Anyone having trouble with checkout security at GlobalSugarArt? - Page 4  

Quote:

Originally Posted by sugarshack 

I do  know he said he has two large firms working on it and it is his highest priority. They do also offer paypal checkout. (I am not affiliated with GSA in any way, just passing on info). 

uhhhmmmmm, yeah...riiiiight...two large firms...highest priority...

I'm not buying it!

Even if he does have somebody working on it, if he was smart he would get on this board and make some sort of statement...what they are doing to address the problem, what you can do if your card was affected, another way you can order, etc.

That would just be a good business practice.

Quote:

Originally Posted by sugarshack 

I talked to Alan yesterday and he said their server was hacked and they are doing all they can to correct the problem.

Thank you Sharon for caring and getting in touch with Alan on behalf of all of us. I do believe that, as a responsible business owner, he is/will be taking measures to resolve this extremely serious problem.  I tried calling him but was not succesful and decided to try again after the Thanksgiving holidays.  In my opinion, even if their company server was hacked, there must be internal corruption since Credit Cards & email/personal information has been compromised even when making phone purchases.  About PayPal, it does show as an option but I am not sure that it works.

Thank you arlenej for leaving a message in their website, but I wonder if it will get to Alan.  I believe that phone calls and direct emails are probably more effective.

Interesting that the Game place in Texas was also one of my fraud charges among a few others!

Quote:

Originally Posted by vcheddar 

 

I think the Game Stop or some gaming/video place in TX was also one of the places that hit my CC.

Yep, same here!

To all our GSA customer.  Firstly, please accept my apologies for any inconvenience you have suffered.  You always have the ability to place internet orders using "Phone Order" as the payment type and calling in your credit card that will be manually processed and NOT placed in any software program.  You can also use Paypal which is very safe as well.

We are aware of the issue and have addressed it on a few forums already. Sharon alerted me of this forum thread two days ago.   We have hired a large NY city firm to work with us to rid the site of the hackers (http://www.lloydgroup.com/critical-business-services).  Unfortunately, it has been extremely difficult and we have had to have our entire website software re-written on a new platform and will have to move it to a new and more secure server.  We currently rent server space in a server farm in California called InMotion Hosting.  Last year the entire server farm was hit by a major virus- see story link. http://thehackernews.com/2011/09/inmotion-hosting-server-and-trinity-fm.html.  Our website was not immediately effected so we thought we were secure.  However,  the hackers were able to make entry into our website and deposit code that could move confidential information out to credit card thieves.  It was not activated until recently.    We first became aware of this about 60 days ago and have made numerous changes to secure the site.  Unfortunately, their technology is very sophisticated so we need to rebuild the site from the ground up to ensure it is totally secure.

I literally have a team of coders here at Global Sugar Art that are working 10-12 hours a day to re-write the software.  We hope the site will be completely secure within the next 24 hours.  Once the site is secure and all the software is re-written, the website will be moved to a new server.

Once again, I apologies for this terrible inconvenience.  Even large world-wide banks get hacked.  We are all very vulnerable in this age of computer theft.  Please do remember that we can securely process your order if you call in your credit card number or use PayPal until the site is secure within the next two days.

I assure you were are working very diligently on this issue and realize the disruption is causes all of us.

Alan

It  would be safer to call us with your credit card number today.  Once the site is secure by tomorrow, we will no longer have any access to your credit card information.  It will be sent securely and encrypted directly to the bank for processing.  So, if you need to add to your order or upgrade shipping, you will have to call us with payment information for the additions and changes.  We will no longer have access to any credit card information for US orders.

Once our new order admin is built and moved to a new server, we will be able to contact the credit card processor for additions and order changes.

Thank you all again for your understanding and patience.  I can assure you that there has been no theft from employees or people associated with GSA.  When we first had  customers  calling in their orders because of the fraud, we were running the card through a secure connection to our server.  We did not realize that once the card information reached the server it was bring stolen.  We are now processing the cards through a regular credit card terminal at our cash register.  No information being called in is being put online or anywhere in our website.

Alan
 

Alan, Thank you for the explanation and working so hard to resolve this problem. Among CCers, GSA has a really good rep for great customer service and products - sorry this happened to you. I'll be ordering again once your site is secure.

Although I appreciate the owner providing information as to the security breach occurring on their website it is disappointing that they continued to allow orders to be placed and customers cards compromised without any notification on their site.  It was mentioned that they addressed the issue on a couple of forums but I did not see it mentioned anywhere on their own site. 

I am an IT professional and have had responsibility for PCI at my last company so I can appreciate the work involved for a company to constantly work towards compliancy but find the way GSA is handling the issue to be somewhat irresponsible.  As a result of all that has been said I have taken my email off of GSA's list and will not shop with them.  I found these posts just before putting in my first order with this company and I am very thankful to all of you that shared your stories of problems with using cc on GSA.

Telephoning your order is ONLY an option IF you are USA based

Plenty of Australian cake decoraters have been hit by this TOO  - and nearly ALL of them had no idea that is was as a direct result of shopping at GSC  -  some have wholesale accounts

I am happy to report that the website it locked down and secure and software code has be re-written as promised.  All credit card information is sent directly through the authorizing bank in an encrypted form and no longer resides anywhere on our server.

Once again, my sincere apologies in this issue.

Alan

Well, I'm sorry to say that I'm among those whose cc has been compromised and it certainly could have been from ordering things from GSA. I only order from GSA, Designer Stencils and Amazon, and while it could have happened with any one of them, this thread makes me think it might have been GSA. As much as it pains me to say this - because I'm a big fan of GSA and order lots of stuff from them - I won't be ordering again until the PayPal option is working properly. My bank actually caught the fraudulent transaction and blocked it, but I had to cancel my card. If it were just a question of getting the card replaced, I wouldn't mind so much, but I have to fly from Cancún to Mexico City to pick the card up (my bank doesn't have branches in Cancún - yeah, I know, I'm applying for a local card as we speak, but I don't have one as of now).