Company Discussions Discuss your company experiences here.

Warning FMA website - credit card numbers stolen?

Old 11-20-2008, 11:35 PM
  #101  
Larry3215
Look out for that tree!!!
Thread Starter
 
Larry3215's Avatar
 
Join Date: Mar 2006
Location: Gig Harbor, Wa USA
Posts: 7,061
Default

Thanks for the clarification Jamie.

Sounds to me like your handling this in a very professional manner.
Larry3215 is offline  
Old 11-20-2008, 11:53 PM
  #102  
Murocflyer
WAA-08 Pilot #1
 
Murocflyer's Avatar
 
Join Date: Mar 2007
Location: Edwards AFB, CA
Posts: 7,044
Default

Well shucks! I just checked my CC account and sure enough, there was a $1 charge from Napster.

This is huge!!!

Frank
Murocflyer is offline  
Old 11-20-2008, 11:55 PM
  #103  
Murocflyer
WAA-08 Pilot #1
 
Murocflyer's Avatar
 
Join Date: Mar 2007
Location: Edwards AFB, CA
Posts: 7,044
Default

Originally Posted by Turbojoe View Post
Check your accounts guys!

Especially if you have purchased from FMA Direct!

I thought mine were cleaned up from this debacle. Both cards were closed and new cards issued. I just checked my checking account online an hour ago. New charges of $457.88 at Motorola Direct have been posted and paid out from the old card! These charges could continue to come through depending on how long companies take to do their billing. I have a feeling that my problems are FAR from over now. I have to do a written dispute of every fraudulent charge. That could tie up my account for weeks or months. As if unemployment wasn't bad enough I now have this to deal with!

Joe
I second this advice. I DO NOT KNOW if this is FMA related as I haven't bought anything from them since spring time, but there was a $1 Napster charge on my CC today.

Frank
Murocflyer is offline  
Old 11-21-2008, 12:47 AM
  #104  
ZJbrandon
Member
 
ZJbrandon's Avatar
 
Join Date: Apr 2007
Location: Thornton, CO
Posts: 33
Default

Originally Posted by Larry3215 View Post
Thanks for the clarification Jamie.

Sounds to me like your handling this in a very professional manner.
Agreed. I think they handled it very well. I did get the email she mentioned, and I think it was well played. I hold nothing against them, and will continue to purchase their fine products.

Next year, it'll be probably some other vendor that get compromised...
it happens, unfortunately. I just don't see how one can blacklist every company that has this happen to them or their processing partners.
ZJbrandon is offline  
Old 11-21-2008, 04:09 AM
  #105  
mpotter187
Member
 
mpotter187's Avatar
 
Join Date: Jul 2006
Location: Maryland
Posts: 250
Default

Originally Posted by Murocflyer View Post
Well shucks! I just checked my CC account and sure enough, there was a $1 charge from Napster.

This is huge!!!

Frank
Cancel the card and call napster as well they can be reached at 866.620.1137 they canceled the 2 fraudulent $1.00 charges right over the phone for me. Much easier then doing a charge back through your card company.

At least FMA stepped up as well, looks like this spring I will be ordering another charger from them.
mpotter187 is offline  
Old 11-21-2008, 04:18 AM
  #106  
Murocflyer
WAA-08 Pilot #1
 
Murocflyer's Avatar
 
Join Date: Mar 2007
Location: Edwards AFB, CA
Posts: 7,044
Default

I already had my wife call my bank and cancel the card. They have alerted their fraud dept. and will engage.

I'm not worried about the dollar, but I do wonder what song I bought.

Frank
Murocflyer is offline  
Old 11-21-2008, 04:18 AM
  #107  
Murocflyer
WAA-08 Pilot #1
 
Murocflyer's Avatar
 
Join Date: Mar 2007
Location: Edwards AFB, CA
Posts: 7,044
Default

PS I have never seen so many viewing one post at one time:

Currently Active Users Viewing This Thread: 22 (4 members and 18 guests)
Murocflyer is offline  
Old 11-21-2008, 07:21 AM
  #108  
mike240se
HVFRC
 
Join Date: Nov 2008
Location: NJ
Posts: 10
Default

anyone ever notice that fma was ringing your crds through their terminal? This probably means the cc order info was emailed to them in plain text. i have seen this setup before, very insecure. someone could have just been monitoring their email in the middle. If it was an employee at the web hosting company i hope they get busted hard. fma should change web hosting companies too. especially if they never catch the criminal. i just found out it costs me $7.50 to get a new debit card from pnc. that is just one of my two cards that were stolen that were used at fma. my friend says they tell him his apr is going to go up because of the claim. i think fma is gonna have alot of visits from various agencies after this (the wb host too hopefully) this person needs to be caught though.
mike240se is offline  
Old 11-21-2008, 03:27 PM
  #109  
Lieutenant Loughead
UNCLUB OWNER
 
Lieutenant Loughead's Avatar
 
Join Date: Jul 2007
Location: Oklahoma
Posts: 4,406
Default

I understand that FMA might be handling the damage control well (from a "spin doctor" perspective) -- but the problem for me is that they didn't handle the situation well from the beginning...

Couple that with the fact that I still have not received a warning e-mail from FMA Direct, and the fact that I lost my job two days before my credit card got hit with a bunch of expensive charges I didn't make...

Well, none of this makes me happy with FMA Direct. Granted, I was in a bad mood to begin with, but I've been carrying credit cards for 20 years -- and I've ALWAYS purchased items over the internet with my credit cards -- and this is the first time my credit card number was stolen and fraudulant charges were made. That tells me that FMA Direct simply does not do business the way everyone else does -- and that tells me that FMA Direct is at fault -- and that leads me to believe I can't trust FMA Direct!

This was my first purchase with FMA Direct -- and my experience was not a good one.




"It takes years to gain a new customer, and moments to lose one."
Lieutenant Loughead is offline  
Old 11-21-2008, 04:20 PM
  #110  
Fly Time
Ask me how I know
 
Fly Time's Avatar
 
Join Date: Aug 2007
Location: Renton, WA
Posts: 2,142
Default

The only email I've received from FMA was a denial that they had experienced any security breach. Maybe they figured I was already "informed" since I had brought it up with them. That is disappointing. Despite that, I don't really hold it against them. It happens. They are in the business of selling RC batteries and chargers, not web security. They trust others for that and obviously they were let down.

I run just about everything but the mortgage payment through my credit card (Alaska Air miles!), and from my experience something like this happens about once every 2 or 3 years. I have never been out a penny for it as Bank of America always reverses fraudulent charges immediately. In fact, this recent problem has been pretty mild compared to previous incidents. A couple years ago someone got our number and charged over $3,000 of stuff in the UK and UAE while we were vacationing in Canada. A couple years before that it was a washer and dryer from a Home Depot in Virginia. BOA never blinks. They reverse the charges and send out new cards.
Fly Time is offline  
Old 11-21-2008, 04:21 PM
  #111  
hillbille
Super Contributor
 
hillbille's Avatar
 
Join Date: May 2007
Location: Barstow, California
Posts: 1,055
Default

Having thought this over a little since I last posted it occurred to me that there are several "facts" that point to the internet provider/web host of FMA's website and NOT to FMA directly.

Does anyone know of any instance where a friend used his/her CC to order any item from FMA over the telephone ONLY - and has their CC been compromised?? This would be one of the ways to discover whether or not this was an ex-employee/employee as it would point to the CC data being taken at the POS - not from the web server.

On the other hand if ONLY people that have used the internet to make orders are having their CC's compromised - then to me that points directly at the HOST/SERVER for FMA's website. Since I doubt FMA has any employee that designed and built their website I am going to assume it was done by the webhosting company - as was the POS software added. The host/server would never admit upfront that their system had been compromised - bad for business. Instead when a problem first arises and FMA asks the host/server administrator about the security - THEN you hear - impossible, doubled encryption algorithm, and upgraded database - which are stalling tactics. As I said before FMA should be looking for a secure host/webserver for their site and right NOW.

Very few web host/servers are in this country - most are offshore. Major corporations that can afford it have their own servers for their company files and data. When these are breached and crime ensues the FBI becomes involved quickly as it is usually a LOT of money and people. In this case I'm not sure that will happen as jusisdiction may be the hardest part to getting anything criminl going as far as catching the culprit(s).

The key to USE of the CC database is/are the IP addresses being generated by Napster, iTunes, etc.. These should be put in combination with the IP's of the other online vender purchase attempt IP addresses to start a trace - eventually back to the culprit(s).

Is FMA guilty - in my mind only of being very naieve about their web host/server and POS software and database. No excuse will matter now - damage is done. Since the culprit(s) are still active - might be easier to trace.

Again just my $.02 worth.


Hillbille
hillbille is offline  
Old 11-21-2008, 11:03 PM
  #112  
Jamie Marks
New Member
 
Join Date: Nov 2008
Posts: 12
Default Steps to Contact FMA Customers

The first email announcement that we sent out would only reach customers who have elected to be on our regular email list. If you have voluntarily joined our email list and you still did not receive the first email, it is probably caught in your spam box either within your email interface or was intercepted by your internet service provider (ISP). The reason this can occur is based on specific rules set up by your ISP and of course FMA has no control over that. Often times it is based on the fact that the email blasts contain graphics which are known to carry viruses in certain cases. As soon as possible, we also plan to send out a text only email to our entire customer database for whom we have a valid email on file. We do have email addresses for the majority of our customers even if they are not on our official voluntary email list. We feel this will be more effective than a postal mailing because physical addresses change. Often when a person moves from one home to another, they retain their email address. So we feel the likelihood they receive the information will be higher with this approach. We expect this message to go out with in days. In addition, we have added a link to the FMA Direct home page with a statement.

Please recognize that we are trying to contact every FMA customer who has ordered online. It is a large process to do that and we are working as hard as we can.

Jamie Marks
FMA Direct
Jamie Marks is offline  
Old 11-22-2008, 12:50 AM
  #113  
dimwatt
Member
 
dimwatt's Avatar
 
Join Date: Mar 2008
Posts: 28
Default

I got hit today, too, with the napster charge.

I cannot believe that an online vendor would presume it was safe to store his customers' credit card information.

Most reputable firms do not keep this info for this exact reason unless the customer requests it or it is used for monthly, on-going charges.

There is simply NO EXCUSE for this to happen in a well run and properly managed internet company in 2008. SHAME ON YOU!

You're off my approved vendor list FMA DIRECT.
dimwatt is offline  
Old 11-22-2008, 01:34 AM
  #114  
Don Sims
Administrator
 
Don Sims's Avatar
 
Join Date: Sep 2005
Location: Middle Tennessee
Posts: 14,327
Default

I always worry when a rash of "new" members post in threads like this.

Hope they are all above board and are following our site polices and put a declaration in their profiles or signatures if they are vendors and not competitors of FMA or anyone else.

My CC card got hit today also and I haven't bought anything from FMA for well over a year. The CC security folks told me there's been a huge upswing in the attacks. Had to cancel my card and wait 5-10 days before I can buy more stuff! She said something about computer programs that make multiple purchases on bank cards. I really didn't understand the stuff but did something about it.
Don Sims is offline  
Old 11-22-2008, 01:45 AM
  #115  
mike240se
HVFRC
 
Join Date: Nov 2008
Location: NJ
Posts: 10
Default

Originally Posted by Don Sims View Post
I always worry when a rash of "new" members post in threads like this.

Hope they are all above board and are following our site polices and put a declaration in their profiles or signatures if they are vendors and not competitors of FMA or anyone else.

My CC card got hit today also and I haven't bought anything from FMA for well over a year. The CC security folks told me there's been a huge upswing in the attacks. Had to cancel my card and wait 5-10 days before I can buy more stuff! She said something about computer programs that make multiple purchases on bank cards. I really didn't understand the stuff but did something about it.
It doesnt matter that you bought last year. I bought last year on 1 card and this year on another card. Both cards have been compromised with exact same charges. The only place BOTH cards were used at is FMA. THey were doing a major major major no no, having ordr info emailed to them in plaintext, stored inside mysql in plaintext, and then processing them through their CC terminal as "Card Present" and then sending you the CC terminal receipt. This is the most insecure "swiped" card rate, rathr than a more expensive mail order/phone order/internet order rate. My friend ordered from fma over the phone, his card has not been attacked. I think that confirms it was their web host. To the guy above, most web hosts are NOT overseas, major US web hosts like the planet are all US based. No US based business would buy a web host overseas, that is crazy. If they do, they should have their VP of websites fired! And BTW, these numbers are sold off, so tracing IP addresses will catch some of the people, but not the original thief and not all of the cc users.
mike240se is offline  
Old 11-22-2008, 02:01 AM
  #116  
dimwatt
Member
 
dimwatt's Avatar
 
Join Date: Mar 2008
Posts: 28
Default

Don, I have actually been a member of this forum for over a year. I was unable to locate my username so I re-registered. I probably have 100 posts.

It has been 4-6 months since I ordered from them. I had ordered a charging adapter that wasn't in stock and I forgot about it. Three months later, here it comes.

One would think that a prudent, properly managed company would contact the customer after that much time had passed and ask if he still wanted the part rather than just ship it off.

That told me that they kept my credit card info on file, when they should have destroyed it after the initial order, and asked for it again IF I chose to keep the back-order.

So, there in a little under-encryped file are all of our credit card numbers, just waiting for the taking.

There is NO excuse for this. NONE. And, if you cannot tell, I am quite disappointed with FMA Direct.

Dave Healy
Medford, Oregon
***strictly a consumer***
dimwatt is offline  
Old 11-22-2008, 02:31 AM
  #117  
flydiver
Super Contributor
 
flydiver's Avatar
 
Join Date: Jan 2007
Location: Seattle, WA
Posts: 2,668
Default

FWIW my only purchase was months ago.
Warned my buddies that have purchased from FMA about this 2 days ago. Yesterday > all OK.
Today, Napster, Playboy, and other charges. Card was canceled. Other buddy decided to just cancel his and save the grief.
The Napster and other nuisance, low $ amounts seem to be 'fishing' for a valid card. After that it would appear that what ever the original leak is the card #'s have gone to a number of places based on the WIDE disparity of charger, both in type and locations.
flydiver is offline  
Old 11-22-2008, 02:33 AM
  #118  
Don Sims
Administrator
 
Don Sims's Avatar
 
Join Date: Sep 2005
Location: Middle Tennessee
Posts: 14,327
Default

Thanks for the details Dave, be sure to drop a PM to Mike and he can help with the user ID situation. There have been several people with 1 or 2 posts on WF in this thread.

Don't know if this has been posted elsewhere but here is the message that was in my e-mail this morning from FMA:
Statement from FMA Direct Management in response to posts on leading RC Online Forums.

During the last week of October, FMA received two inquiries within a matter of days about possible compromised credit cards. In both cases the customer informed us that they had used their card at multiple online sites and could not confirm which site(s) could have been compromised. We promptly notified the company who hosts our website about the possible compromise of our database. After extensive research on their end, our website host notified FMA that no breach could be detected. Nevertheless, as of November 1, 2008 the additional precautionary measures were implemented by FMA?s host:

1) Hardened all login passwords that could have presented an opportunity for such theft.
2) Added stronger encryption algorithms to any credit card transactions received on our partner's web hosting company?s servers.
3) Added additional security measures to further ensure credit card information is secure at our web hosting service.

Although our web provider still contends that no breach has been detected, FMA recognizes from the number of incidents reported on the forums, that a breach of the system may have occurred. As such, we are notifying FMA Direct customers who have purchased online to notify their credit card companies immediately about a possible breach. We assure you that we will remain vigilant moving forward with regard to any such attempts to compromise the trust between FMA Direct and our loyal customers. We apologize for the inconvenience this will cause.
Don Sims is offline  
Old 11-22-2008, 04:35 AM
  #119  
Dewey_Oxberger
New Member
 
Join Date: Nov 2008
Posts: 5
Default

Strange note: My card starting logging crazy charges over a week ago and I canceled it. It's still logging charges even after getting canceled. So watch those cards!
Dewey_Oxberger is offline  
Old 11-22-2008, 10:41 AM
  #120  
mike240se
HVFRC
 
Join Date: Nov 2008
Location: NJ
Posts: 10
Default

Originally Posted by Don Sims View Post
Thanks for the details Dave, be sure to drop a PM to There have been several people with 1 or 2 posts on WF in this thread.
I dont know if you are refering to me, i did just join, that is because someone linked to this post on RCU and this post is much more involved and a better thread for this topic than the one on RCU. So i joined to be able to join the discussion. but if you look at my account on RCU and RCGroups, which is the same username as here, mike240se and look at my posts, etc you will see i am just your average flyer and consumer and do not represent any company. Plus i still plan on using and buying FMA products, just wont do it without paypal. I told them that too. Has anyone else gone back and noticed that they send you a CC terminal receipt with your invoice as i mentioned previusly? this is why the setup was so insecure, they had to be sent the CC's via email plaintext to be able to type them into their CC terminal.
mike240se is offline  
Old 11-22-2008, 01:48 PM
  #121  
Don Sims
Administrator
 
Don Sims's Avatar
 
Join Date: Sep 2005
Location: Middle Tennessee
Posts: 14,327
Default

First of all, please excuse my off topic comments!!

Welcome to Watt Flyer Mike! You'll find we have a great community of posters here with a lot of bantering and a minimal amount of flaming. Generally on topics like this the members discussion remains as civil as possible as you folks have done in this thread.

As I recall, my dealings with FMA was over the phone but my CC was still compromised yesterday. Napster, Chinese Red Cross, were the two small charges on the card.

Dang, I use a small debit card on line too. I need to check that account!!
Don Sims is offline  
Old 11-22-2008, 02:43 PM
  #122  
firemanbill
Community Moderator
 
firemanbill's Avatar
 
Join Date: Sep 2005
Location: Sevierville, Tennessee
Posts: 20,658
Default

Good news! FMA now accepting PayPal!


http://www.fmadirect.com/new_applica...t11.22.08.html
firemanbill is offline  
Old 11-22-2008, 03:33 PM
  #123  
Murocflyer
WAA-08 Pilot #1
 
Murocflyer's Avatar
 
Join Date: Mar 2007
Location: Edwards AFB, CA
Posts: 7,044
Default

I saw this on the other forum. It's worth repeating here:

FWIW folks, in the last two months I have had both my AMEX and Debit card "compromised" and neither one had anything to do with FMA!?

It is a sign of the times we are living in. More and more unscrupulous people are preying on their fellow citizens as we go about our daily lives and use the electronic technology in the day to day process of life. If you have a CC or debit card and use it ANYWHERE, ANYHOW, you will probably become a victim? Not a case of "if" but more a case of "when". It could happen when you lay it on the table at a restaurant for somebody to disappear with for a few minutes to run it or when you purchase online. I am using Paypal more and more, as I can still use my CC but not enter the # on a myriad of different web sites. And, FWIW, my Debit Card was breached when somebody somehow used it on PP to make a one time purchase? PP does not even have my debit card # in their system.

The good part, if there can be one, is that the powers that be were quick to make it right. AMEX actually caught the suspicious activity and alerted me with an email. BOA has excellent alert tools and ways to monitor your accounts and receive notifications via email when there is suspicious activity. And PP refunded me the money stolen from my debit card within a few days.

So, I wouldn't necessarily beat FMA to death on this one. It is going to happen and is the sad downside of the electronic age. The only way to avoid it completely I suppose is to deal with cash only!? And then some thug will pull a gun on you for having your pockets bulging with money?!
Frank
Murocflyer is offline  
Old 11-22-2008, 05:07 PM
  #124  
Dewey_Oxberger
New Member
 
Join Date: Nov 2008
Posts: 5
Default

>So, I wouldn't necessarily beat FMA to death on this one.

No doubt. I like their products. Still, it is possible to protect credit card transactions well enough that you avoid a "cluster" of leaks centered around a single company. There is a standard for how to do it. Google "PCI Audit".

If FMA puts the effort in finding the leak, fixing it, improving the system so it won't happen again, and keeping customers informed along the way then they've done well.

Adding paypal sounds like a good start.
Dewey_Oxberger is offline  
Old 11-22-2008, 10:18 PM
  #125  
Figure.N9ne
Super Contributor
 
Figure.N9ne's Avatar
 
Join Date: Jan 2006
Location: Miami, FL
Posts: 1,138
Default

hey guys, just got the call from us bank about my ama credit card. same charges as everyone else. he actually started off telling me about napster and i finished the rest for him and told them its been very wide spread and where its probably originating. they said they've been noticing a lot of this recently.
Figure.N9ne is offline  

Quick Reply: Warning FMA website - credit card numbers stolen?


Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.

Page generated in 0.11090 seconds with 15 queries