2GN.ORG 2GN.ORG
The best source for the Second Generation Neon - Period.
 
 Watched TopicsWatched Topics   FAQFAQ   RulesBoard Rules   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   LinksLinks  :: Register
 ProfileProfile   GarageGarage   1/4 Mile Table1/4 Mile Table   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Modernperformance unsecured site?

Goto page Previous  1, 2, 3
 
Post new topic   Reply to topic    2GN.ORG Forum Index -> Vendor Feedback
View previous topic :: View next topic  
Author Message
nate-00neon
2GN Registrant


Age: 27
Joined: 16 Nov 2007
Posts: 682
Location: Wisconsin

2000 Dodge Neon Highline

Post: #61   PostPosted: Thu May 22, 2008 3:47 pm    Post subject: Reply with quote

modernceo wrote:
Id like to address your concerns over purchases at Modern Performance here.

First off, we take everyones private data very seriously. We also take credit card security seriously.

Heres a few of the multiple things we do to protect your security.

- All critical data is not stored on the cart server, and is deleted.
- We have a third party security scanning company that looks for any back entry doors, loopholes and or other security risks.
- We have a full time, dedicated computer that is ONLY for Modern Performance and no other companies websites.
- We routinely check the logs to make sure no one else but our approved computers are accessing data.
- We periodically change passwords for all logins.
- We use a SSL encrypted security gateway to encrypt credit card data
- All confidential data is locked, and not thrown away, or shared, spread around with any other company or individual.

To further increase security, we are making several more steps to further safety and security on our cart.




Cbjones26,
I have reviewed the recorded phone call in which you called and threatened us twice to "spread slander across the internet and every chat forum you could".

No one hung up on you, and the last words our operator said to you was "Thank you for your call Chris, bye bye" and then hung up.

I know you could be upset over what happened to you, and its easy to forget little details, or make assumptions when your upset.
If youd like, I can email you the recorded phone call for you to review again privately.

cbjones26 wrote:
well i just called them an i think i hit a nerve im not the nicest person when i get pissed off! they tried giving me some bs excuse on what happened. i told them ill give them the benefit of the doubt but if i do decided to order from them again ill call it in but if anything like this happens again ill post in ever forum/ chat site not to order from them! ( not that it would do anything ppl will still order from them) but it was funny the guy got all pissed an pretty much hung the phone up on me....

i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!!


shouldnt you be talking to him in private and not over the website where everyone can see...its none of your buisness to be personally attacking him on the web.

we have a valid point. i dont think it is just bad luck that all of these people order from MP and then get there identity stolen.
you are the buisness and you need to fix your problems and keep your costomers safe!
Back to top
View user's profile Send private message  
yellowpatrol
user
2GN Registrant


Age: 29
Joined: 01 Jan 2007
Posts: 2852
Location: Kansas City

2004 Dodge SRT-4

Post: #62   PostPosted: Thu May 22, 2008 4:06 pm    Post subject: Reply with quote

modernceo wrote:
- All critical data is not stored on the cart server, and is deleted.
- All confidential data is locked, and not thrown away, or shared, spread around with any other company or individual.

I don't understand this, if it's deleted then why is it that your site "remembers" my credit card info every time I log in? What do you mean the data is "locked"? Locked like in a read-only file that is not secured in any way?
_________________
FEEDBACK

Adionik wrote:
On a 100% stock SRT engine i've seen detonation on 93 octane, I know what i'm talking about.
Back to top
View user's profile Send private message  
2003silverneonsxt
NEONLESS!!!
2GN Registrant


Age: 32
Joined: 02 Oct 2004
Posts: 3002
Location: Lebanon PA



Post: #63   PostPosted: Thu May 22, 2008 4:15 pm    Post subject: Reply with quote

mine was used in mexico,,
_________________
hmmmmm
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger
modernceo
2GN Registrant


Age: 41
Joined: 22 May 2008
Posts: 127




Post: #64   PostPosted: Thu May 22, 2008 5:47 pm    Post subject: Reply with quote

"ModernCeo I beleive we all are aware of your current situation to protect buyer security. I think the real question on peoples minds is: "Do you acknowledge that there is a possilbe problem allowing hackers to compromise credit card information

We have scanned the server multiple times, changed passwords randomly, and logged which computers are accesing the server, IN addition to the rest of the security procedures.

From the posts I have seen in relation to the number of orders we have taken its still very random, but we are not taking it lightly regardless.

With all of the credit card skimming at gas stations, malware and spyware on computers, etc issues now, credit card fraud is rampant. Hell, somehow, someone took over my own paypal account to pay for porn subscriptions and buy diamond watches, and Im very familiar with phishing and attempts to get paypal user names and passwords.

But, like I said, regardless, we are not taking it lightly. We are stepping up our security even further, and VERY shortly here like within the next week we will be switching our credit card processing to authorize.net which is a third party high level security credit card processor to make our site even further secure just to be safe.

[quote="yellowpatrol"][quote="modernceo"]- All critical data is not stored on the cart server, and is deleted.
- All confidential data is locked, and not thrown away, or shared, spread around with any other company or individual.
[/quote]
I don't understand this, if it's deleted then why is it that your site "remembers" my credit card info every time I log in? What do you mean the data is "locked"? Locked like in a read-only file that is not secured in any way?[/quote]

Credit card information is not "remembered" on the shopping cart. I just did a test myself to double check and its not. I entered my personal credit card, checked out, came back and tried to purchase again and my card was not stored. Just like yours will not be.
Back to top
View user's profile Send private message  
Canada
Chris
Junior Admin


Age: 33
Joined: 28 Jun 2005
Posts: 4815
Location: Canada

1998 Plymouth Expresso

Post: #65   PostPosted: Thu May 22, 2008 5:53 pm    Post subject: Reply with quote

Thanks for responding to this thread Cory, I know that you've been away and just got back.

As you can see, there are a few concerns to be addressed, but if you guys are stepping up your secuirty measures, I am glad to hear it.

I am sure if you were to message user "Kevo" he may also give you some insight as to some possible weaknesses in the cart system.

Thanks for updating us.
_________________

Donate to 2GN today! Support Your Community!
Back to top
View user's profile Send private message Send e-mail  
yellowpatrol
user
2GN Registrant


Age: 29
Joined: 01 Jan 2007
Posts: 2852
Location: Kansas City

2004 Dodge SRT-4

Post: #66   PostPosted: Thu May 22, 2008 6:03 pm    Post subject: Reply with quote

modernceo wrote:
Credit card information is not "remembered" on the shopping cart. I just did a test myself to double check and its not. I entered my personal credit card, checked out, came back and tried to purchase again and my card was not stored. Just like yours will not be.

Oh okay, I just tried it and it seems you are correct, but I assure you that in the past it has "remembered" my credit card information. This must be a change made fairly recently.
_________________
FEEDBACK

Adionik wrote:
On a 100% stock SRT engine i've seen detonation on 93 octane, I know what i'm talking about.
Back to top
View user's profile Send private message  
nate-00neon
2GN Registrant


Age: 27
Joined: 16 Nov 2007
Posts: 682
Location: Wisconsin

2000 Dodge Neon Highline

Post: #67   PostPosted: Thu May 22, 2008 6:34 pm    Post subject: Reply with quote

yellowpatrol wrote:
modernceo wrote:
Credit card information is not "remembered" on the shopping cart. I just did a test myself to double check and its not. I entered my personal credit card, checked out, came back and tried to purchase again and my card was not stored. Just like yours will not be.

Oh okay, I just tried it and it seems you are correct, but I assure you that in the past it has "remembered" my credit card information. This must be a change made fairly recently.

i think thats more with your computer in general...there are setting that make you save such things like that. i think they are called cookies n shuch but im not 100% sure on that...
Back to top
View user's profile Send private message  
yellowpatrol
user
2GN Registrant


Age: 29
Joined: 01 Jan 2007
Posts: 2852
Location: Kansas City

2004 Dodge SRT-4

Post: #68   PostPosted: Thu May 22, 2008 8:19 pm    Post subject: Reply with quote

nate-00neon wrote:
i think thats more with your computer in general...there are setting that make you save such things like that. i think they are called cookies n shuch but im not 100% sure on that...

error angry7
_________________
FEEDBACK

Adionik wrote:
On a 100% stock SRT engine i've seen detonation on 93 octane, I know what i'm talking about.
Back to top
View user's profile Send private message  
anomalous0
Quisatz Haderach
2GN Registrant


Age: 33
Joined: 22 Oct 2006
Posts: 457
Location: Arizona

2002 Dodge Neon ES

Post: #69   PostPosted: Thu May 22, 2008 11:10 pm    Post subject: Reply with quote

Were you using innovative merchant solutions or quickbooks as a portal? In my experience authorize.net is far better to deal with than either.
_________________
"If you haven't bled on it, it's not your car"
Back to top
View user's profile Send private message  
cbjones26
2010 Platinum Contributor


Age: 33
Joined: 23 Mar 2008
Posts: 1479
Location: NY

2000 Dodge Neon ES

Post: #70   PostPosted: Fri May 23, 2008 1:26 am    Post subject: Reply with quote

nvm deleted post and sent pm!
Back to top
View user's profile Send private message  
Diablo0
Bird is the word
2GN.org Owner/Admin


Age: 33
Joined: 15 Apr 2004
Posts: 12432
Location: Greenville, SC

2002 Dodge Neon R/T

Post: #71   PostPosted: Fri May 23, 2008 6:09 am    Post subject: Reply with quote

Thanks for taking the time to join and address everyones concerns, Cory!

As I said before though, there may be a trend but until you can prove that ModernPerformance is the source it's hard to point the finger at them. We've all more than likely used our cards in more places than just ModernPerformance so the information could have came from any of those sources. My mom purchased a few things from MP around Christmas time. I asked her if she had any issues with her card and she said she hasn't... There is always a potential problem with everything that is online. Nothing is secure on the internet.
_________________
-Jason
Black '02 Neon R/T | White '02 Neon R/T - SRT-4 Engine Swap

^^^ no, that isn't what I look like haha
Try not to become a man of success but rather to become a man of value. - Albert Einstein
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger AIM Address Yahoo Messenger
cbjones26
2010 Platinum Contributor


Age: 33
Joined: 23 Mar 2008
Posts: 1479
Location: NY

2000 Dodge Neon ES

Post: #72   PostPosted: Fri May 23, 2008 6:31 am    Post subject: Reply with quote

not to argue with you diablo0 but mp was the only place on the net i have used my card . i live in ny and my card was used in mexico now unless someone at a local store here posted my card number on the net ( which is less likely) then im 100% sure it came off of the mp website. that being said

i will give them A+ on delivery and Quality of parts!! i received my bushings today!
Back to top
View user's profile Send private message  
Diablo0
Bird is the word
2GN.org Owner/Admin


Age: 33
Joined: 15 Apr 2004
Posts: 12432
Location: Greenville, SC

2002 Dodge Neon R/T

Post: #73   PostPosted: Fri May 23, 2008 7:38 am    Post subject: Reply with quote

I'm not saying you're wrong, there is always that chance it could be but I wanted to make it clear to everyone saying "It's ModernPerformance!" unless there is proof that's where it's coming from, it's hard to be sure. There are scam artist everywhere so there is always that chance your information could be taken. Even at a restraunt where the person waiting on you gives you the check and you give them your card. They take the card to the back, write your information down or skim your card to sell off to other people. Again, I'm not saying your situation couldn't come from MP b/c anything is possible, I'm simply stating that there are other ways that it could happen to you or anyone else including myself. To say "Modern is the cause of my card being stolen!" when it's not a proven fact that they are the cause, to the best of my knowlege and I'm not a lawyer, it could constitue as being libel since it's not proven that it's the source and mainly speculation since thats a store that a vast majority of us all have in common being on a Neon website. Sorry to play devils advocate but thats just how I see it...
_________________
-Jason
Black '02 Neon R/T | White '02 Neon R/T - SRT-4 Engine Swap

^^^ no, that isn't what I look like haha
Try not to become a man of success but rather to become a man of value. - Albert Einstein
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger AIM Address Yahoo Messenger
modernceo
2GN Registrant


Age: 41
Joined: 22 May 2008
Posts: 127




Post: #74   PostPosted: Fri May 23, 2008 7:50 am    Post subject: Reply with quote

We've had close to 6,000 orders come through the cart since December.

Now, if there was a breach of some sort, the floodgates of customers would be posting, calling, and we would know instantly with us having 6000 orders out there.

There could have been a breach, but from what we have seen scanning through all of the access logs on the cart server, scanning for files, and anything unordinary it doesnt look like it.

I am not taking any potential breaches lightly though, and we are moving fast towards a online credit card processor like Authorize.net where the credit card for orders will be typed in ON authorize.net's site, and not ours, and it will not be seen by us, not stored by us, nothing.

So, when we move to this system in roughly a week, maybe week and half, we will have NO way of having any breach for cart orders coming through. Ill be making an official announcement when this switchover of credit card processors happens.
Back to top
View user's profile Send private message  
anomalous0
Quisatz Haderach
2GN Registrant


Age: 33
Joined: 22 Oct 2006
Posts: 457
Location: Arizona

2002 Dodge Neon ES

Post: #75   PostPosted: Sat May 24, 2008 1:36 pm    Post subject: Reply with quote

Bear in mind also, that if you have any spyware, malware, etc. on your computer (Always get tested after visiting a pr0n site), it can log your credit card number while you're typing it into MPs website, the secure connection doesn't apply because the software is on your computer and gets it before it even gets sent out, and there's nothing MP can do to prevent that information from being stolen. In this particular sort of situation, it's your responsibility, not theirs.
Not defending modern, I'm certainly going to be more careful shopping online in general, modern included, but you can't really tell for sure until all the details are known. And like corey said, if it was a wide security breach, well, let's just say scammers don't do things in half measures. If they had access to all of your credit card records, they'd be using ALL of them.
_________________
"If you haven't bled on it, it's not your car"
Back to top
View user's profile Send private message  
yellowpatrol
user
2GN Registrant


Age: 29
Joined: 01 Jan 2007
Posts: 2852
Location: Kansas City

2004 Dodge SRT-4

Post: #76   PostPosted: Sat May 24, 2008 3:25 pm    Post subject: Reply with quote

anomalous0 wrote:
Bear in mind also, that if you have any spyware, malware, etc. on your computer (Always get tested after visiting a pr0n site), it can log your credit card number while you're typing it into MPs website, the secure connection doesn't apply because the software is on your computer and gets it before it even gets sent out, and there's nothing MP can do to prevent that information from being stolen. In this particular sort of situation, it's your responsibility, not theirs.
Not defending modern, I'm certainly going to be more careful shopping online in general, modern included, but you can't really tell for sure until all the details are known. And like corey said, if it was a wide security breach, well, let's just say scammers don't do things in half measures. If they had access to all of your credit card records, they'd be using ALL of them.

I take malware off of computers for a living, so I do not fall into that group.
_________________
FEEDBACK

Adionik wrote:
On a 100% stock SRT engine i've seen detonation on 93 octane, I know what i'm talking about.
Back to top
View user's profile Send private message  
kevo
Get Your Own Avatar!
2GN Registrant


Age: 37
Joined: 07 Apr 2005
Posts: 1282




Post: #77   PostPosted: Tue May 27, 2008 4:55 am    Post subject: Reply with quote

modernceo wrote:

We have scanned the server multiple times, changed passwords randomly, and logged which computers are accesing the server, IN addition to the rest of the security procedures.

From the posts I have seen in relation to the number of orders we have taken its still very random, but we are not taking it lightly regardless.

With all of the credit card skimming at gas stations, malware and spyware on computers, etc issues now, credit card fraud is rampant. Hell, somehow, someone took over my own paypal account to pay for porn subscriptions and buy diamond watches, and Im very familiar with phishing and attempts to get paypal user names and passwords.

But, like I said, regardless, we are not taking it lightly. We are stepping up our security even further, and VERY shortly here like within the next week we will be switching our credit card processing to authorize.net which is a third party high level security credit card processor to make our site even further secure just to be safe.


boy i missed this one by a mile.

Anyways TBH, i don't really care much about your cart. To me, you jumped the gun and defended your site instead of first looking into the issues. Deny first and fix second is a great way to keep customers happy i guess...I also noticed you made a few changes to it already like auth. credit card numbers and holding them only per session now. Good moves.

I will give you a good hint, you should have someone regularly check cardingzone.org for databases. There are plenty of guys that sell database dumps from cars like yours for as little as $2USD for each credit card name and number. Databases filled with CC info from carts like OSCommerce, X-cart, Cube Cart and other open source carts are easily available on their site.

Now if you can only warn your customers about the issues with 60mm throttle bodies and 03-05 NGC cars instead of fooling customers into believing it will work on their cars with a 100% success rate.
Back to top
View user's profile Send private message AIM Address
wernbfe
2GN Registrant


Age: 40
Joined: 19 May 2007
Posts: 15
Location: Michigan



Post: #78   PostPosted: Sun Jun 15, 2008 3:57 pm    Post subject: Reply with quote

Sorry to bring this all back up here, but I just got my credit card statement and I now have this same problem. I purchased some items from modern Performance on 5/05/08 then on 5/31/08 it started. I have all the transactions from Mexico to some Moviestar AD. i spoke with my Credit card company today to try and get these stopped. There is like one transaction everyday after the 31st.

This was also my first time buying from them.
Back to top
View user's profile Send private message  
modernceo
2GN Registrant


Age: 41
Joined: 22 May 2008
Posts: 127




Post: #79   PostPosted: Tue Nov 11, 2008 12:48 pm    Post subject: Reply with quote

UPDATE:

As promised, to increase security, we switched to a credit card processor called Authorize.net which uses the highest level of processing security, does not store any credit card numbers, and we dont even see/have access to the card numbers!

Since switching to Authorize.net we have not had a single call, complaint, or issue with any shoppers credit cards being compromised.
Back to top
View user's profile Send private message  
Caraudioholic24
MECP Certified
2GN Registrant


Age: 34
Joined: 21 Mar 2008
Posts: 4149
Location: Cumberland R.I.



Post: #80   PostPosted: Fri Jan 22, 2010 12:28 am    Post subject: Reply with quote

2003silverneonsxt wrote:
haha u guys got lucky..mine charge was for 787.17$ to some mexican place!



LOL I was bored tonite and went strolling around the forum and came upon this. I Was One Of The People Who Had Their number stolen 1 1/2 years ago. I posted it as a review for depo projectors I think. I never used my card on the internet but was in a rush and didnt have a paypal account setup. They rang up 7-800 bux in mexico and like 30 bux 3 times for something else (actually showed up as peso's LOL) I am happy to report it was all taken care of and it seems that MP has beefed up their security since then. It was a lot of paperwork but it was taken care of by the cc company.

Anywho i just wanted to throw that out there.
_________________

***Project "Got Boost?" is officially underway***

My for sale threads:
Parts:
http://forum.2gn.org/viewtopic.php?p=930876#930876

LED Modifications
http://forum.2gn.org/viewtopic.php?t=56918

Audio
http://forum.2gn.org/viewtopic.php?t=47688
Back to top
View user's profile Send private message AIM Address
Display posts from previous:   
Post new topic   Reply to topic    2GN.ORG Forum Index -> Vendor Feedback All times are UTC - 8 Hours
Goto page Previous  1, 2, 3
Page 3 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by p h p B B © 2001, 2005 p h p B B Group
2GN.org Decals