Over the last week or so, a number of Transformers collectors have noticed unauthorized charges on their credit cards and have received phone calls from their various financial institutions alerting them to possible fraudulent charges on their accounts. A good number of collectors have been hit with these fraudulent charges, including members of TFW2005.COM’s own staff.
Fun Publications, the parent company behind the annual BotCon and JoeCon conventions, have released a statement regarding these charges and the possible, if any, link between the credit card fraud and their online ordering system. We have copied their statement, but you can also download the .PDF file yourself by clicking here.
We have been receiving feedback that there has been a higher than
usual number of fraud complaints posted on online Transformers
forums.While we have nothing to suggest that there was an issue with the TCC
and Fun Publications, we look into every concern that is sent to us. All
of your transactions are in a secure socket with the strongest encryption
available to any site on the web. If you have a specific concern about
any transaction with us, please use the “contact us” link located at the
bottom of the TCC page and provide us with as much information as
possible including:1. The EXACT name of merchant as it is written on your statement.
2. Amount and date of suspect charge.
3. Bank your card is drawn on and if it is a debit or credit card.
4. Device and browser (and version) you used for your last payment
with us before you saw a fraudulent charge (ie, android phone,
computer, iphone, browser and version).
6. Were you on a public computer?
7. Were you on a public wi‐fi network?
8. If you were at home or work, what Internet provider did you use?
9. On your last transaction with us, did you receive any kind of error
message (card declined, 404 error, programming type error)? If you did
receive an error, how many times did you resubmit your information?It is very difficult to track credit card fraud. With your help, we can see
if there are any parallels between those reporting an issue.In order to better protect yourself, here are some guidelines:
Never log into a secure site from a public computer, public wi‐fi, or
through android/windows phones. Only use your mobile device on a
mobile app for transactions, never a browser. Turn off your bluetooth
and wi‐fi to prevent people from hacking your credit card information
from your phone/computer.If you have a card that has an rfid chip, make sure your card is shielded
when not in use.Always make sure you are using a secure socket (https://) for any login
that requires a password or a monetary transaction.Never email your credit card information to anyone.
As should be common practice, on a regular basis, be sure to check your
statements and make note of any suspicious activity on your card. If you
see an unauthorized charge, turn it in to your bank or card company, the
charge will be reversed, they will issue a new card for you and the
security system in place will have done its job.Please also take the time to read the attached article and research credit
card security. We are very aware that security concerns have risen
exponentially in the last couple years and we are doing our part to stay
ahead of the curve.
It is always important that you monitor your card’s activity, regardless if you purchase online or not. A special thank you goes out to all the various collectors who have banded together to bring this issue to light, and in many instances, have helped collectors stop their card from being compromised. We at TFW2005.COM urge everyone, regardless of when or where they shopped recently, to monitor their cards for suspicious activity. You can join in the on-going discussion here.
Tony_Bacala
Discussion related to the TFCC security issue is now closed. It is not to be discussed anywhere on the site unless NEW information comes out. This information could come from a fan who had communication with Hasbro, the club, or any other relevant party. If the club or Hasbro put out official statements, that is cool to post as well.
If that happens, please create a new thread. Discussion will be allowed briefly, contained specifically to that new information. Once an official rep responds and clarifies questions related to the new information, the thread will be closed. If they do not, and discussion hits a wall where it is just speculation and opinion, then we will close it.
New reports of having your card compromised unfortunately at this point is not new and does not warrant a new thread. It is assumed that people who have done business with the TFCC in the past have the potential to get their credit cards compromised.
People have reported that their email address and password associated with Club logins on the old store/forum may have also been compromised. So reports of your other accounts being accessed by someone else is also not warranting of a new thread. (And BTW – if your username/password at any club site was the same as your bank/PayPal/etc – change it ASAP).
We thank the fans who alerted the rest of the community about various issues and hopefully helped avert some loss.
Please use the below information to brush up on any info you may have missed.
Statement from Fun Publications Regarding CC Issues – Transformers News – TFW2005
TFCC CC Update 2/29/2012 – Transformers News – TFW2005
Hasbro Communication Regarding TFCC Security Issue – Transformers News – TFW2005
Transformers Collectors Club Update – Transformers News – TFW2005
http://www.tfw2005.com/transformers-news/conventions-15/fun-publications-cc-issues—32712-new-information-174679/
If you would like to see official responses to questions and concerns so far, please view Pete@Botcon's posts here:
http://www.tfw2005.com/boards/search.php?do=finduser&userid=41913&searchthreadid=543525
Please use the following information to contact Fun Pub directly:
Email 1 – [email protected]
Email 2 – [email protected]
Phone 1 – (817) 448-9863
Phone 2 – 1-800-772-6673
If you were compromised – Fun Publications asks you answer the questions on the below page and email them with it:
https://www.transformersclub.com/tccccinfo.cfm
Until new information comes out – ALL questions and concerns about Fun Publications and their activities (club, store, convention) should be directed to them via the methods above.
If you get a response from them, and feel it's new information the fandom would benefit from knowing, feel free to post it here in a new thread. We will allow contained discussion for a brief time, allow for an official rep to clarify if they choose, and then close.
Thanks everyone.
VAwitch
Since it's not just current, or expired-within-past-year members that would need to be mail-merged, it would take longer than a half hour.
What they likely need to do, is hire a temp or an intern to cover some other aspect they handle (packing) while a long-term employee handles the calls for Cards-used requests.
Or for TFCC Customers to just be proactive, and if there's any possibility of a card having been used @ the TFCC site or BotCon, cancel & get a reissue – with the reason being a online merchant you have visited in the past has had wide spread card compromise. That should minimize the replacement card charges. Maybe even cancel a card you don't THINK might have been used (although those most likely are not your daily-used & thus could screw your life up while things are being fixed cards)
Luckily, since I never have much available on my other CCs, other than food or shuttle (aka NOT @ FubPub-run locations) I have only used 2 cards for TFCC stuff. My bank didn't charge me for a replacement when I explained what had happened, even though I hadn't been hit yet.
Eigo Risu
Woo-Hoo, now I can join in the "Fun".
Just received a 9:30am call from my bank as they had (only this morning) noted an overseas transaction for over $400 that was flagged as 'suspicious' with someone called 'Gumtree' out of the UK. This was most definitely a fraudulent charge.
I asked if there had been any $1 test charges, and the kind bank man said yes, two weeks ago, but it had declined at the source (I imagine that was pure luck of someone mistyping a number or somesuch) and thus had never been processed or flagged.
I asked what it was for, and he replied that the name began "foundation for angel…" (but the rest of the name was cut off on his screen).
Sound familiar with some of you? My card has now been cancelled and replaced (excellent quick service from the bank, I might add).
The only reason I hadn't thought myself vulnerable was that I could have sworn I'd already been issued a new card since the last time I'd used a card at the club store, which was to buy G2 Ramjet & Animated Cheetor on release day.
Needless to say, I will be filing a full report with my bank on Saturday morning. I will be including screen prints from Pete, Jarrodimus, and others, detailing the total and utter lack of security & compliance at "Fun"pub (whom I will also be raising the issue with)
Still, at least I know my bank is pretty good with the fraud protection, right?
Deathknell
Been reading through this thread for the past couple of days…
Didn't really WANT to post anything but I guess I will.
All I want to say is that yes I get that people are upset. What FunPub has been up to and how they have treated their customers is wrong, shady, slimy etc. BUT SERIOUSLY…put up or shut up folks. It really doesn't help to constantly vent the same things over and over and over. Getting the information out there for the fans is one thing, and that's fine. IF your upset about it, if you've had your info stolen, if you've had money stolen etc. quit crying to FunPub and take it to the authorities. I've seen many posts about Jarod's info being made public both here and on Twitter however I haven't seen anything about Jarod taking that info to the BBB, local authorities, Hasbro, Lawyer etc.
In spite of all that's happend many of the same people venting about FunPub still went back to renew memberships?! WTF? STOP DOING BUSINESS WITH THEM! Stop giving them money. Why should they fix anything if all people do is vent and give them cash? You want FunPub to take a hit then STOP RENEWING MEMBERSHIPS, stop buying their toys, stop registering for Primus packages, report them to the authorities, don't go to Botcon etc.
Now in case anyone out there who knows me says "But your going to Botcon!" Yes I'm going to Botcon….the Hotel is a 20 minute drive for me. I did not buy into ANY packages. I am paying the $20 general admission for myself and my wife…my son get's in free. My money will go to the dealers. We will probably only be there for a few hours on Saturday. I don't plan to take part in any panels or any other fanboy FunPub crap. I'm going to get in, finish my predaking, pick up a few other odds and ends and get out. And I will never do business with Botcon or FunPub again.
Oh and finally for the record I was not hit by any of this mess because I saw the crap on the FunPub wall back in 2007 and never did business with them again. Luckily I already regularly change passwords and ID info on a regular basis for all of my online accounts. I feel for you folks who have had rent checks bounce, mortgage payments missed etc. I did get caught up briefly in the TFSource drama as well as had a check stolen so I know how it feels.
Just stop giving Funpub your money, stop doing business with them, let them just die and fade away. Hasbro will find a new licensee to replace them.
Shin-Gouki
No this is unproductive Spam
This thread is Angry venting at an intolerable situation.
BraveMax
I'm not exactly pro-FunPub in this debate… But this post seems unnecessarily harsh. If there's one thing FunPub *has* done right, it's try to have some grass-roots communication. Naturally, we've done nothing but flame Pete for being here – I can understand why he might not want to be around anymore if it's not accomplishing anything constructive.
… That being said, since he's pretty much the ONLY PR we're getting from FunPub, it does seem like it would kind of be his job to suck it up and not just keep telling people that he's only going to respond to issues if people email him privately to air them -_-().
Sammael
Uh, creating a mail merge in Word with a contact list takes all of ten minutes, tops. Even if they don't have a contact list, creating one from the database shouldn't take more than half an hour (if that much).
Sludge
Because there's probably 5 people total employed by Funpub. It would take them forever to mail individual emails to everyone. I'm not trying to make excuses for them. But I do believe they are too small of an organization to handle a club like this.
JTKranix
Yeah, that's pretty much what I figured. Shame too, we have wasted so much time on the phone with banks and credit card companies to change account numbers and fight fraudulent charges – hell, some people have had to take time to drive to banks or ATM machines to withdrawal cash because they were unable to use their debit cards while waiting for replacements.
It seems only fair they could waste some of their time and help their customers out…but this is FunPub we are talking about.
Composite Ghost
I've been following the thread and I think it's safe to say no, there is no reason why they can't contact members to inform them which cards they used in the past. They could if they wanted to. But that would take time, and time equals money. And they have established a pattern of behavior where they don't like to do things that cost them money.
Composite Ghost
If I charged two or three bucks per square foot of bubble wrap on eBay the negative feedback I would receive for that alone would put me out of business.
JTKranix
I'm not going back through 500 pages of posts but…
Is there any reason that the club can't contact members via email and tell them which cards they used at the store? They obviously have that information in plain text just sitting around and it wouldn't be difficult to parse it.
An email saying "You used the following cards ending in 1234, 5678 and 9012. You may want to cancel or monitor those accounts."
I have a few different cards and all of them have been compromised now, including cards I didn't think I had used at the club but as it turns out I did as far back as 2007.
Ruination04
Did we ever get the one question answered: WHY did they store all of that info to begin with when it was wrong to and weren't supposed to? If that wasn't answered then Pete is just running away and not answering the questions that need to be answered.
I'm not trying to keep things stirred up but I keep seeing it asked and everytime Pete comes in I don't think I have ever seen him address this.
Roufuss
Quoting this because this is all that needs to be said and should be repeated over and over again until more people get it.
So I guess we won't be finding out the results of this "investigation" then, will we?
Officially, we still have no idea what information was even taken. We're never even been told that. The fans figured it out but in almost two months Fun Pub has never once said "This is the information that was compromised." All we got was "There was a security breach." That's all we ever got. This is the first time I've ever dealt with a company who has gotten hacked and has never told me what was taken; if it wasn't for this thread, we'd still all think it was just credit card theft. Investigations don't take TWO MONTHS to determine what data was taken. That's asinine.
Fun Pub isn't going to answer emails about this. Pete has now decided to leave, which means we're getting nothing from him.
You know what I think? I think Fun Pub's "investigation" found something bad, real bad, and they're all going to go dark and hope this just blows over rather than tell us the truth.
The whole "this thread is confusing!" after other members brought it up just seems like a convenient excuse.
Biggs
Amen. …although in Pete's defense he's obviously pretty low on the food chain at FunPub, seems pretty oblivious to the inner-workings, or simply just utterly naive to the severity of the situation and the terrible customer service as a whole. He never really 'checked in' to the purpose of this thread in the first place, been dancing around answering relevant questions for weeks now.
He tells you to email him, then never replies. So it's a nice way of keeping the complaints private (and not public) while still doing absolutely nothing about anything. It's a wonderful strategy to LOOK like you're helping the community, while doing absolutely nothing. He'll tell you he does reply to emails, but that's only at his selection/discretion. Any serious issues (like the many that have been posted, or mine…) are ignored. Because basically, he can't really do anything. He just likes to keep it off the forums and therefore, out of the public discourse.
QFT. Also, as I keep saying (because it needs to be repeated) they STILL HAVE your information on file. Every single detail, as of March 9th they're still storing your complete credit card information that potentially anyone at FunPub can access.
Yup.
….also, a hearty "LOL" for having an option on their "new site" where you can delete your own membership. HA! That's brilliant. Only just read that part now, man this thread is full of mind-numbing asshattery. Nice work from Alucard on compiling a list…
There you you apolgists out there, still want these bumblemuffins* running your fanclub?! You can add a #23 to list being myself (Biggs) still waiting over a YEAR now for his free 2011 club figure, #24 being they don't ship international products track-and-trace to international customers and #25 they make you pay for bloody bubble-wrapping…
*not Muppets, Pete… Company I'm referring to, not people… don't report me chief
Kenucme
Last thing I want to add to this, as it's getting to where I'm just adding unnecessary spam.
All I can ascribe to them is not taking the precautions that members urged.
Composite Ghost
I think a good sequel to this thread would be if someone with a level head started a new one somewhere (General Discussion?) that begins with a comprehensive list of all the shady things FunPub has been up to. As more things come to light the original poster can always edit and add to it. That way there is quick and easy access to the info. Is there anything like that already?
blue death
Quoted for abosulte truth.
Lumpy
i agree… and the dislike of the newsletter has nothing to do with this thread other than that FP makes it… i get that there're things people want to change with the club, but using that as anything is this thread is just trying to egg on more crap, in my opinion… it's like being pissed off that you got rear ended, and still wondering why you accidently broke your rear view mirror the week before… unrelated, other than being in a car…
don't forget RustyMuffler! he's been a big part too…
me too… that's exactly where i am right now…
we should!
so true…
this is exactly why i have 2 checking accounts, one just for bills each month, that always has the money in it no matter what, and the other for whatever i need each month (toys, clothes, gas, eating out, etc)
agreed… and honestly, i don't think that the club could do ANYTHING that'd make me post on their forums… it just can't compete with TFW…
not spam… discussion, and some much needed levity at times…
that's true too… and i'm probably guilty of gasoline…
oh bummer… so i guess we don't get an update on the Runamucks shipping yet? oh well… thanks for at least posting what info you could, i appreciate it.
wolfe
There is still good information that has come out. Without this thread people wouldn't be aware of the cancelling membership mishap and the fact they mailed credit card numbers out. It may now be a waiting game until botcon but sadly i still think things will come out every few days about some new screw up. We'll have to wait and see I think.