Cake Central › Cake Forums › Cake Talk › Cake Decorating › Anyone having trouble with checkout security at GlobalSugarArt?
New Posts  All Forums:Forum Nav:

Anyone having trouble with checkout security at GlobalSugarArt? - Page 4  

post #46 of 104
Thread Starter 
Quote:
Originally Posted by Price View Post

My credit card has been compromised twice in 1 month.  I just placed an order with GSA last week and I received my purchases on 11/21.  On 11/23  I received notice from my CC company someone tried to use my card at a Game Stop in Texas.  My order was phoned into them it was not placed over the internet.  

 

I think the Game Stop or some gaming/video place in TX was also one of the places that hit my CC.

post #47 of 104
Thread Starter 
Quote:
Originally Posted by ApplegumPam View Post

I won't use credit card for any US transactions any more - if they don't offer Paypal, I won't buy
 

I seriously think this is MORE than just 'servers being hacked'  -  as much as this term is tossed about as a reason for 'oops I said the wrong thing on FB' or 'oh sheesh somebody has grabbed your CC details'  it really ISN'T that easy to 'hack' into a SECURE shopping site.   GSA needs to investigate more and really needs to do something to restore consumer confidence - offering Paypal on all transactions would be a good start.

This form of CC fraud where your personal details are compromised from a specific shopping site is VERY COMMON amongst US sugarcraft suppliers. 
They supposedly put a man on the moon 40 plus years ago?  you wouldn't think that providing a safe & secure shopping site would be all that difficult:P

 

Thankfully GSA didn't put a man on the moon :) but I agree with your point on secure shopping....

post #48 of 104
Quote:
Originally Posted by sugarshack View Post

I do  know he said he has two large firms working on it and it is his highest priority. They do also offer paypal checkout. (I am not affiliated with GSA in any way, just passing on info). 

uhhhmmmmm, yeah...riiiiight...two large firms...highest priority...

 

I'm not buying it!

cake-hole

 -- (noun) Mouth, i.e. the orifice one ought to be using for eating cake rather than talking $#!7

Anniversary
(6 photos)
Easter
(5 photos)

cake-hole

 -- (noun) Mouth, i.e. the orifice one ought to be using for eating cake rather than talking $#!7

Anniversary
(6 photos)
Easter
(5 photos)
post #49 of 104

Even if he does have somebody working on it, if he was smart he would get on this board and make some sort of statement...what they are doing to address the problem, what you can do if your card was affected, another way you can order, etc.

That would just be a good business practice.

Tact is telling someone where to go so nicely they can't wait to take the trip!
Tact is telling someone where to go so nicely they can't wait to take the trip!
post #50 of 104
Quote:
Originally Posted by sugarshack View Post

I talked to Alan yesterday and he said their server was hacked and they are doing all they can to correct the problem.

 

Thank you Sharon for caring and getting in touch with Alan on behalf of all of us. I do believe that, as a responsible business owner, he is/will be taking measures to resolve this extremely serious problem.  I tried calling him but was not succesful and decided to try again after the Thanksgiving holidays.  In my opinion, even if their company server was hacked, there must be internal corruption since Credit Cards & email/personal information has been compromised even when making phone purchases.  About PayPal, it does show as an option but I am not sure that it works.

 

Thank you arlenej for leaving a message in their website, but I wonder if it will get to Alan.  I believe that phone calls and direct emails are probably more effective.

 

Interesting that the Game place in Texas was also one of my fraud charges among a few others!

post #51 of 104
Quote:
Originally Posted by vcheddar View Post

 

I think the Game Stop or some gaming/video place in TX was also one of the places that hit my CC.

 

Yep, same here!

post #52 of 104

To all our GSA customer.  Firstly, please accept my apologies for any inconvenience you have suffered.  You always have the ability to place internet orders using "Phone Order" as the payment type and calling in your credit card that will be manually processed and NOT placed in any software program.  You can also use Paypal which is very safe as well.

 

We are aware of the issue and have addressed it on a few forums already. Sharon alerted me of this forum thread two days ago.   We have hired a large NY city firm to work with us to rid the site of the hackers (http://www.lloydgroup.com/critical-business-services).  Unfortunately, it has been extremely difficult and we have had to have our entire website software re-written on a new platform and will have to move it to a new and more secure server.  We currently rent server space in a server farm in California called InMotion Hosting.  Last year the entire server farm was hit by a major virus- see story link. http://thehackernews.com/2011/09/inmotion-hosting-server-and-trinity-fm.html.  Our website was not immediately effected so we thought we were secure.  However,  the hackers were able to make entry into our website and deposit code that could move confidential information out to credit card thieves.  It was not activated until recently.    We first became aware of this about 60 days ago and have made numerous changes to secure the site.  Unfortunately, their technology is very sophisticated so we need to rebuild the site from the ground up to ensure it is totally secure.

 

I literally have a team of coders here at Global Sugar Art that are working 10-12 hours a day to re-write the software.  We hope the site will be completely secure within the next 24 hours.  Once the site is secure and all the software is re-written, the website will be moved to a new server.

 

Once again, I apologies for this terrible inconvenience.  Even large world-wide banks get hacked.  We are all very vulnerable in this age of computer theft.  Please do remember that we can securely process your order if you call in your credit card number or use PayPal until the site is secure within the next two days.

 

I assure you were are working very diligently on this issue and realize the disruption is causes all of us.

 

Alan

post #53 of 104
Quote:
Originally Posted by AlanT View Post

I literally have a team of coders here at Global Sugar Art that are working 10-12 hours a day to re-write the software.  We hope the site will be completely secure within the next 24 hours. 
Are you still accepting credit card orders online on the existing compromised site?
post #54 of 104

It  would be safer to call us with your credit card number today.  Once the site is secure by tomorrow, we will no longer have any access to your credit card information.  It will be sent securely and encrypted directly to the bank for processing.  So, if you need to add to your order or upgrade shipping, you will have to call us with payment information for the additions and changes.  We will no longer have access to any credit card information for US orders.

 

Once our new order admin is built and moved to a new server, we will be able to contact the credit card processor for additions and order changes.

 

Thank you all again for your understanding and patience.  I can assure you that there has been no theft from employees or people associated with GSA.  When we first had  customers  calling in their orders because of the fraud, we were running the card through a secure connection to our server.  We did not realize that once the card information reached the server it was bring stolen.  We are now processing the cards through a regular credit card terminal at our cash register.  No information being called in is being put online or anywhere in our website.

 

Alan
 

post #55 of 104
In the interest of security you should probably remove your online checkout page ASAP and direct everyone to call in with their order until the site is secure again.
post #56 of 104

Alan, Thank you for the explanation and working so hard to resolve this problem. Among CCers, GSA has a really good rep for great customer service and products - sorry this happened to you. I'll be ordering again once your site is secure.

post #57 of 104

Although I appreciate the owner providing information as to the security breach occurring on their website it is disappointing that they continued to allow orders to be placed and customers cards compromised without any notification on their site.  It was mentioned that they addressed the issue on a couple of forums but I did not see it mentioned anywhere on their own site. 

 

I am an IT professional and have had responsibility for PCI at my last company so I can appreciate the work involved for a company to constantly work towards compliancy but find the way GSA is handling the issue to be somewhat irresponsible.  As a result of all that has been said I have taken my email off of GSA's list and will not shop with them.  I found these posts just before putting in my first order with this company and I am very thankful to all of you that shared your stories of problems with using cc on GSA.

post #58 of 104

Telephoning your order is ONLY an option IF you are USA based

Plenty of Australian cake decoraters have been hit by this TOO  - and nearly ALL of them had no idea that is was as a direct result of shopping at GSC  -  some have wholesale accounts

A sense of humour is a wonderful thing  - without laughter, the world is a SUPER boring place

PS..... only smart people can read truly WITTY comments and chuckle instead of getting all miffed

Hero of all time - GODOT

 

 

www.facebook.com/applegum

Th...

Misc 3D Cakes
(1 photos)
  

A sense of humour is a wonderful thing  - without laughter, the world is a SUPER boring place

PS..... only smart people can read truly WITTY comments and chuckle instead of getting all miffed

Hero of all time - GODOT

 

 

www.facebook.com/applegum

Th...

Misc 3D Cakes
(1 photos)
  
post #59 of 104

I am happy to report that the website it locked down and secure and software code has be re-written as promised.  All credit card information is sent directly through the authorizing bank in an encrypted form and no longer resides anywhere on our server.

Once again, my sincere apologies in this issue.

Alan

post #60 of 104

Well, I'm sorry to say that I'm among those whose cc has been compromised and it certainly could have been from ordering things from GSA. I only order from GSA, Designer Stencils and Amazon, and while it could have happened with any one of them, this thread makes me think it might have been GSA. As much as it pains me to say this - because I'm a big fan of GSA and order lots of stuff from them - I won't be ordering again until the PayPal option is working properly. My bank actually caught the fraudulent transaction and blocked it, but I had to cancel my card. If it were just a question of getting the card replaced, I wouldn't mind so much, but I have to fly from Cancún to Mexico City to pick the card up (my bank doesn't have branches in Cancún - yeah, I know, I'm applying for a local card as we speak, but I don't have one as of now).

Marianna
"I know my own mind...and it's around here somewhere!"
Marianna
"I know my own mind...and it's around here somewhere!"
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Cake Decorating
This thread is locked  
Cake Central › Cake Forums › Cake Talk › Cake Decorating › Anyone having trouble with checkout security at GlobalSugarArt?