Do you remember this guy?
It’s turned into one of my favorite bikes in the stable, and one of the many rides I’ve built upon the back of a little mail order/internet warehouse known as Bike Nashbar. And why not? As much as I love my LBS, saving money has always been a priority for this poor writer, and ordering online through Nashbar brought me both the best price and the most convenience on everything from seat posts to cassettes. Over the past 5 years, I’ve plausibly spent hundreds, if not close to thousands, on the website, and until now I’ve had no complaints whatsoever.
Did I mention, that is, until now?
[credit fraud after the jump]
Our current tale actually begins with some of my most recent purchases for the above Cannondale back in mid-May. I purchased some tape for the handlebars, new tires and tubes, a new saddle, a chain and cassette, and a conveniently cheap Nashbar-brand chain breaker tool. The total came in at a little over $100, and as usual, I used my Visa debit card to process the purchase. The stuff arrived, I installed it all on the bike and life moved on.
Fast forward to early June, as I looked back through my bank statement and tried to get my totally disorganized finances in order. Everything was looking good, when I noticed two charges from iTunes for $1.00 that didn’t ring a bell. Of course, I own an iPhone, and considering that downloadable apps from the phone’s App Store cost $1.00 and are generally like crack, I figured that I had just bought a few in a drunken haze and forgotten about it.
And that’s when I noticed three other charges that I was absolutely sure I did not make:
- One charge to “Reb-Mill” for $2.79
- One charge to “ProfitGGL” for $39.95
- One charge to “Fedgrantusa.com” for $7.95
At this point, like I imagine most modern consumers would, I endured a momentary but deep panic. I pay for everything with my debit card and get sick thinking about just how freely that number is floating through the internet. After coming to, I called my bank to alert them to the unauthorized charges to try and fend off any other activity, but they informed me that at that point my only line of defense was to call the 800 number listed and see what was going on.
As I hung up and started dialing the support number, I decided to do a quick Google search for “ProfitGGL unauthorized charges” and low and behold, this page showed up from a website called ComplaintsBoard:
What are the odds of the words Nashbar, Reb-Mill, Profit GGL and Fedgrantusa.com showing up all on the same page during a search for unauthorized credit card charges? Very high apparently. From the linked thread, Trigeek5555 sums the situation up appropriately:
I placed two orders from Nashbar using two different credit cards, and both had fraudulent charges posted to them within weeks of each other. One of the cards was ONLY used at Nashbar. I will certainly NOT purchase from them again…it was a hassle to go through the credit card company twice to dispute the charges and to have two new cards reissued! There is no question that Bike Nashbar is releasing credit card information in a fraudulent way. Stay away from Performance Bicycle, too…they’re part of the same company!
Furthermore, after typing in www.fedgrantusa.com, I found this not-so-subtle page:
And so, with this information in hand, I proceeded to call each of the 800 numbers listed, where I was obviously routed to the same customer service centers — they were all obviously foreign and each opened the conversation by asking for my “Customer ID,” which I informed each of them that I did not have because my credit card had been fradulently charged. After pulling up my account — which they were only able to do by using the last four numbers of my debit card, because they did not have any of my other information — they informed me that I had signed up for monthly subscriptions to”Google Money Profit Software CD,” “Google Money Profit Membership Page” and the “Grant Membership Page,” which were each vaguely described as resources, “helping me make money with Google.”
I informed them each that I wanted to cancel my memberships, and was then transferred to a supervisor quickly after I informed them that I knew my credit card number had been stolen. After saying the same thing to the Supervisor (Shannon), she promised to refund all of the charges to my account, very few questions asked. I am still waiting for the refund, and am headed to the bank right now to hotlist my debit card card number.
And so, perhaps I’ve learned my lesson — local is better. It’ll be the LBS for me next time a component purchase comes up, as Nashbar/Performance Bike has proven that they have little regard for the security for your information. Mr. M, on a Nashbar credit fraud thread on Bike Forum, shows us just how little they care:
I just ordered some parts from Nashbar on the 4th of May, the 9th of May I got a call from my credit card fraud department. The last time I used this card was four months ago. I emailed Nashbar and got a staple response from them. They don’t seem too concerned about the problem, So I don’t think I will be using them anymore. this is the emailed reply from them:
Dear Mr. M,
We are unaware of any security breaches. If you would like to have your information researched, please forward the credit card # you are referring to.
As it has been pointed out to me, even employees at my LBS could steal my credit card number, but at least I can go down there and bust some heads in person. Be careful out there.