We have spent the last week reviewing code and taking steps to heighten the security of our server. You may have seen a few hours in the past week where the site was inaccessible, this was not due to a hack but was instead due to maintenance on the site. There have been many long nights updating software to ensure it is up to date. This is not because it had been compromised, but because it must be done to ensure the site remains secure. It is a fact of life on the internet that someone is attempting to hack the website, every second of every day. This does not happen to just GBFans.com, but every website that exists on the internet today. At this time, we have found no evidence to indicate that GBFans.com has been compromised in any way. Despite that, we have taken numerous steps to increase security over the past week:
-Software on the server has been updated to newer versions.
-Software running the website has been upgraded to the latest version.
-Old versions of software have been removed from the server.
-All connections to the site are now required to be sent over a secure connection.
-The shopping cart checkout system has been rewritten to ensure the shortest path for sensitive data to be processed.
-Two new virus scanners have been installed as well as an exploit scanner.
-All changes to the GBFans.com Shop code are tracked and monitored.
-All files are scanned before they are uploaded to the server.
-All visitors, computers and connections are checked against a blacklist, banlist and requests are monitored before the server loads a page.
These are just some of the things we have done, it is not an exhaustive list.
There are three common methods that are used to hack or steal credit card numbers. We will address them here and discuss what we do to protect against them:
1. Hacked website with exploited code.
This occurs when a hacker or a bad actor gains access to the server and uploads code that allows for credit card numbers to be compromised. There is absolutely zero compromised code found on our server. We have traced the code and have the shortest path between inputting credit card data and having it sent off to our payment processor. As soon as credit card data is no longer needed, the program clears the information to ensure it cannot be captured by another process. Again, GBFans.com does not store any credit card data.
2. "A person in the middle attack."
When we send data between our server and the credit card processor's server, we make a secure connection to send that data. By connecting through a secure connection, the data is encrypted and cannot be intercepted. This type of interception would be referred to as a "person in the middle attack" where the site itself is not compromised, but the data connection between two points is. The most common way of doing this is by using an unsecured connection and a proxy to intercept the data. We have investigated and can see that data is sent securely to the credit card processor through a secure connection, there are no points in which data could be extracted. We have also identified that no proxy servers are being used.
Credit Card Fraud on the Rise
It should be no surprise that as more and more purchasing moves from in store to online, credit card fraud is continuing to rise. Each year sees a successive increase in the number of people that fall prey to credit card fraud. In 2020 as Coronavirus keeps more and more people at home and coin shortages in the US prevents the usage of cash, credit card usage and credit card fraud is at an all time high. The statistical probability of having your credit card compromised in a given year is approximately 1%. Each year, dozens of GBFans.com customers will have had their credit card compromised. That does not mean the card was compromised on GBFans.com, but there will be an intersection of customers who had their cards compromised and also purchased from the site. Most people who have their card stolen will never know how their credit card was stolen, except in obvious cases where the physical card goes missing.
Credit cards can be stolen physically though skimmers, cracked point-of-sale terminals, or even by a store clerk who records your credit card information without you knowing it. That has happened to me and with cameras on cell phones, it is relatively easy to snap a photo while someone runs your card.
Again, GBFans.com does not store any credit card data.
What you can do to protect yourself:
-Clear cookies, cache and browsing data frequently.
-Run an anti-virus software that protects while browsing.
-Check for installed extensions.
-Use a unique password for every site you visit.
-Use an intermediary payment service such as PayPal.
-Sign up for fraud notifications through your bank.
-Check your credit report from: annualcreditreport.com.
-Never use a debit card when making payments online.
Okay, but what if I have been compromised?
So far, only three people have come forward to discuss their credit card issues directly with us. No customers have been able to provide evidence that their cards were compromised after using the cards exclusively on GBFans.com. The vast majority of these claims are being made on a third party Facebook group that we do not actively monitor. One customer says this happened and then another says, that happened to me too! without actually verifying with any certainly how any information is correlated. It appears individuals are attempting to find evidence to support their belief that GBFans.com is the culprit, without actually exploring all avenues. This is called "confirmation bias", where you believe something to be true and will only look for evidence to support your beliefs.
We have looked at numerous customer's complaints that have been made online however and believe many of these complaints to be spurious.
For example, many customers that have complained about credit cards being compromised, did not pay with a credit card. Several individuals making complaints and comments used PayPal. This would indicate more of a problem with the customer's computer, or their PayPal account, not our website. Another individual made comments about speaking with me personally over email and made disparaging statements by claiming the site was hacked and everyone's data was stolen. This is again, absolutely false and would again indicate that the customer's computer and/or email account was compromised, or worse they were willingly participating in a smear campaign to tarnish the reputation of the site.
If your credit card was compromised, inform your bank right away. They will take care to place a hold on your account and seek to dispute the fraudulent transactions. Complaining on a private Facebook group should be the furthest course of action. Contact your bank and then contact any merchants that you believe could have been involved to inform them of the possibility of a data breach.
If you believe it occurred on GBFans.com, send us an email so that we may properly investigate: firstname.lastname@example.org
I have a charge from GBFans LLC on my credit card?
If you see a charge from GBFans LLC on your credit card, that is us. Many customers have been confusing a charge they see on their account from us as a fraudulent charge. We will always try our best to not charge you until your order is ready to ship. That means you may receive a charge from us days, weeks or months after you order. This is not a fraudulent charge and your card is not compromised. You agreed to allow us to charge your account when you placed your order. We do not have your credit card information, as mentioned: We do not store any credit card data. Transactions are processed in the same way that a refund can be sent to your card without having the card present, through a reference to your original transaction. If for any reason we are unable to charge your credit card, we will contact you with an alternative way to pay.
I hope this clears up many of the rumors and confusion circling on the Internet. Again, there is no evidence to support a claim that credit card data has been leaked in any way through our site. There is no way for anyone to retrieve credit card data, even in the event the site is hacked. GBFans.com does not store any credit card data.