Shopneo - Possible card fraud warning

bluemango

justlooking wrote:

Despite us informing clients of this issue and recommending that you ask your Card Issuer for a new card (even if you have not been affected), some clients have not taken this precautionary measure.

Also had the same email update from Neo, Although I never received a letter through the post (my transaction with NEO was from last October and the only time I used that credit card ever), so I was NEVER informed by them at all I had to wait until I saw £358 for betting transactions on my account.

This bit of the email also made my laugh!

..any dissemination or copying of this communication is strictly prohibited. Reproduction of any part of this electronic message in print or digital form is strictly prohibited. E & O E.

So we can't repost the email, yet they can let slip our names, addresses, telephone numbers DOB and credit card details and then just stick their heads in the sand...
:mad:

Tom125

I have checked the receipts I got from Shopneo with my order again and I am a little surprised that one of them is a 'card holder not present' receipt.

I am surprised because most internet stores I use seem to use a third party for card payments (like Worldpay etc) - so they don't even see the card details. However, Shopneo seem to have processed the card details themselves.

I made the purchase online on Monday 5 February. Yet the transaction was not put through (according to the card purchase part of the receipt) until Wednesday 8th February! The card receipt also shows the expiry date and part blanked-out card number - just as if I had actually gone into a shop and paid for something myself. Does this mean that instead of the payment being taken online, Shopneo have taken the card details and manually put them through (in other words - they actually had / have the card details?) If so, surely employee fraud is a possibility??

I don't know if there is any pattern, but my card purchase receipt has 'served by: Steve Adams' on it - out of interest, has anyone else got the same???

simate

Tom125 wrote:

I have checked the receipts I got from Shopneo with my order again and I am a little surprised that one of them is a 'card holder not present' receipt.

I am surprised because most internet stores I use seem to use a third party for card payments (like Worldpay etc) - so they don't even see the card details. However, Shopneo seem to have processed the card details themselves.

I made the purchase online on Monday 5 February. Yet the transaction was not put through (according to the card purchase part of the receipt) until Wednesday 8th February! The card receipt also shows the expiry date and part blanked-out card number - just as if I had actually gone into a shop and paid for something myself. Does this mean that instead of the payment being taken online, Shopneo have taken the card details and manually put them through (in other words - they actually had / have the card details?) If so, surely employee fraud is a possibility??

I don't know if there is any pattern, but my card purchase receipt has 'served by: Steve Adams' on it - out of interest, has anyone else got the same???

Same here. It does seem odd.

buglawton

As an online shop operator I chat on some of the ecommerce forums and the idea of having one's own credit card acquisition software to store those details on one's own database is often discussed. It is quite popular in the U.S. Transaction costs are a bit cheaper as you take the info and manually process it through another secure interface thus saving on Paypal or Worldpay fees.

The idea is that the info is encrypted and part stored on the database and part emailed to the shop operator so not all the info on any one card is in one place. However the software to do this is small-time stuff and I would not trust it, so have never implemented in-store cc acquisition on our site.

Sam_M_5

Well, ive actually made another purchase from Neo, was interested to see what payments they use before finalising the payment, and sure enough they do use Paypal now. So I thought ill go for it as I trust paypal.

Now ive received my item and sure enough.. no actual receipt with card details, just a vat/transaction receipt.

Im involved with webdesign myself and set up a website for a client ages ago which involves barclays EPDQ, now there was the choice to enable the client to manually input the card details into their pdq. I was against this from the start, so its all automated online and I feel Neo have fallen victim to why its such a bad idea to have the choice of manually inputing details. Its not necessarily they got hacked, its more likely human error.

(EDIT - Im not looking to slag off Neo shop, but I feel we do need more information and too understand what has happened)

dcellwood

I payed by Paypal...is that affected too ??

Looked at my Paypal history and found nothing untoward.

danuk

it appears that paypal is ok and not affected.

Poppycat

I am not a customer of theres no ever likely to be tbh, not with the spam (never been a customer) I got from them once and now this.

How can it be human error and not hacked if money was taken illegally out of some one else card and then spent from what a seen mainly on gambling sites then that is not human error but fraud

I am not saying the criminal activties are down to shopneo however they do have a responsibility to report it to the Police and corporate with them.

Sam_M wrote:

Its not necessarily they got hacked, its more likely human error.

buglawton

Large organizations, if affected by fraud, usually 'come clean' in the end with a public statement of what went wrong and that is is now all fixed. Perhaps small co's should do the same.

Now, no publicity is bad publicity so now I've been looking at Shopneo's products, some v. cheap stuff there, not bad.

But I would never enter cc info into a page with shopneo in the url; only into one starting https followed by the correct address of a well known online payments processor.

ethansmum

I certainly didn't get the update email.

Luckily I'm with Tesco CC so I haven't had and rogue payments through, but I am pi**ed off that no-body has spoken up and told us how this fraud was able to take place.