I've was a loyal customer but stopped being a GPS customer in May due to CC fraud and, more importantly, the poor response by the GPS staff addressing the issue. The fact that the fraud reports continue to roll-in simply indicates where their minds are. I am very sad to see this but since it appears that this continues to be an on-going problem, I post the following for review.
Here are the emails I had sent to GPS,
May 12 2018:
Hello ~Gu,
Lot’s of chit-chat on rollitup recently but there is one thing caught my eye that I’d thought I should bring to your attention. One user had reported stolen credit card information apparently thinking it had something to do with a GPS transaction.
Whether it had anything to do with the payment processor that GPS is using or not, I cannot know. But, I also had my credit card number stolen shortly after using Payofix (a couple of fraudulent charge attempts). Hence, my decision to switch my payment method to money order on my most recent order.
At the time, knowing it’s difficult to know for certain where and when credit card information is leaked or stolen, I ignored this. Although, I very rarely have had this problem in past. However, If there is more than one report of CC fraud shortly after using Payofix, I would tend to be a bit more concerned.
Considering some of the issues that seem to have occurred with the GPS site, gold nuggets, and so forth as of late, it might be wise to review the overall security of the payment processing starting from your site through to the transaction processor. In particular, if there have been other reports of stolen credit card information. This is still anecdotal but now it appear there is at least one other with a similar issue. More of a “heads-up” than anything else.
A response was received May 14th. In response to them essentially indicating "it's not their problem"
May 14 2018:
Hello ****,
Thank you for the response. I thank you for your offer to provide documentation to assist any recovery needed through the CC company. I have already taken care of these items and these emails are more of an alert to GPS. The reason I was giving you the heads-up at this point (as my problem was revealed in late March) is because there appear to be additional reports from others about the same or similar issue. Though your processor is PCI compliant, everything in the chain including the ordering portal (e.g. your website at which point the cc information is entered), any human interaction in the chain, etc has to be accounted for.
The impression that I’m getting from the response is the “it’s not our problem” response. And, I certainly understand that if the theft of information is occurring with your vendor, you are correct, it is not your fault. I also understand the difficulties in your industry.
But, in reality, it very much could be your problem, in particular, if you are aware that this is occurring. Worse, if it’s on-going and happening to more than one individual, then it’s a matter of refusing to protect your customers from potential fraud. The implications of which are not good from a variety viewpoints including customer confidence.
This is not a threat, I have confidence in GPS will be able to review potential points of weakness. I’m simply trying to make you aware that I have had encountered an issue and potentially others have had recent issues with how the transactions are occurring with the current CC processor. That was essentially the point of the email.
Around this time I had posted a warning here on RIU regarding the issue and also PM'ed GPS. I did receive a response from GPS via PM. The response was polite but the feeling was they would take no responsibility, would not take any action to protect their customer, will continue allowing the use of Payofix while, at the same time, complaining about the reports of the issue. This was in the midst of several concurrent fraud reports from RIU users.
I'm not posting their response(s) directly but I will post my response to their response:
May 17th, 2018:
You are hurt? Really? Constant affirmation? I was personally affected by this fraud. Fraud very much hurts those that are affected. The CC fraud was occurring, GPS was made aware it was occurring, it has been occurring for some time now. And, GPS has refused to address this. GPS has not indicated that they are even looking into it. Even something as simple as a temporary pause would have satisfied some. And, as far as we know, this may still be occurring. The response has been and is currently, not our problem?
I'm afraid to say this is precisely why it ended up, publicly, in the forums. I would suspect if it occurs again, it will also again appear in the forums. If it occurs on your watch, whether it's the transaction processor or your website that's leaking the information, it is the choice of GPS to take this risk knowing that they may be risking their customer information.
The last thing anyone wants to do is to hurt you in any way. I have been fair with my posts and, in fact, embargoed my comments while awaiting an email response from GPS (days ago). I have nothing against you, you have a great business, and quality product but I'm afraid I disagree with your stance on this specifically. I will, though, assume that GPS is looking into this and, as such, I will refrain from commenting further on this matter on the RIU forum until such time there are new reports of compromised CC information.
Thanks
It's incredible that this appears to be on-going. I was very impressed when I first started purchasing seeds from GPS. Very unfortunate business practices as of late.
Oh, I was also taken by the S1 sham, lost gold points, etc, etc.