🚨 WARNING: FRAUD ALERT 🚨

[edward911]

Rewritten: there's simply no value to creating a bigger dumpster fire than this has already been crafted into.

Lets walk through the implications of this sensitive data exposure and try to set a rational tone:

1. Reputational damage resulting from fraud is a real thing.
   1. FOC is a fellow victim in this case. Not a perpetrator.
   2. FOC has suffered lreputational losses that led to financial damages. Damages that almost certainly exceed affected their customers' inconvenience. I can promise you -- they feel your pain.
   3. No evidence exists that FOC is in any way complicit (through action or inaction) in facilitating the incident.
      
      So on the basis of these 3 poitns can we agree to be careful not to 'kick the wrong dog' here?
      Threat actors did this. Put that anger where it belongs...
2. Business maturityis also a real thing.
   1. The Business Maturity Model (BMM) describes an Organization’s posture and ability to react to a security incident including but not limited to their ability to communicate risk with their clients.
      While FOC is repsonsible for their own reasonable standards of care for data in their posssession it just isnt reasonable to try and hold them to the same standards as Mastercard or VISA.
      
      Let me expand on that second point a bit further...

A Business' Maturity level directly impacts their ability to deal with risk. In this case - the compromise of data Confidentiality that lead to fraud. Is the incident Painfull? Yes. But a low state of maturity is more akin to 'growing pains' and operational realities than it is to negligence. And it is a world away from the shade some folks have attempted to throw on FOC.

Let's be clear on overall scope of what we're talking about here...

FOC slmost certainly:

1. lacks a Board of Directors to manage risk to the business and drive governance. BoD's are a thing for large, publicy traded entities - not sole proprietorships or partnerships.
2. doesnt have a CISO mismanaging some Information Security program that they can fire for negligence.
3. aren’t a major corporation with deep pockets that can afford to implement ISO-27001 compliance
4. don’t have a Security Steering Comittee exercising oversight to push for PCI-DSS compliance measures as treatment for the credit exposure.
5. don’t have an Incident Response Team or SOC that can respond to the event.
6. lacks the infrastructure or budget to afford a SIEM integrating XDM/ to correlate logs, the analysts to investigate root cause or an XSOAR to automate inceidnt responses; and
7. has about the same expectactions for response from law enfrcement. Calling the RCMP. I did that. In my official role with a much larger (3500 employee) company. Do you have any idea what it costs the RCMP to successfully prosecute a Cybersecurity incident when the threat actors are IN Canada? Let me help you out here. It is substantial.

It would be quicker to enumerate what they do have:

• There’s a point of sale terminal or two.
  Provided by a 3rd party vendor who hopefully meets some governance standard on at least a few of the things I pointed out above, but who knows for sure.
  
  Western adoption and compliance for IS security is abysmal. Zero bull####. Its a real issue…
  
  
• And there is a computer system.
  That might be maintained by a one man show.
  Who (lets be honest here) likely repaired dish washers for a living just 5 years ago.

Tell me Im just wrong here...

I attended a course this week for NIST 800-82 compliance (securing OT Networks - think gas plants, factories, pipelines, etc).
It is put on by a recognizable name in the Security industry space. One keynote was that some 95% of Enterprises (companies lacking the sophistication of Saudi Aramco or BP) fail to meet the levels of protection that they actually know are required by Law, Regulation or Industry Standard.

Exposure issues with sensitive credit detail that resuted in a faud attempts aside, FOC has a completely separate, domain squatting issue. Another fraudster is targeting (yes, targeting) the vendor and they are the victim of yet another crime.

Gentle reminder for a more enlightened perspective here.

• Fraud is rampart
• Law enforcement, Jurisprudence, Legislators and Industry Regulators alike are struggling to address the threat
• You are guaranteed personal liability protection by the Canadian Bank Act and consumer protection laws.
• FOC is a partner in our community. Not an adversary.

We can do better than this...

Well stated sprint ... the victim blaming and cancel culture attitudes shared within this thread is no better than the woke leftist libtards we've all been subject to in the past years and the threat they have been to our firearms sport and businesses.

As a small and law abiding community, we need to support each other and not burn a business because of past transgressions.

BTW and keen you mentioned ISO and mentioned NIST, I've spent the last two months coding both ISO 27001 and CIS CIAT v8.0 info-cybersecurity frameworks into an AI platform.

If you are in the industry and interested, DM me and I'll see if I can add you to the prelim testing of my AI solution.

 

[Gordlat]

Does everyone boycott all pioneer or petro can gas stations when ballsdeep steals your credit card information? No and they sure as #### don’t warn their customers. Unfortunately yes they and the credit card system hacked and lost lots of customers for this, but they continue to have good prices and some of the best customer service out there

 

[JeffMan]

Does everyone boycott all pioneer or petro can gas stations when ballsdeep steals your credit card information? No and they sure as #### don’t warn their customers. Unfortunately yes they and the credit card system hacked and lost lots of customers for this, but they continue to have good prices and some of the best customer service out there

I understand what you’re saying, but those are instances where you’re using your card where someone has set up a scanner/ skimmer.

In the FOC instance, it was someone accessing the information that was entered on a centralized computer system, not just a gas pump - this could include all card information, address, phone, email, PAL #’s, etc.

Not to throw more shade on FOC, but this could have been a significant data breach.

It’s more significant than having your card skimmed at a point of sale scanner located at a gas station or convenience store.

 

[JeffMan]

Unfortunately true to what you stated.

However, USA jurisdictions take such fraud more actively than the folks in Canada and have the resources to pursue.

And yes it would be a long road to legal justice.

It would be easy to ID the perp via the domain registrar and ISP and available OSINT.

I’ve worked with American authorities on frauds. I find them less likely to put effort into them. They seem to have fewer resources than us in most jurisdictions.

Having said that, I’ve been contacted by American agencies seeking information on fraudsters, that act on both sides of the border - my American counterparts are often impressed with the amount of intelligence we have, and the assistance we can offer. Often times it’s been Canadian Police Inteligence that make possible state side charges and subsequent convictions.

I’ve not seen it the other way around very often.

The U.S jurisdictions are much more disjoined, and compartmentalized, unless I’m working with the FBI or another Federal agency.

I do enjoy the unavoidable question that many U.S Police ask “so what’s a constable? Is that like a detective? Or…” - seeking to understand the rank equivalence in the U.S. Lol

 

[Sasquatch807]

Thanks for the heads-up. This is not new, in the past three years or so, fraudsters located in the USA have been spoofing Canadian gun businesses. They use a very slick website presentation. Red flags are usually the availability of firearm models that are prohibited in Canada, large quantities of primers or ammo that are available nowhere else, prices that would be normal in the USA but too low for Canadian retailers and the insistence that you pay via money transfer. Members at our gun club were taken for a lot of money last year when they ordered large quantities of inexpensive primers and 9mm ammo from a fake site called Canada Ammo Source. The police investigation had apparently tracked the fraud to Arizona.

 

[Keller]

I've had my CC compromised twice at the same site sponsor, (fool me once...). Will I do business there again? Probably not. Visa covered the ~$8000 of fraudulent charges and I went on with my life.

For those that had that happen at FOC, it sucks. Holding a grudge like this is not good for you though, just let it go and take your business elsewhere.

This kind of thing happens, and if you're this worried about your CC number getting into the wrong hands, please don't look into how easy it is to get a job that lets you dial-in to CRA and Provincial Healthcare systems from home every day. You have no idea what these people can, and do, do with your info.

 

[StainlessGun]

Thanks but No thanks FOC.
Just business.

 

[JeffMan]

I’d add that if you want to be foolproof when it comes to online purchases, it’s a good idea to have a separate credit card. Use that card for online purchases, then lock it down using your banking app afterwards.

There have been a few things I’ve wanted that only FOC has had. I think I may go this route.

 

[.30/06 FTW]

Does everyone boycott all pioneer or petro can gas stations when ballsdeep steals your credit card information? No and they sure as #### don’t warn their customers. Unfortunately yes they and the credit card system hacked and lost lots of customers for this, but they continue to have good prices and some of the best customer service out there

I have consistently experienced the worst customer service from them compared to just about any other gun store I’ve dealt with in Canada.

 

[.30/06 FTW]

Rewritten: there's simply no value to creating a bigger dumpster fire than this has already been crafted into.

Lets walk through the implications of this sensitive data exposure and try to set a rational tone:

1. Reputational damage resulting from fraud is a real thing.
   1. FOC is a fellow victim in this case. Not a perpetrator.
   2. FOC has suffered lreputational losses that led to financial damages. Damages that almost certainly exceed affected their customers' inconvenience. I can promise you -- they feel your pain.
   3. No evidence exists that FOC is in any way complicit (through action or inaction) in facilitating the incident.
      
      So on the basis of these 3 poitns can we agree to be careful not to 'kick the wrong dog' here?
      Threat actors did this. Put that anger where it belongs...
      
2. Business maturityis also a real thing.
   1. The Business Maturity Model (BMM) describes an Organization’s posture and ability to react to a security incident including but not limited to their ability to communicate risk with their clients.
      While FOC is repsonsible for their own reasonable standards of care for data in their posssession it just isnt reasonable to try and hold them to the same standards as Mastercard or VISA.
      
      Let me expand on that second point a bit further...

A Business' Maturity level directly impacts their ability to deal with risk. In this case - the compromise of data Confidentiality that lead to fraud. Is the incident Painfull? Yes. But a low state of maturity is more akin to 'growing pains' and operational realities than it is to negligence. And it is a world away from the shade some folks have attempted to throw on FOC.

Let's be clear on overall scope of what we're talking about here...

FOC slmost certainly:

1. lacks a Board of Directors to manage risk to the business and drive governance. BoD's are a thing for large, publicy traded entities - not sole proprietorships or partnerships.
2. doesnt have a CISO mismanaging some Information Security program that they can fire for negligence.
3. aren’t a major corporation with deep pockets that can afford to implement ISO-27001 compliance
4. don’t have a Security Steering Comittee exercising oversight to push for PCI-DSS compliance measures as treatment for the credit exposure.
5. don’t have an Incident Response Team or SOC that can respond to the event.
6. lacks the infrastructure or budget to afford a SIEM integrating XDM/ to correlate logs, the analysts to investigate root cause or an XSOAR to automate inceidnt responses; and
7. has about the same expectactions for response from law enfrcement. Calling the RCMP. I did that. In my official role with a much larger (3500 employee) company. Do you have any idea what it costs the RCMP to successfully prosecute a Cybersecurity incident when the threat actors are IN Canada? Let me help you out here. It is substantial.

It would be quicker to enumerate what they do have:

• There’s a point of sale terminal or two.
  Provided by a 3rd party vendor who hopefully meets some governance standard on at least a few of the things I pointed out above, but who knows for sure.
  
  Western adoption and compliance for IS security is abysmal. Zero bull####. Its a real issue…
  
  
• And there is a computer system.
  That might be maintained by a one man show.
  Who (lets be honest here) likely repaired dish washers for a living just 5 years ago.

Tell me Im just wrong here...

I attended a course this week for NIST 800-82 compliance (securing OT Networks - think gas plants, factories, pipelines, etc).
It is put on by a recognizable name in the Security industry space. One keynote was that some 95% of Enterprises (companies lacking the sophistication of Saudi Aramco or BP) fail to meet the levels of protection that they actually know are required by Law, Regulation or Industry Standard.

Exposure issues with sensitive credit detail that resuted in a faud attempts aside, FOC has a completely separate, domain squatting issue. Another fraudster is targeting (yes, targeting) the vendor and they are the victim of yet another crime.

Gentle reminder for a more enlightened perspective here.

• Fraud is rampart
• Law enforcement, Jurisprudence, Legislators and Industry Regulators alike are struggling to address the threat
• You are guaranteed personal liability protection by the Canadian Bank Act and consumer protection laws.
• FOC is a partner in our community. Not an adversary.

We can do better than this...

If we’re talking about scam websites that pop up, then yes I can agree with you on this. If we’re talking about the data breach of a few years ago, I disagree. They were complicit in it, to a certain degree.

It happened during the handgun panic buying. From what I recall, FOC was notified by Visa themselves that FOC’s system had been compromised. They chose to ignore this information and launch a sale to take advantage of the panic buying. They did not shut down their credit card processing as a payment option. They did not notified their affected customers. They covered it up for as long as possible until people started figuring it out on Reddit and CGN and only then after they were called out on it did they issue a half assed apology, in a post, deep in the thread discussing it. Even after they admitted it they still did nothing to notify their affected customers properly or provide them with any support.

I’ve always said, data breaches happen, but it’s how you handle them that defines you. FOC chose profits over their customers. The gun industry is one that deals with a lot of sensitive information and FOC owes the community a much greater duty of care than what they showed. What they did was extremely unethical. I also hate the notion that just because a business is in the gun industry in Canada, they get a free pass from any wrongdoing or providing poor customer service.

I don’t think anyone expects them to be perfect. But what they did showed true negligence and for that reason myself and many others will never spend another dime there.

 

[sprint]

Well stated sprint ... the victim blaming and cancel culture attitudes shared within this thread is no better than the woke leftist libtards we've all been subject to in the past years and the threat they have been to our firearms sport and businesses.

As a small and law abiding community, we need to support each other and not burn a business because of past transgressions.

BTW and keen you mentioned ISO and mentioned NIST, I've spent the last two months coding both ISO 27001 and CIS CIAT v8.0 info-cybersecurity frameworks into an AI platform.

If you are in the industry and interested, DM me and I'll see if I can add you to the prelim testing of my AI solution.

Thanks dude

Working on ISACA CISM right now.
It gives sound strategic basis for designing better IT/OT architecture for my base skill set (Network Engineering).

I’m primarily a Palo Alto guy (PCNSA and taking a break before writing PCNSE). Cisco Catalyst / Nexus/ ASA and hybrid CAPWAP / Meraki wifi infrastructure before that.

My job of 11 years ended in October. Been so busy working that the only cert I wrote in the last 7 was AWS cloud. Using the opportunity to write as much as I can before I get caught in what is probably my last 10 year stretch

I’m pretty buried at the moment. But interested in where you’re going with that.

Will PM you. Might need to have a virtual beer and discuss…

 

[sprint]

If we’re talking about scam websites that pop up, then yes I can agree with you on this. If we’re talking about the data breach of a few years ago, I disagree. They were complicit in it, to a certain degree.

It happened during the handgun panic buying. From what I recall, FOC was notified by Visa themselves that FOC’s system had been compromised. They chose to ignore this information and launch a sale to take advantage of the panic buying. They did not shut down their credit card processing as a payment option. They did not notified their affected customers. They covered it up for as long as possible until people started figuring it out on Reddit and CGN and only then after they were called out on it did they issue a half assed apology, in a post, deep in the thread discussing it. Even after they admitted it they still did nothing to notify their affected customers properly or provide them with any support.

I’ve always said, data breaches happen, but it’s how you handle them that defines you. FOC chose profits over their customers. The gun industry is one that deals with a lot of sensitive information and FOC owes the community a much greater duty of care than what they showed. What they did was extremely unethical. I also hate the notion that just because a business is in the gun industry in Canada, they get a free pass from any wrongdoing or providing poor customer service.

I don’t think anyone expects them to be perfect. But what they did showed true negligence and for that reason myself and many others will never spend another dime there.

Well, as long as Reddit says so.

I don’t sit in an audit for it. And have no idea what they said or don’t say. It goes so close to the bone with my comment which I’ll let stand. Their sin seems to be that they just aren’t very mature at navigating these issues.

I did watch a similar witch hunt play out at a Fortune 500. In that case, with a former employee under suspicion of malicious actions for retribution.

Lots of conjecture. Folks who knew a guy who talked to a guy that dated the girl who saw suspicious log activity linking him to account issues in AD.

They had involved legal and were preparing to file charges with LE when I explained genesis of issue tying back to changes to AD’s schema.

That was in a room full of hires for some of the best reputation in O&G on the planet.

Like so much of what I see on the Internet I’m going to take it all with a gigantic grain of salt or two…

 

[.30/06 FTW]

Well, as long as Reddit says so.

I don’t sit in an audit for it. And have no idea what they said or don’t say. It goes so close to the bone with my comment which I’ll let stand. Their aim is that they just aren’t very mature at navigating these issues.

Like so much of what I see on the Internet I’m going to take it all with a gigantic grain of salt or two…

It’s not that “Reddit said so”. It was just where it was first discussed and what prompted someone to post on CGN where FOC then admitted that Visa had informed them about the breach and their negligence became clear. My point is that you don’t have to be mature about dealing with it. But you DO have to do SOMETHING, and act ethically. Which they did not do.

 

[sprint]

It’s not that “Reddit said so”. It was just where it was first discussed and what prompted someone to post on CGN where FOC then admitted that Visa had informed them about the breach and their negligence became clear. My point is that you don’t have to be mature about dealing with it. But you DO have to do SOMETHING, and act ethically. Which they did not do.

Sure

Under (a lot of) duress, they probably really failed to handle the incident well. People make all kinds of dumb choices under pressure.

Here’s one a lot closer to home.

Ever take a defensive pistol course? Every credible course stresses what to say when drawing and preparing to shoot.

Why? So that you don’t shout something utterly stupid under pressure. Why? Because most people are evil?

No. Because your creative subconscious takes over and you shout something stupid like “die #######” instead of “stop. I’m armed”.

What does a court hear when the first witness takes the stand? You look like a monster. But that is rarely the whole story.

Yeah. I’m not interested in FOCs ability (or reported lack thereof) in that regard.

If you want to talk about failures to handle daily business that is balls deep inside their jurisdiction’s ass, like slow shipping or a rude salesman that’s another discussion. Personally, I’ve never had them do me wrong.

But a dumpster fire over conjecture compounded with poor incident response? You do you. But I’m out…

 

[Painkillers]

This has nothing to do with FOC.

What a ridiculous post.

No, FOC had/has an inside staff problem. Someone was/is taking cc and personal info and it was ending up for sale on the dark web. I was also stung. The real kick in the pants was that they knew about the compromise and apparently chose to deal with it internally rather than informing customers. This resulted in untold numbers of customers to get scammed needlessly. At least they seem to have learned their lesson and are getting in front of this nonsense, but it comes as no surprise to me that they've been targeted again. For the scammers, what was lucrative then, will be lucrative in the future. Like thieves who wait for the insurance money to replace the large screen TV they stole 4 weeks ago, these little f uckers will return, time and time again.

 

[charliediep0]

Rewritten: there's simply no value to creating a bigger dumpster fire than this has already been crafted into.

Lets walk through the implications of this sensitive data exposure and try to set a rational tone:

1. Reputational damage resulting from fraud is a real thing.
   1. FOC is a fellow victim in this case. Not a perpetrator.
   2. FOC has suffered lreputational losses that led to financial damages. Damages that almost certainly exceed affected their customers' inconvenience. I can promise you -- they feel your pain.
   3. No evidence exists that FOC is in any way complicit (through action or inaction) in facilitating the incident.
      
      So on the basis of these 3 poitns can we agree to be careful not to 'kick the wrong dog' here?
      Threat actors did this. Put that anger where it belongs...
      
2. Business maturityis also a real thing.
   1. The Business Maturity Model (BMM) describes an Organization’s posture and ability to react to a security incident including but not limited to their ability to communicate risk with their clients.
      While FOC is repsonsible for their own reasonable standards of care for data in their posssession it just isnt reasonable to try and hold them to the same standards as Mastercard or VISA.
      
      Let me expand on that second point a bit further...

A Business' Maturity level directly impacts their ability to deal with risk. In this case - the compromise of data Confidentiality that lead to fraud. Is the incident Painfull? Yes. But a low state of maturity is more akin to 'growing pains' and operational realities than it is to negligence. And it is a world away from the shade some folks have attempted to throw on FOC.

Let's be clear on overall scope of what we're talking about here...

FOC slmost certainly:

1. lacks a Board of Directors to manage risk to the business and drive governance. BoD's are a thing for large, publicy traded entities - not sole proprietorships or partnerships.
2. doesnt have a CISO mismanaging some Information Security program that they can fire for negligence.
3. aren’t a major corporation with deep pockets that can afford to implement ISO-27001 compliance
4. don’t have a Security Steering Comittee exercising oversight to push for PCI-DSS compliance measures as treatment for the credit exposure.
5. don’t have an Incident Response Team or SOC that can respond to the event.
6. lacks the infrastructure or budget to afford a SIEM integrating XDM/ to correlate logs, the analysts to investigate root cause or an XSOAR to automate inceidnt responses; and
7. has about the same expectactions for response from law enfrcement. Calling the RCMP. I did that. In my official role with a much larger (3500 employee) company. Do you have any idea what it costs the RCMP to successfully prosecute a Cybersecurity incident when the threat actors are IN Canada? Let me help you out here. It is substantial.

It would be quicker to enumerate what they do have:

• There’s a point of sale terminal or two.
  Provided by a 3rd party vendor who hopefully meets some governance standard on at least a few of the things I pointed out above, but who knows for sure.
  
  Western adoption and compliance for IS security is abysmal. Zero bull####. Its a real issue…
  
  
• And there is a computer system.
  That might be maintained by a one man show.
  Who (lets be honest here) likely repaired dish washers for a living just 5 years ago.

Tell me Im just wrong here...

I attended a course this week for NIST 800-82 compliance (securing OT Networks - think gas plants, factories, pipelines, etc).
It is put on by a recognizable name in the Security industry space. One keynote was that some 95% of Enterprises (companies lacking the sophistication of Saudi Aramco or BP) fail to meet the levels of protection that they actually know are required by Law, Regulation or Industry Standard.

Exposure issues with sensitive credit detail that resuted in a faud attempts aside, FOC has a completely separate, domain squatting issue. Another fraudster is targeting (yes, targeting) the vendor and they are the victim of yet another crime.

Gentle reminder for a more enlightened perspective here.

• Fraud is rampart
• Law enforcement, Jurisprudence, Legislators and Industry Regulators alike are struggling to address the threat
• You are guaranteed personal liability protection by the Canadian Bank Act and consumer protection laws.
• FOC is a partner in our community. Not an adversary.

We can do better than this...

I think FOC knew about the credit card thefts for a while, but only spoke up about it after many people complained in places such as CGN. I don't recall exactly but I think that FOC held a blowout sale or two around the time they would have been aware of the thefts going on. And all without notifying people. I also heard rumors that it was an insider threat from an employee either stealing credit card numbers or allowing others to steal them, and he was terminated as a result. Don't quote me on this though.

Either way, their handling of the situation was subpar. I'm not saying it's easy, but it should be simple. Just tell people that there may be credit card thieves who have stolen FOC customer data, and that you are suspending credit card purchases for the time being while the matter is being investigated. They can still take cash, check, and maybe even E-transfer so it's not the end of the world. But they didn't do that, or at least soon enough. When you mentioned something about business maturity, it essentially means that FOC were n00bs who got played hard.

I did buy from FOC with a credit card around the time, but I wasn't affected. Because I knew to lock my card before and after and I watch it like a hawk.

 

[sprint]

I think FOC knew about the credit card thefts for a while, but only spoke up about it after many people complained in places such as CGN. I don't recall exactly but I think that FOC held a blowout sale or two around the time they would have been aware of the thefts going on. And all without notifying people. I also heard rumors that it was an insider threat from an employee either stealing credit card numbers or allowing others to steal them, and he was terminated as a result. Don't quote me on this though.

Either way, their handling of the situation was subpar. I'm not saying it's easy, but it should be simple. Just tell people that there may be credit card thieves who have stolen FOC customer data, and that you are suspending credit card purchases for the time being while the matter is being investigated. They can still take cash, check, and maybe even E-transfer so it's not the end of the world. But they didn't do that, or at least soon enough. When you mentioned something about business maturity, it essentially means that FOC were n00bs who got played hard.

I did buy from FOC with a credit card around the time, but I wasn't affected. Because I knew to lock my card before and after and I watch it like a hawk.

I definitely agree.

I want them to learn from their mistakes and do better. And in that growth, serve the Canadian market.

Part of that is hearing customers’ frustrations and responding. They might do well to look at proper PR to help with that. Not my wheelhouse tho, so I’ll defer ‘why’ and ‘how’ to someone who knows what they’re talking about there.

But if we close every gun store that made a deliberate, poor choice in Canada it’s going to be a very quiet industry.

NEA/CGN Shill-gate
TSE/Swiss Arms debacle
Too many to list/CAAAA

I’m sure there are many more.

 

[.30/06 FTW]

I think FOC knew about the credit card thefts for a while, but only spoke up about it after many people complained in places such as CGN. I don't recall exactly but I think that FOC held a blowout sale or two around the time they would have been aware of the thefts going on. And all without notifying people. I also heard rumors that it was an insider threat from an employee either stealing credit card numbers or allowing others to steal them, and he was terminated as a result. Don't quote me on this though.

Either way, their handling of the situation was subpar. I'm not saying it's easy, but it should be simple. Just tell people that there may be credit card thieves who have stolen FOC customer data, and that you are suspending credit card purchases for the time being while the matter is being investigated. They can still take cash, check, and maybe even E-transfer so it's not the end of the world. But they didn't do that, or at least soon enough. When you mentioned something about business maturity, it essentially means that FOC were n00bs who got played hard.

I did buy from FOC with a credit card around the time, but I wasn't affected. Because I knew to lock my card before and after and I watch it like a hawk.

Exactly. They could have just been honest and just put a pause on credit card payments until they figured things out.

 

[charliediep0]

Does everyone boycott all pioneer or petro can gas stations when ballsdeep steals your credit card information? No and they sure as #### don’t warn their customers. Unfortunately yes they and the credit card system hacked and lost lots of customers for this, but they continue to have good prices and some of the best customer service out there

Maybe not, but I sure as sheet pay in cash.

I definitely agree.

I want them to learn from their mistakes and do better. And in that growth, serve the Canadian market.

Part of that is hearing customers’ frustrations and responding. They might do well to look at proper PR to help with that. Not my wheelhouse tho, so I’ll defer ‘why’ and ‘how’ to someone who knows what they’re talking about there.

But if we close every gun store that made a deliberate, poor choice in Canada it’s going to be a very quiet industry.

Yeah I think people are better off with FOC than without. And it seems they are learning from their mistakes because they made this thread altogether. So at least they're on the ball now. That said, I'll still be paying cold cash with them, and locking my cards when dealing with any gun store, even.

 

[FatCatsDad]

No, FOC had/has an inside staff problem. Someone was/is taking cc and personal info and it was ending up for sale on the dark web. I was also stung. The real kick in the pants was that they knew about the compromise and apparently chose to deal with it internally rather than informing customers. This resulted in untold numbers of customers to get scammed needlessly. At least they seem to have learned their lesson and are getting in front of this nonsense, but it comes as no surprise to me that they've been targeted again. For the scammers, what was lucrative then, will be lucrative in the future. Like thieves who wait for the insurance money to replace the large screen TV they stole 4 weeks ago, these little f uckers will return, time and time again.

I doubt the current event involving a fraudulent duplicate site is related to the past CC issues.

Those issues are bad history that keeps getting brought up.

I'm certain that theyve handled this issue if what they posted is true.

I didn't see Canadian Tire alert anyone when my Card was comprised at one of their locations using a pay and pickup during Covid lockdowns.

I don't see them constantly tarred and feathered.