Hey gang,

Rumour has it that the credit card company, that handles the Transformers Club's data, has been compromised. Within the past 1-2 weeks a lot of TFCC members seem to have been severely hit, including yours truly.

PLEASE, check your credit card statements from the past 2 weeks and see if there is anything suspicious going on. I only noticed mine by chance, but was able to put a halt to it so that they "only" got away with about 3,500 DKK (which will all be refunded by my bank, luckily).

Even if you haven't bought anything online the past month, or even if you aren't a TFCC member, I urge you to check you accounts. It may not be through the TFCC that this has happened, but it seems to be TF-related in some way. Or maybe not. But better safe than sorry.

"Knowing is half the battle", right?

Ouch! Glad your bank got it sorted for you.

I'm not sure if this is just a rumour or a joke, but I saw mentioned on Twitter that the company that handles credit cards for the TFCC might be the same one that TFSource uses, who were compromised twice last year. And to be honest, it wouldn't surprise me if that was indeed true.

Sounds plausible. Damn... I just used a new credit card at TFsource...

EDIT: TFW2005 has a thread on it: http://www.tfw2005.com/boards/transformers...tml#post7237329

Yeah, I'm in there, but trying to lay down the facts instead of smacking FunPub too much over the head. It's - IMO - not their fault completely. They should have used a more secure credit card service handler, but maybe FunPub were mislead to *think* that they were safe.

Man that's rough Fighbird
Freaking cowards hiding in their mothers basements stealing your personal information.. freaking hate them.

I just checked my bank account to have a look. Nothing aside from my own charges.
The only place where I have my CC info stored online is BBTS anyway, so hopefully they're not affected by this.

If the seller accepts Paypal payments, that is what you should use. That way you don't have to worry about your credit card details being exposed. Both TF Source and BBTS accept Paypal, as should every online seller. My advise; if the seller do not accept or use Paypal, steer clear.

The problem is that the TFCC apparently outright refuses to accept Paypal. So if you want to be a member and hopefully guarantee a chance to get the exclusives you have to give them your CC info.

I was a member for a year (2006 or 2007) and registered with my credit card, but in later years there have been too many articles on online shops having their servers and payment services hacked, so I'm only doing Paypal now. Do we know on what basis TFCC are refusing? I know there are quite a few out there being quite anti-Paypal because of some of their payment fees (and several other reasons), but I have never had any problems with Paypal. Which means I won't be buying any stuff from TFCC in the future, unless they would reconsider their payment options.

I think the closest thing to an explanation I think I've seen from them as to why they won't accept Paypal is that it would be too expensive. If it's in regard to the fees or some other factor I have no idea. There's a possibility that they just don't like it and are just ignoring concerns and requests from current and possible customers (which given how they often act, seems highly likely).

I'm hoping that if this breach really is related to the TFCC, that it causes enough people to react and pressure them into accepting paypal. Granted, I still wouldn't give them my money unless they rework their international business practices (but that's for another thread ). I'm not the biggest fan of paypals fees and how they work sometimes. But like you said, not having to give out my card details ads another level of security and I use it whenever possible these days.

The TFCC is sadly run by a bunch of morons who refuse to accept that we're in 2012 rather than 1992. I didn't renew my membership and I'm not planning to either.

Members including myself have complained about their systems, software, AND credit card handling being extremely outdated for years, to no avail. They completely brought this upon themselves. The credit card system they use is from 1997, and the TFCC forums use software from 1995 that hasn't been updated since 1996. The link to the manufacturer's support site at the bottom of every forum page now takes you to a Bulgarian real estate agent!

The official reason for not wanting to use PayPal is unknown, as they will not answer that question properly. They avoid it like the plague, as with any other uncomfortable question you ask. Unofficially, it's because it would lessen their profits, and Brian of FunPub just doesn't want another payment system implemented, for reasons unknown.

Theory forming in my brain: FunPub is struggling with handling the TF Collector's Club. This is a complete theory based on my own speculations - AND NOT VERIFIED! But please bear with me:

1) Website, webshop, forum and shopping system is (as noted earlier by others) hopelessly outdated and unkept, with no intent on updates/revisions in sight.
2) FunPub is understaffed, with Pete@BotCon being their only face outwards (except for the occational message from Brian), and then 1 service operator that I know of.
3) They produce huge and lavishly made - and expensive - limited edition toys and posters and shirts etc., which is a secondary income grounds for them
4) They handle 2 of the largest fan conventions in the US, with hundres (thousands?) of visitors each year, at big venues with big guests; their primary income grounds.
5) They do nothing to try and make the club fees accessible for non-US fans - granted, the US is the bigger market, but there are fans ALL around the world who just have to cough up, apparently.
6) The club magazine seems to get some creative influx from some very dedicated staff members, but they only focus on the magazine, not the daily operations of FunPub; must be outsourced and as such not hands-on handled directly by direct FunPub itself.

With a very high focus on the conventions ONLY (as it would seem), the rest is very likely suffering due to lack of staff. Lack of staff can be remedied by hiring more people, but they aren't doing that. They aren't even considering it, it would seem, as this is clearly not the first time the website/order system/shipping systetm/payment system etc. etc. etc. has been brought to their attention. They are 3 people in there, with Brian Savage at the helm, who only wants to do conventions. Period. There's no interest - most likely for monetary reasons, because, well, that's just the way it works if you want to have a business - in making the other parts of it work, so they pretty much ignore them. Sure, planning a convention is hard work (hey, I can actually say that I know the feeling with this! ), but damned, you're obligated by Hasbro to run the darn club as well.

This is outrageous. This is demeaning. This is spitting their own club members in the face and plain milking us for money. Plain and simple.

If I had the guts and the time I would start up a petition to get Fun Pub ousted from running that club. Sure, let them have BotCon, but not the club itself. They clearly don't want to do it, and it's showing, and we're suffering.

Setting up a paypal business account and pay the fee wouldn't be an issue. I can't see why it's a problem for them - perhaps they are not tax registered and they'll be so if they get a paypal account and sell for more than $50'000 a year.
If they don't want it they should get better security and never store CC information locally nor on the direct server which handles orders etc. BBTS do it right and they got verisign/secura and MCAfee Secure...also they do not store your CC locally.

From what I understand, the security breach was at the Credit Card handler, not at TFCC's end. I don't think that TFCC has that data stored anywhere but outside. As such, FunPub are not responsible for the data leak.

The issue is FunPub's bad judgement in handling the publicity surrounding this; as such, they could (potentially) only be directly blamed for choosing a poor service handler, but I do believe they went with the best one that was available to them.

I'm REALLY paranoid when it comes to credit cards or giving out information at all! I've only used my credit card ONCE and that was to pay for my hotel room at Nordcon in Aalborg, lol!
Anyway, is there any point in dealing with TFCC/FunPub? I've only heard bad things, like high prices or long shipping times outside the US etc. I don't know much about this really, do you get discounts on conventions/convention figures??

Yeah, you get discounts on all exclusive things, like BotCon tickets (AFAIR) and the toys.

The club is just not equipped (or intended) for the non-US fans.

I've been e-trading (is that even a word anymore? I live in the 90s when it comes to all things web-based... ) since the late 90s, and this is the first time I've had money stolen from me like this. Considering my track record, I'm not really surprised; statistically it was bound to happen sooner or later. I just figured it would be someplace else than the official Hasbro sanctioned Transformers Fan Club.

I doubt it's at the credit card company the breach occured since that would involve every single major CC distributer VISA, American Express, MasterCard etc.
I don't know what debit card handling system they use in USA which is comparable to our Nets (former PBS).

It's a different thing altogether. A credit card company is not the same as the credit card handler. The handler only makes sure that the transactions go correctly and securely from the customer (i.e. FunPub's website) to the credit card manager (credit card company and/or bank) and back again (verification that card is valid/transaction completed etc.). The handler has a responsibility in seing to that the data transferred is kept safe.

I know, that's why I'm asking who the credit card handler in USA would be ? in Denmark we have one - namely Nets, they handle the secure payment lines from all the used debit cards used in Denmark.
I've set up dusins of webshops for customers and you then have to sign a Nets agreement and also decide which debit cards to accepts (which also costs a bit).

If you by credit card handler mean the service that provides the webshop soulution from where the data is handled (e.g could easily by the internet hosting provider they use), then I understand.