FOC creditcard fraud?

Status
Not open for further replies.
same here, the only place i used that card online was foc and i got hit with multiple skipthedishes charges later on.

scotia blocked the card though and gave me a call issued new card and reversed charges.
 
Bulldog said:
I wrote a blog on this after it happened to a few clients (unrelated to our work). Way bigger problem than most people know.
There are a lot of good (and free) 2FA apps out there. (Google Authenticator and Microsoft Authenticator to name two)
Click to expand...
Hmm i had my phone number transferred elsewhere and all my passwords were reset by text. Not sure what stores was I shopping at that time but since then I do not use sms 2fa.
 
Kilerpl said:
Hmm i had my phone number transferred elsewhere and all my passwords were reset by text. Not sure what stores was I shopping at that time but since then I do not use sms 2fa.
Click to expand...

Some apps can use Authenticator, instead of a text to cell number, as 2FA. At least my gmail and hotmail do that.

Hotmail can even do a passwordless sign-in, meaning when a sign-in is attempted the screen shows a number, then Authenticator on your phone shows a list of numbers asking you to pick a matching one. It's pretty much rock solid because you have to have the possession of both your computer and your unlocked phone at the same time.
For Gmail I also use a hardware security key, that can be purchased for about $40 from Amazon. Anytime an unrecognized device sign-in to your gmail it will ask you to physically touch that key which is connected to your computer or wireless to your phone.

The Authenticator I use is from Microsoft (Google would be the similar), over the last month I saw the Authenticator popped up 3 times prompting me to approve an unauthorized sign-in to my hotmail account, one from Brampton, one from Buffalo, one from Dominic Republic (I figured out those locations by looking at my Hotmail's account activities).

2FA tied to a cellphone is vulnerable these days since sim swap is real thing now. But I think bank is not so sophisticated enough yet to offer non-cellphone type of 2FA. But again you usually don't expose your bank account. Protecting your email is as important as protecting your bank accounts though.
 
October 25th purchase, over 4k in charges on my card overnight last night. Use card for online purchases have never had an issue until this.
 
dru said:
October 25th purchase, over 4k in charges on my card overnight last night. Use card for online purchases have never had an issue until this.
Click to expand...

Welcome to the club. Check equifax and trans union and make sure no additional credit was opened in your name.
 
There is something I want wt FOC and not in stock anywhere else.

I really hope the issue is sorted out, as my past purchases were great (except for the cc fraud) but I’m not willing to take the risk. Seems like there are transactions as late as October 25 being compromised.

Anyone else experienced fraud after a more recent purchase? Nov or Dec?
 
K1LLswitch said:
There is something I want wt FOC and not in stock anywhere else.

I really hope the issue is sorted out, as my past purchases were great (except for the cc fraud) but I’m not willing to take the risk. Seems like there are transactions as late as October 25 being compromised.

Anyone else experienced fraud after a more recent purchase? Nov or Dec?
Click to expand...

I've ordered online 3 times since they rolled out the security fix. No issues for me.
 
This thread could be used in modern business courses of how to not handle a situation like this.

I've never quite understood how businesses like Canada Ammo and FOC could suffer a data breach and then proceed to mishandle both the technical and public relations sides so utterly and completely that they essentially rolled a live hand grenade into their own store and hoped for the best.

GunsNotPuns Rule of Data Breach Crisis Management 1: Resolve the technical issue. Immediately. If you can't, stop taking orders.

GunsNotPuns Rule of Data Breach Crisis Management 2: Immediately get ahead of the story by emailing all potentially affected, as well as using their official platforms on places like CGN and ### to inform everyone of what happened and what they've done to resolve the situation. Offer something symbolic but meaningful to everyone.

Yeah, people are going to be angry and inconvenienced, no question about it. No one, however, is going to question your willingness to do the right thing. Long after people forget the annoyance of having to get a new credit card, they will remember that you stood up like men and took the shots.

But hey, what do I know? For years I managed a multi-million dollar business line with over 120 employees and dealt with public issues regularly. Every phone call I had with the public that started out angry, ended up with both of us at least satisfied that something was being done. Consulting services available.
 
Last edited:
K1LLswitch said:
There is something I want wt FOC and not in stock anywhere else.

I really hope the issue is sorted out, as my past purchases were great (except for the cc fraud) but I’m not willing to take the risk. Seems like there are transactions as late as October 25 being compromised.

Anyone else experienced fraud after a more recent purchase? Nov or Dec?
Click to expand...

I ordered on November 8 and no issues… yet. Couldn’t pass on the 143gr ELDX
 
They said they fixed the issue already. If true, then that would make them probably safer than other retailers who have not gone through a recent audit. However, there are also principles and maybe the security culture that allowed this to happen in the first place hasnt changed
 
machohugeaxe said:
They said they fixed the issue already. If true, then that would make them probably safer than other retailers who have not gone through a recent audit. However, there are also principles and maybe the security culture that allowed this to happen in the first place hasnt changed
Click to expand...


Too many issues since the “fix” date. That along with virtually Zero communications shows bad faith on the vendor all around.
Anyone can have a breach, these fools continued to accept orders after they were notified (by their own admission). They have a duty of care to their clients information - they didn’t uphold the minimum required for even that.
 
machohugeaxe said:
They said they fixed the issue already. If true, then that would make them probably safer than other retailers who have not gone through a recent audit. However, there are also principles and maybe the security culture that allowed this to happen in the first place hasnt changed
Click to expand...

That is logical in the sense that after a plane crash the safest airline to fly with is the one involved in the accident.

The reality is FOC knew about the breech and did nothing to warn the impacted customers, then proceeded to push their sale online, impacting others. And for the record I called them a few weeks back and they didn't have any comment on what happened or how they handled it.

I will never do business with FOC again and warn anyone in the community about the sort of retail they are.

I hope they go out of business as a result, as spiteful as that is to say.
 
Status
Not open for further replies.
Back
Top Bottom