G is offline  
Old 11-20-2008, 06:27 PM
  #97  
ZJbrandon
Member
 
ZJbrandon's Avatar
 
Join Date: Apr 2007
Location: Thornton, CO
Posts: 33
Default

I got tagged with some Yahoo Mail attempts on my card. Yahoo blocked two, and said they would retract the 3 that followed. New card in my hand.

Regarding paypal: Remember when their database was compromised? Nothing seems to be safe anymore.
ZJbrandon is offline  
Old 11-20-2008, 07:11 PM
  #98  
WingCommander
New Member
 
Join Date: Jun 2007
Posts: 4
Default

What concerns me is they might be able to gather your info and open new credit lines in your name. Fraud charges suck but if they ever get enough of your info to open up new credit cards, its "Game over man."
WingCommander is offline  
Old 11-20-2008, 07:13 PM
  #99  
ZJbrandon
Member
 
ZJbrandon's Avatar
 
Join Date: Apr 2007
Location: Thornton, CO
Posts: 33
Default

like your SS#.

a coworker of mine has someone renting apts on the east coast in her name, and then not paying rent. yikes!
ZJbrandon is offline  
Old 11-20-2008, 11:24 PM
  #100  
Jamie Marks
New Member
 
Join Date: Nov 2008
Posts: 12
Default FYI

For purposes of clarification, FMA is contacting customers by every means possible to notify them of the potential fraud involving credit card purchases. Posting on the forums is only one means we are using. A statement was sent in an a mass e-mail last night, we have posted a statement on the FMA Direct website and a mass mailing will be distributed as soon as possible.

In addition to increased security measures already taken by our web host company, FMA is moving as rapidly as possible to establish Paypal as a means of purchase. This incident is most upsetting to FMA and we want to assure our customers that every step is being taken to rectify the situation. We appreciate all the calls and e-mails today from people who understand and who expressed appreciation for the way in which FMA has handled this unfortunate incident. Thanks also for a number of excellent suggestions from people who have been through this before and offered advice.

I know that many of our customers and friends are taking time to cancel credit cards and check accounts which takes time and effort. Even if you know that your card has not been compromised, we suggest you take the step of cancelling and having a new card issed. We apologize for the inconvenience and the worry. Believe me, we share your pain more than you can imagine.


Jamie Marks
FMA Direct
V.P., General Manager
Jamie Marks is offline  

Quick Reply: Warning FMA website - credit card numbers stolen?


Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.

Page generated in 0.11699 seconds with 15 queries