Welcome to the updated Slickdeals redesign beta. Learn more and give us feedback. Or, return to the classic view.

Search in
Forum Thread
Rakuten (Buy.com) Discounts, Deals and Coupon Codes

Rakuten Buy.com Customers Getting Fraudulent Credit Card Charges

rrmoore 198 May 9, 2013 at 10:33 AM in Online Only (2) More Rakuten (Buy.com) Deals
Deal
Score
+156
236,262 Views
Buy Now

Thread Details

SD USERS REPORTING CREDIT CARD FRAUD VIA RAKUTEN SHOPPING SITE: 346

Many posts within SlickDeals have multiple threads about fraudulent credit card account transactions occurring within a few weeks of placing an order at Rakuten Buy.com. If you have been affected, please post your experience here so the magnitude of Rakuten Buy.com's apparent security breach and the impact on the affected Rakuten customers may be known. (Please save other issues, either regarding Rakuten, or other issues with credit card misuse to other posts.)

If you are one of the affected Rakuten customers, please make a post with (1) first date of the fraud transaction and (2) the most recent Rakuten.com order date (if there was one).
The most important thing however is to just be counted, if you're one of the affected customers.

RAKUTEN SHOPPING would like to hear from you directly:
*PHONE: Nick Thompson (Head of Customer Experience) 877-880-1030, ext. 2095.
*E-MAIL QUESTIONNAIRE: http://slickdeals.net/forums/showpost.php?p=60106758&postcount=622 -- Dedicated e-mail address rakuten-help@mail.rakuten.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Newspaper & Other Media Reports on this recent Rakuten/Buy.com Apparent Security Breach:

Consumer Reports The Consumerist [Jun-6-2013] -- "Here’s Everything We Know About The Rakuten/Buy.com Credit Card Breaches" -- post by 'steveliv', updated 'daniel32'
http://consumerist.com/2013/06/06/heres-everything-we-know-about-the-rakutenbuy-com-credit-card-breaches/ --and--- http://consumerist.com/2013/06/10...seriously/

New Jersey Record News [May-28-2013] -- "Bogota Police Warn Website Users of Suspicious Charges" -- posted by 'AnnoyedwithRakuten'
http://www.northjersey.com/news/B...l?page=all

Yahoo! Finance & MoneyTalksNews [Jun-6-2013] -- "Rakuten.com Customers Reporting Credit Card Fraud" -- txs 'krazyshopper'
http://finance.yahoo.com/news/rak...31825.html and http://www.moneytalksnews.com/201...ard-fraud/

Gizmodo via RakutenFraud.com [Jun-7-2013] -- "Gizmodo Announces They Will No Longer Post Rakuten Deals" -- txs to 'RakutenFraud.com'
http://rakutenfraud.com/2013/06/g...bORZRHn81I

StoreFrontBackTalk [Jun-12-2013] -- "Rakuten Breach: Live By The Web, Get Punished By The Web" -- txs to 'RakutenFraud.com'
http://storefrontbacktalk.com/sec...y-the-web/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Summary of the conclusions made by the contributors of this forum:

(1) Identity thieves obtained credit card #'s and SSN #'s from some Rakuten Customers
[Ref: News Story & NJ Police Interview http://www.northjersey.com/news/B...l?page=all -- 'AnnoyedwithRakuten']
[Ref: Additionally http://www.bergendispatch.com/art...arges.aspx]
[Ref: 'scotthall3411' Post #462, etc.]

(2) Many other users have been affected outside of the SlickDeals community
[Ref: Specialized Site Now Available: http://rakutenfraud.com/]

(3) The apparent security breach is not limited to just customers who placed orders. Several have reported credit card details were taken from their Rakuten My Account screen.
[Ref: 'Cletus81' Post #435, 'missmex1' Post #445]

(4) The apparent security breach was not at the credit card payment processing agent.
[Ref: 'mirai' Post #437]

(5) Customers using credit, debit cards and Gift Cards have been affected.
[Ref: Thread postings and external sites.]

(6) Almost 100% of all fraud reports are from customers who gave Rakuten their credit (or debit) card directly (rather than using payment gateways or other payment methods (gift cards, etc.)
[Ref: Thread postings.]

(7) Many customers were able to uniquely identify Rakuten as the source of the credit card theft.
[Ref: Many thread postings from customers using a one-time Virtual Credit Card Number, a new credit card only used at Rakuten, or a new Gift Card.]

(8) Rakuten Buy.com denies that any security breach has occurred, though they are "cooperating with police".
[Ref: News Story & NJ Police Interview http://www.northjersey.com/news/B...l?page=all -- 'AnnoyedwithRakuten']

(9) Using a Virtual Credit Card Number or Gift Cards at Rakuten may not be the best alternative.
[Ref: 'GPz1100' Post #205, Post #447, etc. Several affected customers posted their VCCN's later breach caused the credit card company to reissue a new card.]
[Ref: 'namlook' Post #449, etc. Hacker's later emptied the gift card or sold the balance on eBay.]
[Ref: 'bargainfinder09' Post #449 Must close VCCN out afterwards.]

(10) The apparent security breach still exists at Rakuten today, and a Rakuten customer order is not required to generate the subsequent CC fraud.
[Ref: 'Edxzxz' Post #583]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please scroll down to the Wiki for important messages from users
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full Text of the News Story] New Jersey Record News [May-28-2013] -- "Bogota Police Warn Website Users of Suspicious Charges"
BY DENISA R. SUPERVILLE, STAFF WRITER // Link: http://www.northjersey.com/news/B...l?page=all

BOGOTA – "Local police are asking anyone who has used the website Rakuten.com, formerly Buy.com, to look out for suspicious charges on their credit cards." The police department started investigating three cases in which residents complained of fraudulent charges on their credit cards and has since discovered five additional victims, including one in New York City, Bogota Detective Sgt. Jonathan Misskerg said Tuesday. The single thread between the victims is that they have made purchases on Rakuten.com in the past three months, police said. The victims’ names, Social Security numbers, dates of birth and credit card information were used to open accounts at online equipment suppliers, police said.

The purchases, made at five online stores, included gas valves and warehouse time clocks and totaled around $10,000, Misskerg said. The buyer was traced to an address in Bogotá, Colombia, Misskerg said. After the items were purchased, they were sent to an Englewood company, which then shipped the items to Colombia, Misskerg said. Police declined to identify the Englewood company, saying that the owner was cooperating with authorities and that it remained unclear whether he was part of the scheme. But since investigators first spoke with the company’s owner, someone electronically deposited funds in the company owner’s account — enough to cover the cost of shipping the items to Colombia, Misskerg said. “We’ve seized the packages and additional merchandise,” Misskerg said Tuesday. “We are going to try to shut him down at this point.”

Rakuten.com, a Japan-based online retail company completed its purchase of Buy.com, a California-based online market place, in July 2010. The website was rebranded as Rakuten.com this year. A company representative said Tuesday that the company had not been contacted by the local police, but that it would cooperate with authorities. “If there is a police investigation, we are not aware of it, and we have not been contacted,” said Mark Kirschner, the company’s executive officer for global marketing, adding that the company takes such reports “very seriously.”

However, an online message board [SlickDeals.net] contains several comments from posters claiming to have used the website and complaining about fraudulent charges on their credit cards. Kirschner said the company was aware of the website and had made overtures, “without success,” to those claiming to be affected. He urged those affected to contact the company’s head of customer experience at 877-880-1030 ext. 2095. Kirschner said he was unaware of any security breach or hacking incident that could have compromised customers’ information.

If anyone suspects that he or she may be a victim of identity theft, he or she should fill out an identity theft report at ftc.gov/idtheft, police advised. After doing so, the individual should take a copy of the report to the local police department and place an initial fraud alert with all three credit bureaus. The investigation was continuing, and as of Tuesday no charges had been filed, police said.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full Text of the News Story] Consumer Reports The Consumerist [Jun-6-2013] -- "Here’s Everything We Know About The Rakuten/Buy.com Credit Card Breaches"
By Laura Northrup // Link: http://consumerist.com/2013/06/06...-breaches/

Starting about a month ago, rumblings began on the SlickDeals forums among people who had recently made purchases from Rakuten Shopping, the new brand name of the marketplace Buy.com. The purchases made were diverse, ranging from time clocks in Colombia to newspaper subscriptions in Cleveland to plane tickets in Germany. Something is very, very wrong here: hundreds of victims from recent months have come forward on Slickdeals alone.

Rakuten Shopping is a sort of online mall: the site allows other vendors to set up their own “marketplace” stores and sell items. Users have reported fraudulent credit card transactions after purchases from a variety of marketplace vendors.

Rakuten staff reach out to complainers on Facebook and even on the deal forums, asking victims to call in order to straighten things out. If they have a solution in progress, Rakuten has not let customers know, including victims. While talking too much about it publicly might compromise the investigations, victims are unhappy that the only thing they’ve heard from the company is “call us!” to people whose cards have been breached. Apart from the threads on the subject on shopping sites, victims have started their own site, the appropriately-titled RakutenFraud.com.

If having fraudsters make purchases for up to $10,000 on your credit cards isn’t scary enough, the Newark Star-Ledger reports that some victims had new accounts opened up using personal information––their birthdates and Social Security numbers––that you don’t need to provide to Rakuten as part of a purchase. If you’re a victim, what should you do? Contact your credit card company and your local police, of course. You should also contact the merchant where your card was used: after all, they’re a victim too.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

SLICKDEALS USER NAMES WHO REPORTED CREDIT CARD FRAUD AFTER A RAKUTEN ORDER
  1. rrmoore
  2. tprevett
  3. motorolaX
  4. rebutiw
  5. cpeed
  6. jastisatya
  7. rbcrewser
  8. avishah
  9. koyhbae
  10. avatar13
  11. sakdeals
  12. Udis
  13. slinson
  14. hagure
  15. Amaylin
  16. jbiz
  17. fatt1974
  18. Friend of Sonic
  19. Missiethegal
  20. bonkman
  21. Marekv
  22. chote
  23. guyver2077
  24. rarmortn
  25. jefflam79
  26. drydeniv
  27. wezlypipz
  28. shahhet2
  29. keeplow.com
  30. cindyc1122
  31. kevinca
  32. chihuahua8383
  33. small_stuff03
  34. ek9cv5
  35. jmgjj
  36. deaconx31
  37. virbla
  38. lds322
  39. vsspam
  40. dealjourney
  41. villageidiot
  42. sproqit
  43. mrstak
  44. Ichen5
  45. nitish
  46. bigboco
  47. igorjrr
  48. Argantes
  49. HJFarnsworth
  50. vapers
  51. subpar101
  52. ktatka13
  53. callsoldier83
  54. speedyg
  55. jump4deal
  56. daniel32
  57. victoras
  58. Cptobvious
  59. blueskiesnh20
  60. buyforsalemit
  61. HockeyPuck16
  62. dealinneed
  63. bigdeal5189
  64. Zelucifer
  65. jho
  66. nismo13GTiR
  67. Newnameforme
  68. Tennisjon2002
  69. killab77
  70. dogert
  71. SDRebel
  72. xthundaz
  73. Link2999
  74. guy_on_The_sofa
  75. DraftBuyer
  76. tortoise
  77. isokramer
  78. shreyasr
  79. doctaFingaz
  80. lotsalotsadeals
  81. scotthall3411
  82. 68droptop
  83. tda388
  84. azisme
  85. haggle_master
  86. wjc
  87. nyarrow
  88. DavidandDenise
  89. mustsav3
  90. aerofreaky11
  91. 68droptop
  92. yuchar168
  93. singal3
  94. ceelove
  95. Atari
  96. adanyc
  97. dirtmaster
  98. FlyingNun
  99. CBdelta
  100. sindeko
  101. rexb
  102. peteh555
  103. sumo28
  104. DMUE
  105. tortoise
  106. mirai
  107. thoror
  108. jcrash
  109. HDTiVoFan
  110. jcknows0
  111. abels
  112. Satsusi
  113. AnnoyedWithRakuten
  114. DPackMan
  115. cleaver
  116. mattsgarage
  117. nksnk
  118. wand
  119. j1huynh
  120. zetasoul
  121. highland1024
  122. Sam-Heek
  123. sightlessnet
  124. baxao1
  125. binji
  126. robinski_
  127. faiz_23
  128. gazr
  129. dealer007
  130. nikla
  131. bnizzle
  132. tarzan1234
  133. BadBrent
  134. yuchar168
  135. marlin29311
  136. xseanx
  137. kachelma
  138. psychojinx
  139. c627627
  140. snknk
  141. morpheus282
  142. coolcyber
  143. syncros123
  144. thriftyscrooge
  145. tialfred1
  146. semifast
  147. suril
  148. namlook
  149. hou1960
  150. jll544
  151. bongchoi21
  152. pjdavep
  153. dholu
  154. kskreider
  155. trencher7
  156. ohhyeeaahh
  157. oracleprogrammr
  158. KimmyKim
  159. anup_c_21
  160. theturnmaster
  161. jerry520ever
  162. supacala
  163. rite237
  164. richman
  165. singingintherain
  166. un_plug
  167. asdfghasdfgh
  168. rbv_shard
  169. NY2008
  170. nevermindvicky
  171. darkonex
  172. MonkeyChops
  173. mehrab012
  174. Badronald
  175. trueman1xfz
  176. TuncerY
  177. andychoi
  178. Chuggington
  179. drucula
  180. wquach
  181. HkB
  182. CheapBastardX10
  183. sky0102
  184. AkumaX
  185. attmci
  186. vodanh1982
  187. Tintinet
  188. k9homan
  189. diytech123
  190. kjmott
  191. mf6764
  192. thewatcher07
  193. cnewsgrp
  194. goldenone23
  195. bossusa
  196. Carkis
  197. ohhgourami
  198. cmm0325
  199. omendt
  200. ducky2802
  201. SlikRick
  202. teja9999
  203. kevvinz
  204. TP78
  205. shahnm
  206. DiabolicPumpkin
  207. blackoper
  208. gryphus
  209. mimi_mechant
  210. JoshMcMadMac
  211. bkiserx7
  212. EricW4226
  213. gimmie
  214. ghost5189
  215. sandman8288
  216. miziyuan
  217. rbreding
  218. JackDough
  219. Evenstar979
  220. Cletus81
  221. ecf
  222. bargainfinder09
  223. missmex1
  224. Chris29
  225. xiesanshao
  226. RoundSparrow
  227. bpp
  228. Krystm
  229. WhiteShadow1
  230. ilyap30
  231. bijju
  232. stingraysix
  233. santiagoanders
  234. compuguy1088
  235. photo00001
  236. Devius1
  237. parasitemite
  238. Princeton85
  239. contraium
  240. JavierH
  241. girishvk
  242. OnlyDealz
  243. elslicko
  244. Reallynotnick
  245. ieclipsie
  246. john_kc
  247. icdedppl
  248. knightracer
  249. scoutconnor
  250. silverforumsurf
  251. cazicthule
  252. mister_x
  253. produke
  254. minhquan2106
  255. FayEvelynSchlob
  256. Zechs19
  257. peterstevens
  258. TXGoat
  259. gbkims
  260. anzix
  261. pbmpharmacist
  262. Edxzxz
  263. bbf
  264. anakha
  265. vanburen0875
  266. sklar
  267. Funkorama
  268. lukeS1969
  269. twhite91
  270. vailr
  271. 1111111111
  272. SinceCCF
  273. LandonsDad
  274. ewiz77
  275. o0SlickMaster0o
  276. fvpawli
  277. kevin2011
  278. DocMo
  279. PharAway
  280. misterpooter
  281. kankri99
  282. skv
  283. mychaelp
  284. DaMostUnknown
  285. klatka13
  286. magicfame
  287. PokerKnight
  288. odysseyelite
  289. majorjohn
  290. taimeili123
  291. IlikeSD
  292. chis101
  293. amdk9
  294. chener
  295. jayhsu
  296. randalsw
  297. GottaLoveAZ
  298. BSoares
  299. fedechat
  300. DrunkenSoul
  301. turbobuick86
  302. viper87227
  303. BigChiefTaco
  304. HOO-MAN?
  305. HeavenlySkies
  306. TiredDog
  307. dipperq
  308. zaku178
  309. VirginiaBob
  310. ilya980
  311. rigamortis
  312. Genius4sho
  313. epicd2012
  314. thekedar
  315. drinkingbird
  316. djkyle65c
  317. peanut932
  318. plastik3000
  319. dersimden
  320. MarcSparks
  321. kxc262
  322. xtrabad
  323. yourownhero
  324. rebo0t
  325. ewh2002
  326. Chai
  327. finnadat
  328. MichaelM7154
  329. sleddie
  330. pood
  331. lampakky
  332. blueiegod
  333. spyderfang
  334. monster888
  335. hantidam
  336. nilmot
  337. dokiant
  338. Ashane
  339. dezenutz
  340. blazin-asian
  341. crocodile
  342. roleypoleyfoley
  343. alexboroda
  344. Ray97
  345. echostorm
  346. supercopofhongkong

886 Comments

38 39 40 41 42

Sign up for a Slickdeals account to remove this ad.

#586
Quote from deelseaker View Post :
If this is true - and you are absolutely sure that your PC/network connection are not compromised - then it's beyond calling and requesting. It's at a point where the authorities should be seizing Rakuten's servers. Not trying to accuse them - but it can't be ruled out at this point that they may be part of the problem.
Not a single day goes by that I am not buying several things online using cc's - but the only cc rakuten has my info on is the only cc I've had fraudulent charges on, and only rakuten has that card info (aside from me and chase bank). no ifs/ands or buts about it, rakuten is the link, and since I never even followed through & placed an order, wherever the theft is taking place, it's directly from rakuten's customer accounts, and almost immediate access to cc info is what's happening, since the fraudulent charge was attempted within less than 48 hours of me putting that cc info on my account with rakuten. If the problem was the security on my pc/network, I'd have had other issues with other cc's, but I haven't (plus, we have a firewall on our server, I have norton on my pc, not that either is bulletproof, but I've never had cc issues other than rakuten).
Reply Helpful Comment? 0 0
L5: Journeyman
198 Reputation
Original Poster
#587
Quote from Edxzxz View Post :
I went on Rakuten last week for an ipad deal, updated my account info since I hadn't purchased anything from them in a long time (since it was buy.com), used a chase card I hadn't used for a single thing in over 2 years - did not conclude the purchase since the price changed at checkout. This morning I get a fraud alert from chase saying there was an attempt to charge $1,500 to my card. This is absolutely without a doubt rakuten that allowed my cc info to be stolen. Everyone should call rakuten and insist they wipe their personal and payment info off their site.
WOW, your posting is a huge acknowledgement of many things! You've completely proven that:

(1) The breach STILL EXISTS TODAY at Rakuten.
(2) A Rakuten customer doesn't need to actually complete the order process to generate later fraudulent CC transactions.
(3) Even if Rakuten was a prime target in the DoJ's $200 Million hacker case, Rakuten hasn't been able to seal the breach.

And they're still continuing on as business-as-usual and not informing customers? I'm not that knowledgeable on legal maters, but it would seem to me that this may be a very large case one day for a high-profile lawyer. (Should anyone doubt the credibility of the 'Edxzxz' post, please note that he's at the 'Grand Teacher' deal-poster-level since 2006.)

Quote from deelseaker View Post :
If this is true - and you are absolutely sure that your PC/network connection are not compromised - then it's beyond calling and requesting. It's at a point where the authorities should be seizing Rakuten's servers. Not trying to accuse them - but it can't be ruled out at this point that they may be part of the problem.
Something does have to happen, and soon. Even recent Rakuten customer visits are causing CC fraud? Shouldn't the CC companies be furious at Rakuten right now and demanding immediate action, or is this still something they're willing to absorb? Shouldn't Rakuten be so concerned about it that they'd setup a few hundred mock customer accounts, put their own screen capture program on each c/s rep's PC, and narrow it down a little?
Each SD Registered User incident must generate another 20-50 non-SD-user CC fraud activities, all correlated by their Rakuten purchases or visits.
Reply Helpful Comment? 0 0
#588
Interesting! Consumerist is claiming they received a statement from Rakuten. I sure don't believe a word Rakuten says though.

http://consumerist.com/2013/06/10...seriously/
Reply Helpful Comment? 0 0
L5: Journeyman
198 Reputation
Original Poster
#589
Quote from rakutenfraud View Post :
Interesting! Consumerist is claiming they received a statement from Rakuten. I sure don't believe a word Rakuten says though
Rakuten's response to the Consumer Reports "Consumerist" article (http://rakutenfraud.com/2013/06/a...bYr4RHn81I) tells me a few things:

(1) They still don't know what's causing the ongoing fraud activities. It absolutely doesn't mean, as they'd like to promote, that fraud is impossible at their site. Regardless of whether or not they find the problem, SD and many other sites continue to show that the problem is definitely still occurring.

(2) Since they didn't say anything about the "$200 Million Credit Card Fraud" news story, they either are not one of the affected online merchants, or they haven't yet been told by the DoJ that they're one of the affected merchants. (I think the DoJ would have told them by now.)

(3) Could this possibly increase the likelihood that it's a human-resource issue at Rakuten, rather than a technology problem? I wonder if they still let all their C/S reps have access to complete customer credit card details? (A terrible policy that gives anyone access to our CC info.)

(4) Rakuten said they've already made a number of changes internally including a credit card purchasing 'token', etc. Didn't Rakuten think about implementing these privacy strategies a few years earlier? After all, their business is more of a front-end processing agency, rather than a product distributor. They only respond to issues well after they cause havoc with customers?

(5) It's not 'good news' for Rakuten customers, although it may be a little better news for Rakuten new customers. As long as the continuing credit card fraud continues in small groups at a time (smart strategy for the hacker), the credit bleeding will probably continue with Rakuten customers.

(All those Rakuten customer details seem to be already out there. Any steps Rakuten takes now will not stop the fraudulent activities from occurring to their registered customers, until those Rakuten customer credit cards expire.)
Reply Helpful Comment? 0 0
#590
Quote from rakutenfraud View Post :
Interesting! Consumerist is claiming they received a statement from Rakuten. I sure don't believe a word Rakuten says though.

http://consumerist.com/2013/06/10...seriously/
imho, when a company releases a statement that would fail a third grade English class, I am less than impressed:
"To date, neither we nor our hired experts have been unable to identify any breach of our systems that would explain any of these reports."
Reply Helpful Comment? 0 0
#591
Quote from Edxzxz View Post :
imho, when a company releases a statement that would fail a third grade English class, I am less than impressed:
"To date, neither we nor our hired experts have been unable to identify any breach of our systems that would explain any of these reports."
Cute. I didn't even catch that typo when I chose that selection to quote on the website. I think I am equally as impressed with them now.
Reply Helpful Comment? 0 0
#592
Wow! Just read about the Rakuten CC issues on consumerist.com... and now I know why I got a fraudulent charge on my CC.

I haven't bought anything from Buy.com in years, on April 17, I buy some items, and BLAMMO April 28, I get a >$1500 charge to my CC. I have the CC send me an alert if a large sum is charged to the card, so I called the CC company up immediately and disputed the order and they closed my account.

Apparently, that didn't cancel the order, it was still shipped to my address, but they left a door tag. Luckily, the fraudsters didn't grab the door tag from my door... and when I called the delivery company the next day, they had stated that somebody had called asking to pick up the delivery!!!!

Meh... I told them that I had already cancelled the transaction and that they should return the merchandise and call the cops on the guys coming to pick up the items... dunno what happened... they probably just returned the items back to the sender. :-<

I use the CC a lot, so didn't know who was at fault... I had trusted Buy.com before they became Rakuten, so did not suspect them... Buy.com was one of the first internet mail order companies I dealt with back in the late 90's, early naughts. I trusted them....

Oh well, Rakuten/buy.com hasn't been getting my business lately because newegg and amazon have done a better job with the tech stuff I want to buy. And because of this incident and the BS denial from the Rakuten reps to the consumerist.... RAKUTEN/BUY.COM will NEVER get ANY business from me EVER AGAIN!

Slickdeals should ban their deals from their site to protect slickdealers until Rakuten comes clean.

PS I hope my CC Company sues the crap out of Rakuten for damages.
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

L5: Journeyman
198 Reputation
Original Poster
#593
Quote from bbf View Post :
April 28, I get a >$1500 charge to my CC ... it was still shipped to my address, but they left a door tag ... and when I called the delivery company the next day, they had stated that somebody had called asking to pick up the delivery!!!!
You're right in that average 10-14 day window that the hackers or fraud artists seem to like the most. It makes me think that it could be something as simple as Rakuten storing its weekly customer data system backups in a way that has them continually subsequently breached. Or, it's a deliberate wait in order to distance the hack from the initial Rakuten order date.

There have been others in this thread who also had the fraudulent order's goods shipped to their homes.
If you're in that category, perhaps send a PM to 'bbf' to get a dialog going to maybe gain some insight.


The police are missing a great opportunity if they don't get a call from the courier on that fraudulent pickup attempt, though I doubt the courier counter rep will go through the additional steps. Better yet, would be if that happened, and the police investigated it and saw this thread. I'm still hoping that one day that will happen and something will really break open in this case.

You've now become the 263rd registered SD User who has been personally affected by the Rakuten security breach.
(I thought it was bad when 30 users came forward. Now we're quickly approaching 300 affected registered SD Users.)
Reply Helpful Comment? 0 0
#594
Hi rrmoore,

We want to assure you and all our customers that we take all reports of this nature very seriously. We are investigating the issue at length, so far bringing in a series of specialists and a third-party technical forensics company to try to identify why this should be. Despite their and our efforts, we cannot identify any breach in our systems that would explain these reports. We want to work with you and anyone who feels they have experienced any unusual activity after making a purchase with us to try to resolve these issues. We understand your concerns and want to reiterate that we investigate all such issues in great detail.

Please help us to help you, and anyone else concerned, by contacting our head of customer experience, Nick Thompson 877-880-1030 ext. 2095 to discuss specific issues, or call me, Bernard Luthi, CMO to discuss any more general concerns on ext. 2129 if I can be of any more help.

Bernard Luthi, CMO, Rakuten.com


Quote from rrmoore View Post :
Rakuten's response to the Consumer Reports "Consumerist" article (http://rakutenfraud.com/2013/06/a...bYr4RHn81I) tells me a few things:

(1) They still don't know what's causing the ongoing fraud activities. It absolutely doesn't mean, as they'd like to promote, that fraud is impossible at their site. Regardless of whether or not they find the problem, SD and many other sites continue to show that the problem is definitely still occurring.

(2) Since they didn't say anything about the "$200 Million Credit Card Fraud" news story, they either are not one of the affected online merchants, or they haven't yet been told by the DoJ that they're one of the affected merchants. (I think the DoJ would have told them by now.)

(3) Could this possibly increase the likelihood that it's a human-resource issue at Rakuten, rather than a technology problem? I wonder if they still let all their C/S reps have access to complete customer credit card details? (A terrible policy that gives anyone access to our CC info.)

(4) Rakuten said they've already made a number of changes internally including a credit card purchasing 'token', etc. Didn't Rakuten think about implementing these privacy strategies a few years earlier? After all, their business is more of a front-end processing agency, rather than a product distributor. They only respond to issues well after they cause havoc with customers?

(5) It's not 'good news' for Rakuten customers, although it may be a little better news for Rakuten new customers. As long as the continuing credit card fraud continues in small groups at a time (smart strategy for the hacker), the credit bleeding will probably continue with Rakuten customers.

(All those Rakuten customer details seem to be already out there. Any steps Rakuten takes now will not stop the fraudulent activities from occurring to their registered customers, until those Rakuten customer credit cards expire.)
Reply Helpful Comment? 0 0
#595
Quote from Meatballs808 View Post :
So are all these problems with just the US rakuten site or also with the global site? I would like to purchase something from the global site but they do not take Paypal and I don't think they take v.me. I haven't found anywhere else to get these items other than merchants in Japan. I'm pretty wary of rakuten as a whole right now though.
I would like to know this as well. I made an order recently on their global site and if I had known about all these CC fraud issues, I would not have risked ordering. I'll keep a close eye on my account for now.
Reply Helpful Comment? 0 0
#596
This is an interesting/informative thread. I had a card stolen about a year and a half ago and then again a few months ago, so I decided to see if there was a correlation. These are the facts I think are relevant (both for and against):

In line with the speculation that this is an ongoing problem since 2007, I made a purchase from buy.com with a credit card in August 2011. It was stolen in September of the same year. At the time, I was suspicious that it was from another source because I had just completed a purchase from arcsoft.com (payment provider Global Collect [ASKNET-SHOPS.COM]). The charges were made at j2fax.com, JAM Software, and Cleverbridge (for a software license).

More recently, my card number was stolen in March of this year. At the time, I was a bit suspicious of the BitDefender "free" license I paid $0.26 for in February (AVANGATE.COM was the payment processor), but I never really considered Rakuten. After reading this thread I was curious because I hadn't purchased anything from them in a while.
I looked through all my receipts and I haven't made any purchases there since the prior time my card was stolen. Interestingly though, I went back and checked my browser history. On Feb 20, I tried to order something from Rakuten on an SD card deal that was posted here at SD. The purchase either didn't succeed (OOS?) or I decided not to buy. Apparently, I did login, add a payment option (my new credit card), and get all the way to the Review Order page.

In my mind, the second instance corroborates the stories of people saying they didn't even have to complete a purchase for their info to be stolen. I am now very curious about two other times my credit card number was stolen (I don't have all the pertinent info right now, but if I find anything I'll post it -- I do know I used them on buy.com though). FWIW, the last two cards were AMEX cards, while the two prior times were an AMEX and a Discover (this was during the time when Discover decided to discontinue the single-use numbers before bringing them back).

Full disclosure: Both of those cards were used extensively online (and in person on rare occasions). They also both had the induction-powered smartchip embedded (for those who are aware of the fraud potential from a simply constructed reader at a moderate distance)

I know it's been mentioned by a few people, but just to reiterate a fact about Discover single-use cards: once they are used with a merchant, Discover will not authorize any charge from a different merchant on that number, period. This could explain why the people with Discover cards seem to have experienced this problem less frequently.
Reply Helpful Comment? 0 0
#597
Quote from dijin View Post :
I would like to know this as well. I made an order recently on their global site and if I had known about all these CC fraud issues, I would not have risked ordering. I'll keep a close eye on my account for now.
I haven't had any issues ordering from their Japanese site as I posted before. In fact I've made a few purchases, but do remember that the billing info gets passed to the individual merchant on the Japanese side, Rakuten does not to the processing for 3rd parties. I've ordered from amiami, terraformer and others in the last 6 months without issue on Rakuten JP.
Reply Helpful Comment? 0 0
L5: Journeyman
198 Reputation
Original Poster
#598
[Response to Bernard Luthi, CMO, Rakuten.com -- see earlier posting by 'Rakuten_Staff']
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

June 10, 2013

Re: Reports of Credit Card Fraud Amongst 263 Registered Users of the SlickDeals Online Deal Site

Dear Mr. Luthi,

Quote from Rakuten_Staff View Post :
Despite their and our efforts, we cannot identify any breach in our systems that would explain these reports.

Nevertheless, the fraudulent occurrences did occur, and are continuing to occur, as a result of purchases made at the Rakuten shopping site. As you can see by the individual postings, customers have used unique one-time-use "Virtual Credit Card Numbers" which were later compromised. This alone pin-points Rakuten as the origin. Others pin-pointed Rakuten as a result of using new credit cards, gift cards, etc.

We appreciate that it has probably been a frustration for Rakuten to not find the source of the leaked Rakuten customer credit card information to date. Every crime leads clues that should be able to help your team to find the methods utilized by the criminals that were/are responsible.

In this social media thread, one of those clues is the 10-14 day delay in the date of the first fraudulent transaction that followed the Rakuten customer order. Is that to intentionally distance a possible internal employee from being the source of the breach? Can you account for the absolute unbreakable encryption privacy of your customer data file system backups? Some have suggested a possible user key-logger virus may have been installed at your site, but I imagine your external systems auditors looked at that early on in their investigation. The malicious hacker is very good at his trade, both in knowledge and skills. Is it possible he's able to enter your system and exit without leaving a trail? (It’s something for your systems auditors to look at.)

As you know, two things need to be accomplished by your staff and systems auditors: Find the cause of the leaked customer credit card details and dramatically improve Rakuten's customer privacy for the future (both in systems and staffing fuctions). We both know how this will play out in the future if your team is unable to accomplish these tasks.

Quote from Rakuten_Staff View Post :
We understand your concerns and want to reiterate that we investigate all such issues in great detail.

As you can see from the historic posts of all the registered users at this site (outside of this particular thread), the 263 affected users historically had no "ill-will" towards Rakuten, outside of the onset of this very serious personal credit attack by malicious fraudulent persons. We are not at all upset with the sales, marketing, distribution, or other departments within Rakuten. The problem for all of us is specifically this one area: Secured Privacy of Our Customer Financial Data. We're more than "concerned" about the incidents. For some of us, the attack on our credit has gone far beyond the physical issuance of a new credit card. For some of us, this has already impacted our credit profile at the credit reporting agencies.

How can you narrow down the root cause of the leaked credit card details? You should know that you need to do everything in your power to find the source. I'm assuming you have some pretty qualified people available to do this. However, if they've been unable to pin-point the source, then they're looking at the wrong places, or the evidence of the hacked entry point is no longer there, or you have contracted with the wrong systems specialists.

Here are some ways you can accomplish this:

-- Your systems need to log user views of every customer service rep who views any Rakuten customer screen displaying credit card information. The financial industry utilizes a similar audit trail.

-- Have a Rakuten staff-member or technology consultant setup 50 new user accounts over the next few days from outside your premises. Try to vary each one a little. One could make a Visa purchase, another with Discover. (Perhaps the credit card companies could give you a bank of temporary numbers to assist you in solving the problem.) One order could be with a MarketPlace merchant, another direct. One could just setup an account, store the credit card number, and nothing more. One order could setup the account after adding to the cart, another would setup an account at the end -- or login at the end. (I think you're getting the idea.) Each time, they should use a uniquely identifiable payment method. Setup your systems to monitor and track every routine or individual that ‘looks’ at the unique (virtual) credit card number. Perhaps you should do the same with 50 existing user accounts.
Note: Of course, all of these suggestions will be for-not if the hacker, "middle-man" or fraud-artist is already monitoring this forum.

-- You need to ask American Express, Discover, Citi, Chase, etc., to report on the total number of their cardholders who disputed a transaction within 15 or 30 days of a Rakuten transaction. (Alternatively, they could just report on cardholders who were compromised and given new cards, but that would not include those who merely disputed the fraudulent transaction.) We’re not asking you to report that number outside of Rakuten. However, this number will show you a very significant correlation number. This may be a very large internal "wake-up call" that will really motivate your management team towards solving this problem once and for all.


-- [the thread members might also post suggestions, especially if they have a background in the technology, online shopping, credit card or internet industry]

The most important message that we could all leave with you is that, just because your team hasn't been able to prove a security breach, doesn't mean that one hasn't occurred (or is continuing to occur). (Perhaps the external consultants need to be paid upon on finding the source of the breach, rather than in certifying your existing infrastructure.) See definition of "Group Think". (http://en.wikipedia.org/wiki/Groupthink) You have the opportunity to really break out into the online shopping world to rival Amazon perhaps, but not if you get stuck with problems over customer privacy.

The source and style of the previous Rakuten customer credit attacks must become known. Then, new procedures must be put in place for the future. Please know that whenever this problem gets solved completely, you'll probably have all customers returning as confident, satisfied and reassured customers. Until then, perhaps you haven't found the right external systems consultants to solve the problem.

If there’s something more specific that we can do as a group, please don’t hesitate to ask – beyond making 263 individual telephone calls to your Customer Experience Manager and hearing again about “128-bit security”. Also, I'm not sure that anything can be gained by having 263 customers each make a 10-20 minute telephone call -- especially in hearing the responses from the users who already made previous calls. If you did want to collect the specific time periods of first-fraud-attempt and prior-Rakuten-order, feel free to use me as a resource to collect those two key dates (without user names) from the 263 affected users and report them back to you by private message. Other users may be willing to provide you with more information directly.

We trust that one day you will solve this problem.
Reply Helpful Comment? 0 0
#599
I love how people skipped over Rakuten's supposed response in this thread except for the OP. Who knows if they will even read your response rrmoore. I for one would like to see their response to you.

I don't believe for a second that if they hired outside people that they can't find out what's going on or some trace of it. It seems like a more sophisticated way to stay on the deny deny deny train.
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

#600
Be sure to ask your bank if they left a bad mark on your account after they fixed up the fraudulent charges. After an incident like this banks will often leave a note on your "bank credit report" that reports to other banks nation wide. The notes are often vague and other banks will just view you as irresponsible/high risk customer even if it was not your fault. This also applies only for those who had their check card stolen. But I also believe having fraud changes on your credit card will damage your credit score.
Reply Helpful Comment? 0 0
Page 40 of 60
38 39 40 41 42
Join the Conversation
Add a Comment
 
Slickdeals Price Tracker
Saving money just got easier.
Start Tracking Today
Copyright 1999 - 2015. Slickdeals, LLC. All Rights Reserved. Copyright / DMCA Notice  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)