Cake Central › Cake Forums › Cake Talk › Cake Decorating › Anyone having trouble with checkout security at GlobalSugarArt?
New Posts  All Forums:Forum Nav:

Anyone having trouble with checkout security at GlobalSugarArt? - Page 5  

post #61 of 104

I am pretty sure if Alan is redoing his website and credit card information, it is probably a random number generator, which is encrypted.   These are a lot harder to break into.  You really can't blame him for dirt-bags that broke into his website.   Yes, you can blame him for not notifying everyone a little quicker.  Setting up new websites isn't super quick, either.  Before you let thieves ruin a business, let him try to get his new system running.   With an updated secure website system, your information should be secure. 

I also have no affiliation with GSA.  I have been there one time while visiting my in laws.  They are very nice. 

post #62 of 104
Quote:
Originally Posted by julzs71 View Post

You really can't blame him for dirt-bags that broke into his website.   Yes, you can blame him for not notifying everyone a little quicker.  Setting up new websites isn't super quick, either.  Before you let thieves ruin a business, let him try to get his new system running. 
It is unfortunate that GSA was hacked (especially with a time-delayed attack) but as soon as you realize that all credit card numbers submitted through your online checkout system will be compromised, you need to immediately take the checkout system offline and rely on phone-in orders only until the issue has been resolved. Full stop.
post #63 of 104
Thread Starter 

Happy to see that Alan came on board and offered a rather detailed explanation and apology. Thank you.

I agree with the comments made about not alerting customers of the security breach. Being proactive goes a long way towards building trust and good Customer Service.  Glad to see that it's fixed now. Let's hope it doesn't happen again.


Edited by vcheddar - 11/26/12 at 8:48pm
post #64 of 104
Quote:
Originally Posted by AlanT View Post

To all our GSA customer.  I assure you were are working very diligently on this issue and realize the disruption is causes all of us.
Alan

Thank you very much Alan for addressing this forum. I am confident that you are taking measures to resolve this problem and I agree that even banks get hacked and we are all exposed to this type of corruption.

GSA is a great company that offers good products at competitive prices and I am happy to know that it is expanding. I sincerely hope that the new website platform will be 100% secure and we will be able to leave this bitter experience behind us. Good luck!
post #65 of 104

While I'm glad steps have been made to make the site secure again, I agree with others that it was not handled appropriately. 

 

Having a breach in security is regrettable, but understandable. But the company obviously knew this was an issue and continued to accept online payments. That is not acceptable and shows poor judgement and awful customer service. There is no guarantee that a site can't ever be hacked, but there should be a guarantee that the site owner will take the necessary steps to protect their customers.

 

This has been an issue for months which, in my opinion, no longer makes it a case of thieves ruining the business - it's a case of a business owner knowingly putting their customers at risk everytime they accept an online payment.

 

Ok, so the new system is secure. For how long? What happens if things go wrong again? Will the site continue accepting payments and not notify customers? 

 

Fool me once, shame on you....fool me twice, shame on me.

 

Sorry, but I'll take my business elsewhere. 

post #66 of 104

As I was following this thread, I kept wondering how concerned I needed to be since I am a GSA customer.  It sure didn’t take long for me to find out, because I got a call from my cc company about fraudulent charges tonight.  Kudos to my cc company for their vigilance when it comes to fraudulent charges, but two thumbs down for GSA failing to notify their customers ASAP when they knew the safety of their server had been compromised.  That is not acceptable.

post #67 of 104
Quote:
Originally Posted by Missy227 View Post

As I was following this thread, I kept wondering how concerned I needed to be since I am a GSA customer.  It sure didn’t take long for me to find out, because I got a call from my cc company about fraudulent charges tonight.  Kudos to my cc company for their vigilance when it comes to fraudulent charges, but two thumbs down for GSA failing to notify their customers ASAP when they knew the safety of their server had been compromised.  That is not acceptable.

was this breach before or after GSA owner AlanT stated website security had been fixed (ref post #59 of this thread)???

 

would really like to know since GSA's login/registration pages are still unsecure (http vs https)...

cake-hole

 -- (noun) Mouth, i.e. the orifice one ought to be using for eating cake rather than talking $#!7

Anniversary
(6 photos)
Easter
(5 photos)

cake-hole

 -- (noun) Mouth, i.e. the orifice one ought to be using for eating cake rather than talking $#!7

Anniversary
(6 photos)
Easter
(5 photos)
post #68 of 104
Quote:
Originally Posted by virago View Post

would really like to know since GSA's login/registration pages are still unsecure (http vs https)...
If the server itself is compromised the page is not safe even if it is https, since the secure http protocol is only meant to protect data while in transit between your computer and the server.
post #69 of 104

Me too!  Three separate times!  I really love their range of products, but my goodness, I can't constantly get new cards.  :(

 

I will look into the disposable credit card number.  Very cool!

post #70 of 104

Holy Cow!! I am so glad that I saw this thread! A month or so ago, I purchased some fondant cutters from GSA, using my debit card linked to my checking account. Imagine my surprise when a week or so after that, I tried to use my debit card for a very small purchase locally and it was declined. I called my bank, who informed me that they had deactivated my card because of suspicious transactions on my account from the day before. Apparently someone in Australia and someone in Spain, at the same time, were trying to make purchases using my card number. My bank refused the purchases, my money is safe, but they immediately flagged the account and closed my card. I was thankful for my bank recognizing this situation. The only other purchase I had made recently, using that card, was from GSA and I wondered if that may have been the problem. I'm glad GSA is getting the problem fixed as best as they can because I do like their offerings and want to make purchases from them in the future.

post #71 of 104
Quote:
Originally Posted by AlanT View Post

To all our GSA customer.  Firstly, please accept my apologies for any inconvenience you have suffered.  You always have the ability to place internet orders using "Phone Order" as the payment type and calling in your credit card that will be manually processed and NOT placed in any software program.  You can also use Paypal which is very safe as well.

 

We are aware of the issue and have addressed it on a few forums already. Sharon alerted me of this forum thread two days ago.   We have hired a large NY city firm to work with us to rid the site of the hackers (http://www.lloydgroup.com/critical-business-services).  Unfortunately, it has been extremely difficult and we have had to have our entire website software re-written on a new platform and will have to move it to a new and more secure server.  We currently rent server space in a server farm in California called InMotion Hosting.  Last year the entire server farm was hit by a major virus- see story link. http://thehackernews.com/2011/09/inmotion-hosting-server-and-trinity-fm.htmlOur website was not immediately effected so we thought we were secure.  However,  the hackers were able to make entry into our website and deposit code that could move confidential information out to credit card thieves.  It was not activated until recently.    We first became aware of this about 60 days ago and have made numerous changes to secure the site.  Unfortunately, their technology is very sophisticated so we need to rebuild the site from the ground up to ensure it is totally secure.

 

I literally have a team of coders here at Global Sugar Art that are working 10-12 hours a day to re-write the software.  We hope the site will be completely secure within the next 24 hours.  Once the site is secure and all the software is re-written, the website will be moved to a new server.

 

Once again, I apologies for this terrible inconvenience.  Even large world-wide banks get hacked.  We are all very vulnerable in this age of computer theft.  Please do remember that we can securely process your order if you call in your credit card number or use PayPal until the site is secure within the next two days.

 

I assure you were are working very diligently on this issue and realize the disruption is causes all of us.

 

Alan

 

Are you stating the TiGER-M@TE hack was/is more than just a prank "defacement" of multiple websites...that this hack was/is actually a "time-bomb" style breach?

cake-hole

 -- (noun) Mouth, i.e. the orifice one ought to be using for eating cake rather than talking $#!7

Anniversary
(6 photos)
Easter
(5 photos)

cake-hole

 -- (noun) Mouth, i.e. the orifice one ought to be using for eating cake rather than talking $#!7

Anniversary
(6 photos)
Easter
(5 photos)
post #72 of 104

Wow my cc was compromised too. I purchased twice from GSA in the last two months. Now I know how they got my info.  I had almost $500 charged on my cc this month.  GSA could of sent out an email to their customers stating that there was a security issue.  BUT they can send out emails stating a product is back in stock!  SHAME!

post #73 of 104
Quote:
Originally Posted by virago View Post

was this breach before or after GSA owner AlanT stated website security had been fixed (ref post #59 of this thread)???

 

would really like to know since GSA's login/registration pages are still unsecure (http vs https)...

virago, the fraudulent charges appear on my cc prior to post #59 by Alan T.  Even if the site is secure now, all the cc account numbers that have been stolen are still out there.  As much as I appreciate the sincerity behind Alan T’s apology, I feel it is too little, too late.  I believe GSA left their customers vulnerable to fraud for months without any warnings, to protect their own financial standing.  Although I have always enjoyed dealing with GSA in the past, I find their lack of business ethics in this particular situation inexcusable.  Therefore, as others have stated, I will no longer patronize GSA with any future purchases. 

post #74 of 104

Yikes, I ordered from them on Monday and I called my bank today to cancel my bank card.  I'm not taking any chances!  They do have great products, but their shipping is extremely high - and I only live 5 hours away.

post #75 of 104

My card was first compromised back in June and it happened two more times since then so that's how long I'm aware it's been going on. I had to start ordering elsewhere because I belong to a small bank so if I don't have a ATM/Debit card and I need access to my money when the bank is closed. I'm SOL.
 

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Cake Decorating
This thread is locked  
Cake Central › Cake Forums › Cake Talk › Cake Decorating › Anyone having trouble with checkout security at GlobalSugarArt?