Modernperformance unsecured site?

[nate-00neon]

Id like to address your concerns over purchases at Modern Performance here.

First off, we take everyones private data very seriously. We also take credit card security seriously.

Heres a few of the multiple things we do to protect your security.

- All critical data is not stored on the cart server, and is deleted.
- We have a third party security scanning company that looks for any back entry doors, loopholes and or other security risks.
- We have a full time, dedicated computer that is ONLY for Modern Performance and no other companies websites.
- We routinely check the logs to make sure no one else but our approved computers are accessing data.
- We periodically change passwords for all logins.
- We use a SSL encrypted security gateway to encrypt credit card data
- All confidential data is locked, and not thrown away, or shared, spread around with any other company or individual.

To further increase security, we are making several more steps to further safety and security on our cart.




Cbjones26,
I have reviewed the recorded phone call in which you called and threatened us twice to "spread slander across the internet and every chat forum you could".

No one hung up on you, and the last words our operator said to you was "Thank you for your call Chris, bye bye" and then hung up.

I know you could be upset over what happened to you, and its easy to forget little details, or make assumptions when your upset.
If youd like, I can email you the recorded phone call for you to review again privately.

well i just called them an i think i hit a nerve im not the nicest person when i get pissed off! they tried giving me some bs excuse on what happened. i told them ill give them the benefit of the doubt but if i do decided to order from them again ill call it in but if anything like this happens again ill post in ever forum/ chat site not to order from them! ( not that it would do anything ppl will still order from them) but it was funny the guy got all pissed an pretty much hung the phone up on me....

i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!!

shouldnt you be talking to him in private and not over the website where everyone can see...its none of your buisness to be personally attacking him on the web.

we have a valid point. i dont think it is just bad luck that all of these people order from MP and then get there identity stolen.
you are the buisness and you need to fix your problems and keep your costomers safe!

[yellowpatrol]

- All critical data is not stored on the cart server, and is deleted.
- All confidential data is locked, and not thrown away, or shared, spread around with any other company or individual.

I don't understand this, if it's deleted then why is it that your site "remembers" my credit card info every time I log in? What do you mean the data is "locked"? Locked like in a read-only file that is not secured in any way?

[2003silverneonsxt]

mine was used in mexico,,

[modernceo]

"ModernCeo I beleive we all are aware of your current situation to protect buyer security. I think the real question on peoples minds is: "Do you acknowledge that there is a possilbe problem allowing hackers to compromise credit card information

We have scanned the server multiple times, changed passwords randomly, and logged which computers are accesing the server, IN addition to the rest of the security procedures.

From the posts I have seen in relation to the number of orders we have taken its still very random, but we are not taking it lightly regardless.

With all of the credit card skimming at gas stations, malware and spyware on computers, etc issues now, credit card fraud is rampant. Hell, somehow, someone took over my own paypal account to pay for porn subscriptions and buy diamond watches, and Im very familiar with phishing and attempts to get paypal user names and passwords.

But, like I said, regardless, we are not taking it lightly. We are stepping up our security even further, and VERY shortly here like within the next week we will be switching our credit card processing to authorize.net which is a third party high level security credit card processor to make our site even further secure just to be safe.

[quote="yellowpatrol"][quote="modernceo"]- All critical data is not stored on the cart server, and is deleted.
- All confidential data is locked, and not thrown away, or shared, spread around with any other company or individual.
[/quote]
I don't understand this, if it's deleted then why is it that your site "remembers" my credit card info every time I log in? What do you mean the data is "locked"? Locked like in a read-only file that is not secured in any way?[/quote]

Credit card information is not "remembered" on the shopping cart. I just did a test myself to double check and its not. I entered my personal credit card, checked out, came back and tried to purchase again and my card was not stored. Just like yours will not be.

[Canada]

Thanks for responding to this thread Cory, I know that you've been away and just got back.

As you can see, there are a few concerns to be addressed, but if you guys are stepping up your secuirty measures, I am glad to hear it.

I am sure if you were to message user "Kevo" he may also give you some insight as to some possible weaknesses in the cart system.

Thanks for updating us.

[yellowpatrol]

Credit card information is not "remembered" on the shopping cart. I just did a test myself to double check and its not. I entered my personal credit card, checked out, came back and tried to purchase again and my card was not stored. Just like yours will not be.

Oh okay, I just tried it and it seems you are correct, but I assure you that in the past it has "remembered" my credit card information. This must be a change made fairly recently.

[nate-00neon]

Credit card information is not "remembered" on the shopping cart. I just did a test myself to double check and its not. I entered my personal credit card, checked out, came back and tried to purchase again and my card was not stored. Just like yours will not be.

Oh okay, I just tried it and it seems you are correct, but I assure you that in the past it has "remembered" my credit card information. This must be a change made fairly recently.

i think thats more with your computer in general...there are setting that make you save such things like that. i think they are called cookies n shuch but im not 100% sure on that...

[yellowpatrol]

i think thats more with your computer in general...there are setting that make you save such things like that. i think they are called cookies n shuch but im not 100% sure on that...

[anomalous0]

Were you using innovative merchant solutions or quickbooks as a portal? In my experience authorize.net is far better to deal with than either.

[cbjones26]

nvm deleted post and sent pm!

[Diablo0]

Thanks for taking the time to join and address everyones concerns, Cory!

As I said before though, there may be a trend but until you can prove that ModernPerformance is the source it's hard to point the finger at them. We've all more than likely used our cards in more places than just ModernPerformance so the information could have came from any of those sources. My mom purchased a few things from MP around Christmas time. I asked her if she had any issues with her card and she said she hasn't... There is always a potential problem with everything that is online. Nothing is secure on the internet.

[cbjones26]

not to argue with you diablo0 but mp was the only place on the net i have used my card . i live in ny and my card was used in mexico now unless someone at a local store here posted my card number on the net ( which is less likely) then im 100% sure it came off of the mp website. that being said

i will give them A+ on delivery and Quality of parts!! i received my bushings today!

[Diablo0]

I'm not saying you're wrong, there is always that chance it could be but I wanted to make it clear to everyone saying "It's ModernPerformance!" unless there is proof that's where it's coming from, it's hard to be sure. There are scam artist everywhere so there is always that chance your information could be taken. Even at a restraunt where the person waiting on you gives you the check and you give them your card. They take the card to the back, write your information down or skim your card to sell off to other people. Again, I'm not saying your situation couldn't come from MP b/c anything is possible, I'm simply stating that there are other ways that it could happen to you or anyone else including myself. To say "Modern is the cause of my card being stolen!" when it's not a proven fact that they are the cause, to the best of my knowlege and I'm not a lawyer, it could constitue as being libel since it's not proven that it's the source and mainly speculation since thats a store that a vast majority of us all have in common being on a Neon website. Sorry to play devils advocate but thats just how I see it...

[modernceo]

We've had close to 6,000 orders come through the cart since December.

Now, if there was a breach of some sort, the floodgates of customers would be posting, calling, and we would know instantly with us having 6000 orders out there.

There could have been a breach, but from what we have seen scanning through all of the access logs on the cart server, scanning for files, and anything unordinary it doesnt look like it.

I am not taking any potential breaches lightly though, and we are moving fast towards a online credit card processor like Authorize.net where the credit card for orders will be typed in ON authorize.net's site, and not ours, and it will not be seen by us, not stored by us, nothing.

So, when we move to this system in roughly a week, maybe week and half, we will have NO way of having any breach for cart orders coming through. Ill be making an official announcement when this switchover of credit card processors happens.

[anomalous0]

Bear in mind also, that if you have any spyware, malware, etc. on your computer (Always get tested after visiting a pr0n site), it can log your credit card number while you're typing it into MPs website, the secure connection doesn't apply because the software is on your computer and gets it before it even gets sent out, and there's nothing MP can do to prevent that information from being stolen. In this particular sort of situation, it's your responsibility, not theirs.
Not defending modern, I'm certainly going to be more careful shopping online in general, modern included, but you can't really tell for sure until all the details are known. And like corey said, if it was a wide security breach, well, let's just say scammers don't do things in half measures. If they had access to all of your credit card records, they'd be using ALL of them.

[yellowpatrol]

Bear in mind also, that if you have any spyware, malware, etc. on your computer (Always get tested after visiting a pr0n site), it can log your credit card number while you're typing it into MPs website, the secure connection doesn't apply because the software is on your computer and gets it before it even gets sent out, and there's nothing MP can do to prevent that information from being stolen. In this particular sort of situation, it's your responsibility, not theirs.
Not defending modern, I'm certainly going to be more careful shopping online in general, modern included, but you can't really tell for sure until all the details are known. And like corey said, if it was a wide security breach, well, let's just say scammers don't do things in half measures. If they had access to all of your credit card records, they'd be using ALL of them.

I take malware off of computers for a living, so I do not fall into that group.

[kevo]

We have scanned the server multiple times, changed passwords randomly, and logged which computers are accesing the server, IN addition to the rest of the security procedures.

From the posts I have seen in relation to the number of orders we have taken its still very random, but we are not taking it lightly regardless.

With all of the credit card skimming at gas stations, malware and spyware on computers, etc issues now, credit card fraud is rampant. Hell, somehow, someone took over my own paypal account to pay for porn subscriptions and buy diamond watches, and Im very familiar with phishing and attempts to get paypal user names and passwords.

But, like I said, regardless, we are not taking it lightly. We are stepping up our security even further, and VERY shortly here like within the next week we will be switching our credit card processing to authorize.net which is a third party high level security credit card processor to make our site even further secure just to be safe.

boy i missed this one by a mile.

Anyways TBH, i don't really care much about your cart. To me, you jumped the gun and defended your site instead of first looking into the issues. Deny first and fix second is a great way to keep customers happy i guess...I also noticed you made a few changes to it already like auth. credit card numbers and holding them only per session now. Good moves.

I will give you a good hint, you should have someone regularly check cardingzone.org for databases. There are plenty of guys that sell database dumps from cars like yours for as little as $2USD for each credit card name and number. Databases filled with CC info from carts like OSCommerce, X-cart, Cube Cart and other open source carts are easily available on their site.

Now if you can only warn your customers about the issues with 60mm throttle bodies and 03-05 NGC cars instead of fooling customers into believing it will work on their cars with a 100% success rate.

[wernbfe]

Sorry to bring this all back up here, but I just got my credit card statement and I now have this same problem. I purchased some items from modern Performance on 5/05/08 then on 5/31/08 it started. I have all the transactions from Mexico to some Moviestar AD. i spoke with my Credit card company today to try and get these stopped. There is like one transaction everyday after the 31st.

This was also my first time buying from them.

[modernceo]

UPDATE:

As promised, to increase security, we switched to a credit card processor called Authorize.net which uses the highest level of processing security, does not store any credit card numbers, and we dont even see/have access to the card numbers!

Since switching to Authorize.net we have not had a single call, complaint, or issue with any shoppers credit cards being compromised.

[Caraudioholic24]

haha u guys got lucky..mine charge was for 787.17$ to some mexican place!

LOL I was bored tonite and went strolling around the forum and came upon this. I Was One Of The People Who Had Their number stolen 1 1/2 years ago. I posted it as a review for depo projectors I think. I never used my card on the internet but was in a rush and didnt have a paypal account setup. They rang up 7-800 bux in mexico and like 30 bux 3 times for something else (actually showed up as peso's LOL) I am happy to report it was all taken care of and it seems that MP has beefed up their security since then. It was a lot of paperwork but it was taken care of by the cc company.

Anywho i just wanted to throw that out there.