Urban Tribe - Ride with your kids in front.

Fraud hits local customers of online retailer Nashbar

Posted by on July 14th, 2009 at 11:03 am

Oregon Manifest Bike Show Day 1-50

Gabriel Tiller wasn’t smiling
after a security breach at
Nashbar.com resulted in fraud.
(Photo © J. Maus)

Northeast Portland resident Gabriel Tiller is sort of a bicycle renaissance man. He has won a national tall-bike jousting competition, taken top prize at the Zoobomb Century, earned a spot on the gravity-biking podium at the Maryhill Festival of Speed, he likes to do bike touring, and he has recently taken to mountain biking.

Most of the time, Tiller builds bikes from used parts lying around his garage or from the various sources around town. But often, he buys hard-to-find parts from an online retailer to feed his cycling habit.

Last week, he noticed several strange charges on his credit card that went to unfamiliar websites like “networkagenda.com,” “fedgrantusa.com,” and “gglprofit.com.” He immediately Googled them and found that there were many other people complaining online about similar fraudulent charges. A little more digging and he confirmed the culprit: Nashbar (also known as Bike Nashbar).

Nashbar (which is owned by North Carolina-based Performance Bicycle, Inc.) is a large, national online discount retailer of bike parts and accessories.

According to pages and pages of complaints from angry customers on BikeForums.net, Nashbar has acknowledged that one of their websites was hacked back in December 2008. However, according to this local newspaper story, the company didn’t tell customers about the security breach until July 1 of this year.

Also according to that story, Nashbar has sent out a letter to customers about the incident. Tiller says he has yet to receive a letter. He called Nashbar and they took down his details, but so far, they haven’t offered him any compensation.

I’ve tried several times to speak with someone at Nashbar about the issue. The two people I’ve gotten through to both refused to give me any information about the incident. The Nashbar “Customer Care” representative said she doesn’t handle information for the media, but she would not give me any other number to call. As I was trying to get more information from her, she just hung up the phone.

Nashbar has admitted that their customer’s credit card information was stolen in a security breach, yet they waited seven months to notify anyone about it and when asked to provide more information about the incident, they refused. (Update: I’m now trying to speak with someone at Performance).

As for Tiller, he’s keeping a close watch on his bank account.

NOTE: We love your comments and work hard to ensure they are productive, considerate, and welcoming of all perspectives. Disagreements are encouraged, but only if done with tact and respect. If you see a mean or inappropriate comment, please contact us and we'll take a look at it right away. Thank you.

76 Comments
  • Anonymous July 14, 2009 at 11:12 am

    Try contacting Performance Bicycle, they own Nashbar.

    Recommended Thumb up 0

  • Serviceburo July 14, 2009 at 11:15 am

    After I saw your first tweet, I went and checked and my CC company had changed my account number after 15 years, when I called they said that they had been been notified by a “compromised vendor”. I’ve used this card at Nashbar, really makes me wonder.

    Recommended Thumb up 0

  • Nick July 14, 2009 at 11:26 am

    Wow. Security breaches are somewhat understandable (no one’s perfect), but Nashbar’s handling of the aftermath is really deplorable. I’ll make a mental note to NOT do business with them in the future.

    Dear Nashbar: Honesty and transparency are both good ethics and good business. You’re shooting yourself in the foot.

    Recommended Thumb up 0

  • Jeremy July 14, 2009 at 11:27 am

    I have been dealing with my bank for almost 2 months now trying to figure out where these exact same charges came from. I am now printing off this article and taking it to the bank. Thanks for the heads up.

    Recommended Thumb up 0

  • Eric July 14, 2009 at 11:27 am

    He needs to contact his bank/credit card and report this a fraud, that is how he’ll get refunded. Performance/Nashbar isn’t going to refund.

    Recommended Thumb up 0

  • Matt Haughey July 14, 2009 at 11:28 am

    HOLY CRAP.

    This past spring, I got a really strange charge on a credit card I rarely use. Thankfully, the company emails me when charges are made. I called and canceled the card within minutes and they only got two charges to a really skeevy online get-rich-quick thing.

    For the past three months I’ve been locking down my personal info and checking credit reports, checking passwords and security everywhere (I’m a web developer) in hopes of figuring out where this identity theft originated.

    A friend told me about this yesterday and after I saw your tweet Jonathan, I decided to look up which card I used for a single purchase off Bike Nashbar last fall.

    It was the card that was compromised. Figures.

    Recommended Thumb up 0

  • brewcaster July 14, 2009 at 11:28 am

    Love them or hate them, I am with Bank of America. I setup an alert through thier website to send me an email if there is a charge to it.

    It came in handy once when some in the Netherlands used it online. The faster you know about it, the better you can react.

    Recommended Thumb up 0

  • Andy July 14, 2009 at 11:31 am

    I am glad I am not the only one. The same card # I used to shop with Nashbar was stolen from me and used to make purchases online. I did not put the two together until I got a call from Nashbar (more specifically a woman working for a PR company representing Nashbar) about a month ago. My card got used about a month after their breach. I can’t prove the two are connected but I wouldn’t be surprised if they are.

    Just like the person in the story there was no offer of compensation, which honestly makes me quite mad. The same company sent out a bad email offer last week and after realizing they had made a mistake in the email sent out another email that same day offering free shipping as compensation for the earlier screw up. This makes you wonder why they would not offer anything to those of us who could have had our cards compromised. I haven’t gotten the letter yet but if they are smart they would include a coupon of some sort. If not they are getting an angry phone call and I will not shop there again.

    Recommended Thumb up 0

  • RyNO Dan July 14, 2009 at 11:47 am

    You people are barking up the wrong tree.
    Your bitch-and-moan, holier-than-thou, your-so-perfect attitude is helping Nothing. This kind of thing happens all the time, the card companies usually catch most of this stuff right away. You were unlucky, sorry. But if it’s fraud, you don’t have to pay. I’m sure it’s inconvenient, but making the whole town bitch about Nashbar is not the solution, sorry. Happy biking !!

    Recommended Thumb up 0

  • Matt Picio July 14, 2009 at 12:11 pm

    RyNO, they *should* bitch about Nashbar – the site gets compromised in December 2008 and they wait 7 months to notify customers? That’s inexcusable, and a perfectly good reason to complain.

    Yes, fraud is common, and with linked databased it gets more common all the time. Sure, credit card companies know how to deal with it. Neither of those facts excuses a company for waiting 5 months before notifying their customers that their information has been compromised.

    and it sounds like now they want to clam up even more and not disclose anything to the press – not exactly open or transparent.

    Recommended Thumb up 0

  • Jessica Roberts July 14, 2009 at 12:13 pm

    Yeah, I wouldn’t say they owe anyone a refund on those charges, but they do owe an explanation for why they failed to notify customers or, apparently, take any action to correct the situation.

    Recommended Thumb up 0

  • RyNO Dan July 14, 2009 at 12:18 pm

    There is a reason that compromised vendors are supposed to remain anonymous, why your card company is not supposed to tell you the name of the compromised vendor. And this scenario is exactly why. Sorry you don’t get it. Go for it, give em hell for getting hacked…..and pray it never happens to you…..

    Recommended Thumb up 0

  • Lazlo July 14, 2009 at 12:23 pm

    I got hit, too. Just got the letter, but I had charges from Google Profits and similar things. It started with calls to my cell phone to discuss the disc they were mailing me after I signed up online. They shipped discs twice and charged me for shipping. I reported all fraudulent charges and was credited by my card company. I also reported everything to the Oregon Attorney Generals office, and they followed up by letter, phone, and email. The fact that Nashbar knew about this and did not notify customers is inexcusable.

    Recommended Thumb up 0

  • ScottG July 14, 2009 at 12:30 pm

    I’ve had fraudulent charges hit my credit card a few times over the past 10 years. It’s a pain but if you watch your statement and immediately report any unknown charges, you won’t have to pay anything and it shouldn’t impact your credit report in any way.

    That said, Nashbar needs to explain what they’ve done to improve their credit card processing security – and until they do that, I have no intention of buying anything from them.

    Recommended Thumb up 0

  • BigB July 14, 2009 at 12:31 pm

    I do credit counseling for a living. When a creit card is branded with Visa/ Mastercard it entitles you to certain protections. Notify the credit card issuer (bank) that there was fraud and dispute the charges. If you don’t do this as soon as you know about the fraudulent charge you may be held liable for part of the charges. BikeNashbar will not eat the charges, but the card issuer or Visa/ Mastercard will. If it gets to be serious Visa/ Mastercard will make BikeNashbar repay them for fraud liability. BTW, You should not use your debit card for Online Purchases because if your checking account funds are compromised it will lead to all sorts of other problems which you will not be repaid for.

    Recommended Thumb up 0

  • The Square Live @ 7 July 14, 2009 at 11:44 am

    Bought anything from Bike Nashbar lately? Check your credit card statement. http://is.gd/1yJdW

    Recommended Thumb up 0

  • Oliver July 14, 2009 at 12:47 pm

    BigB,

    Thanks for the info: “You should not use your debit card for Online Purchases…”

    That is the question that I wanted to ask.

    Recommended Thumb up 0

  • Dave July 14, 2009 at 12:58 pm

    So…..pay cash, and buy locally.
    I’ll bet Bike Gallery, for instance, would be a whole lot faster to notify customers if their security was breached like that.

    Recommended Thumb up 0

  • Roma July 14, 2009 at 2:23 pm

    No WAY!

    I also had fraudulent charges on my card in April – the same card I used to buy some stuff at Nashbar last year. W T F !?!?!?!?

    You can bet I’ll never spend another dime at Performance OR Nashbar. Their (pack of) response to the breach is more upsetting that the breach itself.

    I never received an email or letter from Nashbar. Unbelievable.

    Recommended Thumb up 0

  • Roma July 14, 2009 at 2:24 pm

    That should read ‘lack of’ not ‘pack of’. 😛

    Recommended Thumb up 0

  • keefer July 14, 2009 at 2:32 pm

    Security compromises are inevitable with todays technology. Pay attention to your accounts, be diligent with whom you do business and never assume anything. I was in Mexico this past Spring for our honeymoon. We paid cash for everything except for a daily rental of a vehicle, this was back in April. Went online yesterday to pay some bills and noticed a Samsclub purchase in Cancun?? Talk about WTF I don’t even shop at Sams or Walmart for that mattter. I Immediately called my banking establishment, notified them and cancelled my current card. It sucks to be the victim, however pay attention to your accounts and you should be able to stabilize the damage.

    Recommended Thumb up 0

  • Roma July 14, 2009 at 2:36 pm

    RyNO Dan said (among other things): “Go for it, give em hell for getting hacked”

    I will. They were obviously storing credit card information in plain text. If you don’t have the proper security in place to protect your customer’s data, they have a right to know, and a right to never shop with you again. Sorry you don’t get it.

    I’m sorry, but if you run an online business and your customers’ data gets compromised, IT’S YOUR FAULT. Period.

    Recommended Thumb up 0

  • West Cougar July 14, 2009 at 2:37 pm

    Somebody needs to tell Nashbar this ain’t Vietnam, there are laws!

    Recommended Thumb up 0

  • West Cougar July 14, 2009 at 2:41 pm

    Lawsin 44 states in fact.

    Recommended Thumb up 0

  • Tommer July 14, 2009 at 3:24 pm

    @Serviceburo #2

    I had the same experience this week, now I know why, I used that card at Nashbar.

    Recommended Thumb up 0

  • dsaxena July 14, 2009 at 3:46 pm

    As someone who does a lot of online shopping, is fairly tech literate, and has been hit by fraud in the past, I have some comments:

    First of all, shame on Nashbar for waiting so long to tell customers; however…at the same time, I don’t think this is that far from the norm. Corporations usually do major investigations when there is a security breach before announcing it to the public. Also, just b/c you used Nashbar does not mean that your account was hacked which may be why you have not received a letter. Computer systems are complex and most likely they need to audit their whole system and figure out which specific customer databases were hacked into.

    It is _NOT_ Nashbar’s responsibility to refund the money. They don’t have your money, some random hacker or group of hackers do so why should Nashbar take money out of their bank account to pay you? If you come to a party at my house, leave your wallet on a table, and someone steals it, do you expect me to give you any funds that were in there? I don’t think so, so use the same logic. You need to contact your bank and they will do their own investigation. Nashbar _should_ step up here and provide support to customers who were affected via documentation that can be provided to banking institutions.

    Recommended Thumb up 0

  • erikv July 14, 2009 at 3:51 pm

    Yup I got hit this winter with fraudulent charges. Nashbar was only one of the few online stores I used a specific combination of name, phone number and address with.

    I notified them this winter that I believed their database had been compromised. They did respond, but never told me they had been hacked. Would have been nice to have known, but I figured it was them anyway.

    Recommended Thumb up 0

  • erikv July 14, 2009 at 3:56 pm

    Oh and by the way, Nashbar isn’t the only one to get hacked. It happens quite a bit, unfortunately. You can’t blame every compromise on them, though it’s convenient.

    Also, I believe you are not liable for fraudulent charges. The bank should reimburse most them for you.

    Recommended Thumb up 0

  • Nick July 14, 2009 at 4:03 pm

    erikv and others:

    No one, or few, at least, are angry at Nashbar for being hacked. It happens. The point is that they’ve been extremely secretive and unhelpful in the aftermath. They have handled the situation very badly. They freakin’ hung up the phone on Jonathan!

    Recommended Thumb up 0

  • Mark Allyn July 14, 2009 at 4:07 pm

    Duly noted and duly boycotted.

    I do want to note that although I have done some purchases at the Performance shop in Beaverton, I have not had any funny charges on my card.

    Perhaps the problem does not include the local Performance shops.

    Thanks for the heads up!

    Mark

    Recommended Thumb up 0

  • Donna July 14, 2009 at 4:38 pm

    Time to let Consumerist know. These guys have ways of getting a hold of higher-ups & embarrassing them…

    http://consumerist.com/

    Recommended Thumb up 0

  • slob boy July 14, 2009 at 5:08 pm

    This is a no brainer.
    Dispute the charges with your credit card company. They will remove the charges as they want to retain your account.
    Why do people always look for stupid alternatives?
    Also why would anyone want to buy from Nashbar or Performance?

    Recommended Thumb up 0

  • seth July 14, 2009 at 5:15 pm

    credit card info will continue to be stolen. you are typically not liable. keep an eye on your transactions to be sure, contact CC company with questions.

    one solution: buy local, pay cash

    another solution: some CC companies offer “disposable” cc numbers for online transactions, could go that route. probably not convenient for a frequent shopper?

    Recommended Thumb up 0

  • steve July 14, 2009 at 5:52 pm

    Performance and Nashbar both suck.

    So does over dramatizing a complete non-issue such as this. Slow news day?

    Recommended Thumb up 0

  • Katusha July 14, 2009 at 7:17 pm

    Slob boy #31: “why would anyone want to buy from Nashbar or Performance?” That’s the most important question. Online or in store, those guys aren’t helping anything.

    Recommended Thumb up 0

  • Karma is a B July 14, 2009 at 7:41 pm

    Well, maybe people should think twice before ordering krap from an online discount store and order components from your friendly local bike store. Keep local people in business instead of some online retailer.

    Recommended Thumb up 0

  • education4army July 14, 2009 at 7:54 pm

    BikePortland.org » Blog Archive » Fraud hits local customers of online retailer Nashbar: tomkolo shortened.. http://bit.ly/Ml1bE

    Recommended Thumb up 0

  • bikesalot July 14, 2009 at 9:20 pm

    My CC company called this week with a fraud alert – and I have used it at Nashbar. Looks like quite the pattern evolving here. No proof, however – the card # also could have been skimmed at a restaurant. Second time on this card, and it IS quite the pain.

    I guess a LOT of local folks got hit by this one.

    Recommended Thumb up 0

  • Donna July 14, 2009 at 9:40 pm

    I’m not saying this applies to the Portland area by any means, but there are lots of people in North America who are 100+ miles from a bike shop. These people rely on online/catalog retailers like Nashbar & Performance and don’t really have any place else to go. This is really uncool for them.

    Recommended Thumb up 0

  • Roma July 14, 2009 at 10:16 pm

    Why would anyone shop at Performance or Nashbar?

    I once got Ultegra STI shifters from Nashbar for less than River City could get them wholesale (I asked, because I’d rather buy from them). I’d rather shop locally, but unfortunately sometimes my bank account dictates I find the cheapest option.

    That said, I’ll never buy from Nashbar/Performance again. But I also won’t hesitate to buy from an online bicycle retailer in the future if I find a screaming deal.

    Recommended Thumb up 0

  • antload July 15, 2009 at 12:32 am

    Thanks Dave #17 – slightly off the main topic, but such an important message!

    Everything is better when done LOCALLY!!!!! Pleasant side-effects include less fraudulent credit card use!

    And screw the credit card companies anyway!

    Recommended Thumb up 0

  • Joe Rowe July 15, 2009 at 1:28 am

    Security on computers is quite simple for vendors who pay for quality tech labor. A security break like this is preventable. I worked for a co-operative bike shop who wanted to get rid of their stand alone VISA machine until we pre-tested an upgrade. We found out the POS software “upgrade” stored all 12 digits of the credit card number in a text file along with name etc. We called the vendor “profit plus” who did not seem concerned in 2004. I pointed to the breach, the law, and prevented the upgrade. Anyone who buys from a local shop using profit plus may be vulnerable. Online simply means a target is more delicious and widespread for criminal minds.

    Finally, there is no such thing as true cost savings when a person in Portland buys bike parts from a Nasbar or Performance. I can understand that access to reproductive services and bike parts is highly limited in most rural sections of our vast nation of freedom. But great mother of all excuses, if you live in Portland, buy local, where you pay no taxes, no shipping, and you get great refunds, and most shops have 2-8 mechanics with 30-100 years of combined experience.

    Recommended Thumb up 0

  • vequinox 6 July 15, 2009 at 2:21 am

    Wow, this sucks. I buy tons of parts from Nashbar. You cannot beat their prices anywhere. I hope they get things straight or they just lost another customer. I agree with Roma. I would love to buy locally too, but my bank account also prefers the prices at Nashbar.

    Recommended Thumb up 0

  • Aneurin July 15, 2009 at 2:31 am

    Not to be a shill for Paypal here, but their browser plug-in allows you to generate a secure single-use card number.

    Pretty hard to hack a card number that is for one time use only. You do not, under any circumstances, want to give out your debit card number over the internet.

    I would agree that you should probably just buy local, since Universal Cycles will price match any way.

    Recommended Thumb up 0

  • fredlf July 15, 2009 at 8:31 am

    Second the recommendation for Universal Cycle, price-matching and real staff. Also, BikeTiresDirect is another local/online vendor that has good prices and is staffed by actual cyclists.

    Performance/Nashbar are the Wal-Mart of cycling gear. They have predatory practices that target small local shops and their service is god-awful. I stay away.

    Recommended Thumb up 0

  • James July 15, 2009 at 9:04 am

    Performance/Nashbar will never truly care about you or your problems. If you want honest, credible service, visit your local bike shop.

    Recommended Thumb up 0

  • KruckyBoy July 15, 2009 at 10:34 am

    Also why would anyone want to buy from Nashbar or Performance?

    Uh, maybe because they have good prices and a friendly staff. I have consistently been treated better at Performance than any other ‘local’ shop in town. I have never gotten any of the attitude that so many of the ‘local’ shops seem so good at distributing. Maybe some day I will have a job that pays me enough so that I can piss money down the drain at Bike Gallery. Until then, I will go with the lowest price. Sometimes it’s Performance, sometimes it Bike Tires Direct (who are great but have a limited selection), and sometimes it’s City Bikes.

    Also- No one else in town carries the E3 saddle that I love.

    In terms of security big companies do get hacked, but if you read up on identity theft you will see that you have the greatest chance of getting you CC number stolen at a local business where an employee writes it down or rubs your card number, and then steals the 3 digit code off the bank. Most CC numbers are stolen by waiters and waitresses because they often have access to your card when your not watching.

    Recommended Thumb up 0

  • Glen B July 15, 2009 at 10:58 am

    Nashbar called me directly to explain the breach. I was actually pleased by their friendliness and apology.

    Of course, since it’s a credit card, my bank (US Bank) handled the fraud stuff quickly and easily.

    Recommended Thumb up 0

  • Dan July 15, 2009 at 1:38 pm

    Wow. I went through the same thing as many above and based on the direction things went (google profits, etc.), it sounds like Nashbar was probably the culprit.

    Just a heads up, watch your email too. The same time my credit card was hacked, my email was. A simple password change can make a world of difference if you end up in this situation.

    Recommended Thumb up 0

  • […] in the last eight months, you might want to check your credit card statements so possible fraud. BikePortland is reporting that the discount bike parts mail order house had its customer database hacked back in December […]

    Recommended Thumb up 0

  • Matt Callow July 15, 2009 at 2:48 pm

    More on the Nashbar story: http://tinyurl.com/ln7tst

    Recommended Thumb up 0

  • KWW July 15, 2009 at 4:32 pm

    2 potential mistakes here:

    1. If you buy with a debit card, you lose your money. Use a credit card always!

    2. It seems that Nashbar uses a ‘Walmart’ model for their business products (find something nice, copy it and make it in a 3rd world country for pennies on the dollar). You get what you pay for, and sometimes more, apparently…

    Recommended Thumb up 0

  • 303cycling July 15, 2009 at 8:10 pm

    Nashbar hacked! I bet this is how my credit card # was stolen… yes I shop at Nashbar, http://tinyurl.com/ln7tst

    Recommended Thumb up 0

  • TOUR of the GILA July 15, 2009 at 8:13 pm

    RT @303cycling Nashbar hacked! I bet this is how my credit card # was stolen… yes I shop at Nashbar, http://tinyurl.com/ln7tst

    Recommended Thumb up 0

  • Pete July 15, 2009 at 11:08 pm

    I just got my letter today, dated July 13. Logged into Citi to check my charges and they have issued me a new card. I check my statements religiously and haven’t had any fraud to date. Also I have my own domain so make up email addresses for every account I register, so I can tell who’s compromised or selling my info.

    Incidentally, after I got a Nashbar order shipped to a client site I started getting Outside magazine there (I think they’re REI?). So they did sell my shipping address to a mailing list.

    I second the LBS sentiment, but sometimes Nashbar closeouts just can’t be beat, and certain LBS’s in the Portland area have given me crap about negotiating with their insanely inflated retail prices. I buy from the ones who don’t put themselves on a pedestal.

    Recommended Thumb up 0

  • Vequinox 6 July 16, 2009 at 1:25 am

    Just got a letter from Nashbar yesterday also. They offered a nice 30% off code too. I will order from them again, but will be aware. I had 2 fraudulent charges on one of my credit cards recently, and it was after transferring money from one card to another. Someone tried to hack into both cards, but only successful on 1 card. I did not have to pay a dime. They (Mastercard) were very good about dealing with the whole thing. This is something to watch out for as well. It had to be someone at one of the card companies, who of course have access to all of our numbers. You really can’t prevent something like that from happening.

    Recommended Thumb up 0

  • Linda July 16, 2009 at 7:10 am

    There are tools you can use to shop online more safely. Discover allows you to create a new credit card number. The number is linked to the merchant where it is used, so it can’t be used elsewhere, even if it is stolen. Visa offers its own protection – you create a separate credit card number that has a maximum value and a time limit. Either way, make sure you check your statements regularly.

    Recommended Thumb up 0

  • Jamie Riehle July 16, 2009 at 6:24 am

    RT @303cycling Nashbar hacked! I bet this is how my credit card # was stolen… yes I shop at Nashbar, http://tinyurl.com/ln7tst

    Recommended Thumb up 0

  • gabriel amadeus July 16, 2009 at 9:21 am

    This isn’t about Nashbar vs the LBS. I shop at the CCC, A Better Cycle, or another local shop 9 times out of 10. This particulat time I need a set of cheap tools that local shops don’t carry.

    I just got the same 30% discount form letter yesterday as well, which is nice, but about 6 months too late. That’s the issue here, even in the letter they admit to discovering the breach and shutting down the site on March 3rd. And then waited 4 1/2 months to inform their customers?

    The fraudulent charges happened in June, and if nashbar had acted in a timely fashion in the interest of their customer’s safety, this could have all been avoided.

    It looks like most of the charges in my case have been refunded by the spammers, which is great, $100 goes a long way right now.

    Recommended Thumb up 0

  • wsbob July 16, 2009 at 10:43 am

    I just read editor Maus’s twitter line:

    “Just spent 30 min. on phone with Performance CEO.. he said 150,000 people were impacted by Nashbar security breach.” maus

    150,000 people… . Hopefully, the CEO sharing that info is some kind of encouraging sign the company intends to commit to doing more to prevent this problem in future.

    I’d prefer to shop at the LBS…bike gallery in my case. I’ve got much more confidence in their mechanics than I do the chain store’s. In some cases though, such as shoes, Performance is able to carry a much wide selection that BG can. That can be very helpful if you’re having a hard time getting a good fit.

    Recommended Thumb up 0

  • Lee July 19, 2009 at 11:24 am

    Bike Trashbar and their owners, Performance, suck.

    That is all.

    Recommended Thumb up 0

  • Crash N. Burns July 20, 2009 at 11:42 am

    I am not sure if my account was compromised through Nashbar or not, but the timing certainly makes it possible.

    I dealt with fraudulent charges on my account a few months back. My strongest advice (which may have been given already…) is to:
    -Immediately file a police report and a fraud report with your bank.
    -Add fraud alert to your credit report. Its free for 90 days through the three major credit reporting companies and can be renewed.
    -Contact the companies that you account was charged to. In my case it was ProActiv skin care company, BMG music, Itunes, York Photo, and an online customer service subscription for computer tech support.
    The companies were very cooperative because I had the report numbers from the Police and the bank as well as having froze all activity on the account immediately upon notice. Most of the companies had not received any payment because the account was froze and they canceled the transactions completely and noted the the purchase attempt was fraudulent.
    It took nearly three months and much diligence, but I lost no money.
    -Also, my compromised account was a checking/debit account that was linked to savings and a credit card. Once the Checking account balance was depleted, it went to savings for overdraft, and then to the VISA after the savings was gone. Then VISA started adding service charges and the whole thing began to snowball through three accounts. All in less then one day. Like I said, it was all resolved, but I have consequently changed the way my accounts are linked…

    Criminals suck.

    Recommended Thumb up 0

  • Crash N. Burns July 20, 2009 at 11:54 am

    kruckyBoy #45
    “Most CC numbers are stolen by waiters and waitresses because they often have access to your card when your not watching.”

    After a long discussion with a Police fraud investigator, in which I asked him repeatedly about circumstances like this, he told me that they almost never find the fraud to have come from local business employees. Not that it doesn’t or can’t happen, but he said that now days it is almost always a compromised data base.

    KWW #49
    “1. If you buy with a debit card, you lose your money. Use a credit card always!”

    I am not certain that Nashbar was the culprit, but my debit card was compromised and all purchases were reversed by my bank.

    Recommended Thumb up 0

  • Adam July 20, 2009 at 3:22 pm

    This is really too bad, for everyone involved. Hopefully Nashbar gets their security improved and everyone who has had their cards compromised gets their money back.

    One thing I use often online is a card number generator, offered by my bank (Bank of America). I don’t know how many other banks offer the same type of service, but the way it works is that I can specify an amount (say $200) and what month I’d like the card to expire in. It automatically generates a one-time-use number which can only be charged up to the limit specified.

    It makes me feel a whole lot better about shopping online, that’s for sure…

    Recommended Thumb up 0

  • Joe Rowe July 20, 2009 at 9:34 pm

    I agree with other advice here:

    – On the back of your VISA card scratch off the 3 digit code. Write a hint to yourself on the card.

    – As soon as you get your VISA card, on the back of your VISA card sign your name and write CHECK ID in sharpie.

    – Don’t use an ATM or money machine unless it comes from a bank. Avoid no-name small ATM machines. Generic ATM kiosks have a long history of harvesting your PIN, and then having the PIN used a year later.

    – Have an ATM card and checking/savings account that is not linked to any other account.

    – Don’t use a DEBIT card. The laws for consumer protection are weak.

    – If strange things happen, Pay one of the 3 credit agencies to send you fraud alerts.

    – Don’t use windows computers. Use mac, Ubuntu Linux, or the soon to be released OS from Google called Chrome OS. If you have to use windoze, don’t use it unless you are at home or work.

    Recommended Thumb up 0

  • Matt July 23, 2009 at 3:59 pm

    Never use your debit [which is also a visa card in my case],my checking account was messed up for weeks.At least with a normal credit card it not your money upfront.

    Recommended Thumb up 0

  • Paul Young July 26, 2009 at 2:35 pm

    Nashbar customer database compromised, credit card data stolen. http://tr.im/u7IO (hat tip @cloveman)

    Recommended Thumb up 0

  • Nash July 28, 2009 at 11:13 am
  • Concerned July 31, 2009 at 10:19 am

    Nashbar is a small company. How about big companies getting hacked – say like major banks. About a year ago, a major bank was hacked into and credit card numbers, addresses, names, even the code on the back were all stolen. People in other countries were using the card numbers to order stuff. Who did you think got stiffed? The credit card holder wasn’t responsible, the bank claimed they weren’t responsible – it was companies like Nashbar and other mailorder companies (even Norstrom’s was involved) that shipped merchandise and never got the money for it.
    Moral of the story – If big credit card companies can get hacked into, why do you think that a small company like Nashbar is immune?

    Recommended Thumb up 0

  • SyntaxPolice August 3, 2009 at 10:52 am

    I talked to Nashbar and they claimed that no one in Oregon was affected. Hmm…

    Recommended Thumb up 0

  • anes August 10, 2009 at 8:31 pm

    the cst service people at nashbar have no idea who was hacked..the phone reps werent given any information on what happened or what was done about it..but if you are worried about placing further orders with nashbar order over the phone its safer and you are talking to a live rep

    Recommended Thumb up 0

  • mslf500 August 18, 2009 at 5:50 am

    I’ve had 3-4 credit card numbers stolen over the last few years. It’s almost routine these days and the credit card companies are pretty good about detecting fraud. I’ve received calls from them before I knew there was a problem. Not once have I ever been held accountable for a breach of security or a false charge.

    I order a lot of items over the Internet and use one dedicated card only for Internet use. I have another card I use for normal retail purchases. I always make sure the sites are “https” sites. They still get stolen somehow.

    I’m not sure why Tiller thinks he would be entitled to “compensation”

    Recommended Thumb up 0

  • Super Cool Bike Shop September 3, 2009 at 2:30 pm

    On the flip side of things, at our bike shop, we had a customer write a bad check for a tandem bike, and have actually seen them riding around town a couple of times.

    It’s horrible when stuff like this happens, but you’ve got to expect it, and just be prepared for the next time.

    Always use a credit card over a debit card so you can void charges like these.

    Recommended Thumb up 0

  • Meredith Begin December 10, 2009 at 8:53 am

    If you've purchased anything from Nashbar, check your credit card statements for fraud! http://bit.ly/8TwmnV

    Recommended Thumb up 0

  • Meredith Begin December 10, 2009 at 8:55 am

    RT @biker_mbegin If you've purchased anything from Nashbar, check your credit card statements for fraud! http://bit.ly/8TwmnV

    Recommended Thumb up 0

  • working bike December 10, 2009 at 10:18 am

    If you've purchased anything from Nashbar, check your credit card statements for fraud! http://bit.ly/8TwmnV http://ff.im/-cIVNS

    Recommended Thumb up 0