Anyone having trouble with checkout security at GlobalSugarArt?

Decorating By vcheddar Updated 5 Dec 2012 , 2:18am by costumeczar

virago Posted 23 Nov 2012 , 9:03pm
post #31 of 110

Owner of GSA is Chef Alan Tetreault...

 

He is a member of Cake Central community under profile AlanT...ref http://cakecentral.com/u/291753/alant. Prior to my card being compromised, I PM'd him hoping he would join this discussion. He's responded to threads in the past, but I can't find any recent posts. Maybe he doesn't frequent Cake Central anymore?

 

GSA business appears to be growing...as of Aug 2012 was slotted to expand (see http://pressrepublican.com/0100_news/x236908387/Global-Sugar-Art-continues-to-grow for details)...sure hope he cares about this website security issue.  

arlenej Posted 23 Nov 2012 , 11:13pm
post #32 of 110
Quote:
Originally Posted by SweetTzippy 

YES!!!!!
After my last two purchases @ GSA my CC (two different ones) were compromised!!!!!
I think we should contact Alan, the owner, and let him know that this problem might affect his business sales.


I truly didn't think of doing this. I was prepared to just not shop there anymore. So I hopped across to the GSA site and left an e-mail. Hope they
're able to act on it......and I was careful to say 'it would SEEM that CC info is being accessed from the site'

KoryAK Posted 24 Nov 2012 , 2:32am
post #33 of 110

AOMG you guys just helped my realize how my card recently got compromised! I rarely use my debit card and on 11/16 ended up with $1600 in fraudulent charges to a range of advertising companies across the country from me. Because of this thread, I just checked and sure enough I placed a GSA order on 10/17!

Because it was my debit card and not a credit card the money was gone from me for a while which sucked but it is all taken care of now. At least when you use a credit card it's not your real money missing until the bank gets it straitened out.

I remember seeing posts about this GSA issue from time to time over the last year - I can't believe they have straitened this out yet :/

KoryAK Posted 24 Nov 2012 , 2:39am
post #34 of 110

AJust sent them an email and I'd encourage you all to do the same. This is ridiculous.

orders@globalsugarart.com

ApplegumPam Posted 24 Nov 2012 , 8:00am
post #35 of 110

Don't you guys have law enforcement agencies that get involved in this sort of thing?

If that happened in Australia - the police would be involved

 

You should forget contacting GSA - this has been going on for ages - and it was with the 'other' sugarcraft supply company as well - International buyers had to fax them a copy of our drivers license AND our credit card - hence why I NEVER purchased from them.

 

I would be putting all my complaints to your banking credit card FRAUD departments - it way time this was STOPPED - and the persons responsible dealt with


 

DeniseNH Posted 24 Nov 2012 , 5:47pm
post #36 of 110

My friend says she orders from them all the time but never has a problem because she calls them.  Doesn't use the computer to order.  That's what I'll be doing from now on if I don't see that little golden (secure site) lock in the upper right-hand corner.

sugarshack Posted 24 Nov 2012 , 7:29pm
post #37 of 110

I talked to Alan yesterday and he said their server was hacked and they are doing all they can to correct the problem.

vcheddar Posted 24 Nov 2012 , 9:33pm
post #38 of 110
Quote:
Originally Posted by sugarshack 

I talked to Alan yesterday and he said their server was hacked and they are doing all they can to correct the problem.

 

Glad to hear. However, this must be a recurring problem because my card has been compromised several times over the last year..... almost every time I placed an order with them without failure. Hope they fix it once and for all and they make an announcement at least on this thread.  Until then, I'll stay away from purchasing from them.

ApplegumPam Posted 24 Nov 2012 , 10:01pm
post #39 of 110

I won't use credit card for any US transactions any more - if they don't offer Paypal, I won't buy
 

I seriously think this is MORE than just 'servers being hacked'  -  as much as this term is tossed about as a reason for 'oops I said the wrong thing on FB' or 'oh sheesh somebody has grabbed your CC details'  it really ISN'T that easy to 'hack' into a SECURE shopping site.   GSA needs to investigate more and really needs to do something to restore consumer confidence - offering Paypal on all transactions would be a good start.

This form of CC fraud where your personal details are compromised from a specific shopping site is VERY COMMON amongst US sugarcraft suppliers. 
They supposedly put a man on the moon 40 plus years ago?  you wouldn't think that providing a safe & secure shopping site would be all that difficult:P

tdovewings Posted 24 Nov 2012 , 10:25pm
post #40 of 110

I glad this post came up. This makes perfect sense now looking back. About 2-3 days after ordering from there I have to cancel my card, but most of it was overseas stuff. First I get the crazy charge then another charge pops up for an exchange fee. I really hope they get this figured out.

abCakes1 Posted 24 Nov 2012 , 11:33pm
post #41 of 110

AI now realize how my cc got compromised... I had charges of over $700 on the account and are under fraud investigation at this time. I'm now waiting for a replacement card with new number. I will only use PayPal going forward. Thanks for the post!!!

sugarshack Posted 25 Nov 2012 , 12:21am
post #42 of 110

I do  know he said he has two large firms working on it and it is his highest priority. They do also offer paypal checkout. (I am not affiliated with GSA in any way, just passing on info). 

Price Posted 25 Nov 2012 , 1:56am
post #43 of 110

My credit card has been compromised twice in 1 month.  I just placed an order with GSA last week and I received my purchases on 11/21.  On 11/23  I received notice from my CC company someone tried to use my card at a Game Stop in Texas.  My order was phoned into them it was not placed over the internet.  

ApplegumPam Posted 25 Nov 2012 , 2:41am
post #44 of 110
Quote:
Originally Posted by Price 

My credit card has been compromised twice in 1 month.  I just placed an order with GSA last week and I received my purchases on 11/21.  On 11/23  I received notice from my CC company someone tried to use my card at a Game Stop in Texas.  My order was phoned into them it was not placed over the internet.  


This is what they should be investigating - it is obviously NOT just a hacker

ApplegumPam Posted 25 Nov 2012 , 2:45am
post #45 of 110
Quote:
Originally Posted by sugarshack 

I talked to Alan yesterday and he said their server was hacked and they are doing all they can to correct the problem.


You should get him to look at employees that may have had a connection to ***************  - this is EXACTLY what used to happen on their site

ApplegumPam Posted 25 Nov 2012 , 2:46am
post #46 of 110

Guess you know what the *****   stand for   icon_wink.gif

vcheddar Posted 25 Nov 2012 , 3:12am
post #47 of 110
Quote:
Originally Posted by Price 

My credit card has been compromised twice in 1 month.  I just placed an order with GSA last week and I received my purchases on 11/21.  On 11/23  I received notice from my CC company someone tried to use my card at a Game Stop in Texas.  My order was phoned into them it was not placed over the internet.  

 

I think the Game Stop or some gaming/video place in TX was also one of the places that hit my CC.

vcheddar Posted 25 Nov 2012 , 3:17am
post #48 of 110
Quote:
Originally Posted by ApplegumPam 

I won't use credit card for any US transactions any more - if they don't offer Paypal, I won't buy
 

I seriously think this is MORE than just 'servers being hacked'  -  as much as this term is tossed about as a reason for 'oops I said the wrong thing on FB' or 'oh sheesh somebody has grabbed your CC details'  it really ISN'T that easy to 'hack' into a SECURE shopping site.   GSA needs to investigate more and really needs to do something to restore consumer confidence - offering Paypal on all transactions would be a good start.

This form of CC fraud where your personal details are compromised from a specific shopping site is VERY COMMON amongst US sugarcraft suppliers. 
They supposedly put a man on the moon 40 plus years ago?  you wouldn't think that providing a safe & secure shopping site would be all that difficult:P

 

Thankfully GSA didn't put a man on the moon :) but I agree with your point on secure shopping....

virago Posted 25 Nov 2012 , 2:42pm
post #49 of 110
Quote:
Originally Posted by sugarshack 

I do  know he said he has two large firms working on it and it is his highest priority. They do also offer paypal checkout. (I am not affiliated with GSA in any way, just passing on info). 

uhhhmmmmm, yeah...riiiiight...two large firms...highest priority...

 

I'm not buying it!

cakesbycathy Posted 25 Nov 2012 , 6:49pm
post #50 of 110

Even if he does have somebody working on it, if he was smart he would get on this board and make some sort of statement...what they are doing to address the problem, what you can do if your card was affected, another way you can order, etc.

That would just be a good business practice.

SweetTzippy Posted 25 Nov 2012 , 10:10pm
post #51 of 110
Quote:
Originally Posted by sugarshack 

I talked to Alan yesterday and he said their server was hacked and they are doing all they can to correct the problem.

 

Thank you Sharon for caring and getting in touch with Alan on behalf of all of us. I do believe that, as a responsible business owner, he is/will be taking measures to resolve this extremely serious problem.  I tried calling him but was not succesful and decided to try again after the Thanksgiving holidays.  In my opinion, even if their company server was hacked, there must be internal corruption since Credit Cards & email/personal information has been compromised even when making phone purchases.  About PayPal, it does show as an option but I am not sure that it works.

 

Thank you arlenej for leaving a message in their website, but I wonder if it will get to Alan.  I believe that phone calls and direct emails are probably more effective.

 

Interesting that the Game place in Texas was also one of my fraud charges among a few others!

SweetTzippy Posted 25 Nov 2012 , 10:12pm
post #52 of 110
Quote:
Originally Posted by vcheddar 

 

I think the Game Stop or some gaming/video place in TX was also one of the places that hit my CC.

 

Yep, same here!

AlanT Posted 26 Nov 2012 , 3:11pm
post #53 of 110

To all our GSA customer.  Firstly, please accept my apologies for any inconvenience you have suffered.  You always have the ability to place internet orders using "Phone Order" as the payment type and calling in your credit card that will be manually processed and NOT placed in any software program.  You can also use Paypal which is very safe as well.

 

We are aware of the issue and have addressed it on a few forums already. Sharon alerted me of this forum thread two days ago.   We have hired a large NY city firm to work with us to rid the site of the hackers (http://www.lloydgroup.com/critical-business-services).  Unfortunately, it has been extremely difficult and we have had to have our entire website software re-written on a new platform and will have to move it to a new and more secure server.  We currently rent server space in a server farm in California called InMotion Hosting.  Last year the entire server farm was hit by a major virus- see story link. http://thehackernews.com/2011/09/inmotion-hosting-server-and-trinity-fm.html.  Our website was not immediately effected so we thought we were secure.  However,  the hackers were able to make entry into our website and deposit code that could move confidential information out to credit card thieves.  It was not activated until recently.    We first became aware of this about 60 days ago and have made numerous changes to secure the site.  Unfortunately, their technology is very sophisticated so we need to rebuild the site from the ground up to ensure it is totally secure.

 

I literally have a team of coders here at Global Sugar Art that are working 10-12 hours a day to re-write the software.  We hope the site will be completely secure within the next 24 hours.  Once the site is secure and all the software is re-written, the website will be moved to a new server.

 

Once again, I apologies for this terrible inconvenience.  Even large world-wide banks get hacked.  We are all very vulnerable in this age of computer theft.  Please do remember that we can securely process your order if you call in your credit card number or use PayPal until the site is secure within the next two days.

 

I assure you were are working very diligently on this issue and realize the disruption is causes all of us.

 

Alan

jason_kraft Posted 26 Nov 2012 , 4:17pm
post #54 of 110

A

Original message sent by AlanT

I literally have a team of coders here at Global Sugar Art that are working 10-12 hours a day to re-write the software.  We hope the site will be completely secure within the next 24 hours. 

Are you still accepting credit card orders online on the existing compromised site?

AlanT Posted 26 Nov 2012 , 4:25pm
post #55 of 110

It  would be safer to call us with your credit card number today.  Once the site is secure by tomorrow, we will no longer have any access to your credit card information.  It will be sent securely and encrypted directly to the bank for processing.  So, if you need to add to your order or upgrade shipping, you will have to call us with payment information for the additions and changes.  We will no longer have access to any credit card information for US orders.

 

Once our new order admin is built and moved to a new server, we will be able to contact the credit card processor for additions and order changes.

 

Thank you all again for your understanding and patience.  I can assure you that there has been no theft from employees or people associated with GSA.  When we first had  customers  calling in their orders because of the fraud, we were running the card through a secure connection to our server.  We did not realize that once the card information reached the server it was bring stolen.  We are now processing the cards through a regular credit card terminal at our cash register.  No information being called in is being put online or anywhere in our website.

 

Alan
 

jason_kraft Posted 26 Nov 2012 , 4:30pm
post #56 of 110

AIn the interest of security you should probably remove your online checkout page ASAP and direct everyone to call in with their order until the site is secure again.

Spuddysmom Posted 26 Nov 2012 , 4:34pm
post #57 of 110

Alan, Thank you for the explanation and working so hard to resolve this problem. Among CCers, GSA has a really good rep for great customer service and products - sorry this happened to you. I'll be ordering again once your site is secure.

kkmcmahan Posted 26 Nov 2012 , 5:23pm
post #58 of 110

Although I appreciate the owner providing information as to the security breach occurring on their website it is disappointing that they continued to allow orders to be placed and customers cards compromised without any notification on their site.  It was mentioned that they addressed the issue on a couple of forums but I did not see it mentioned anywhere on their own site. 

 

I am an IT professional and have had responsibility for PCI at my last company so I can appreciate the work involved for a company to constantly work towards compliancy but find the way GSA is handling the issue to be somewhat irresponsible.  As a result of all that has been said I have taken my email off of GSA's list and will not shop with them.  I found these posts just before putting in my first order with this company and I am very thankful to all of you that shared your stories of problems with using cc on GSA.

ApplegumPam Posted 26 Nov 2012 , 7:53pm
post #59 of 110

Telephoning your order is ONLY an option IF you are USA based

Plenty of Australian cake decoraters have been hit by this TOO  - and nearly ALL of them had no idea that is was as a direct result of shopping at GSC  -  some have wholesale accounts

AlanT Posted 26 Nov 2012 , 9:58pm
post #60 of 110

I am happy to report that the website it locked down and secure and software code has be re-written as promised.  All credit card information is sent directly through the authorizing bank in an encrypted form and no longer resides anywhere on our server.

Once again, my sincere apologies in this issue.

Alan

Quote by @%username% on %date%

%body%