I posted in the other thread too but I got hit for +$1600 worth of airline tickets in Germany on the 20th of last month. I called Chase and they said that I had called them already ... nope! I canceled my card, changed all my auto-payments, and started the fraud investigation.

Stuff happens.

 

Lol some of you guys crack me up

Credit card number are kept on file for records. What do you think happends when you swipe your card at the grocery store? Don't you think they have your number on file too?

I keep everything on file for three years, including names, address, phone numbers, and credit card numbers. After 3 years, everything is still kept on record, but no longer on site and at a secure location instead (digital copies).

At my other day job in the hotel industry, we have record all the way back from the 90's including the paper credit card slips with full credit card numbers on them.

While those numbers are no longer active to use for something like fraud, they are still good to have records of just in case something happends and you need to dig the up for whatever the reason might be.

Furthermore, Perf. Nissan is a major operation. They are running the business at a Nissan dealership, not a mom and pop shop. These days, anything is possible including being hacked and information stolen.

However, I do understand what you guys are saying though. A company like Perf. Nissan should have better security on their ecommerce enterprise. Maybe using better software than OSCommerce as well as figuring out where the problem was.

Maybe they did not have a secure connection between their servers and the payment gateway? Maybe they are not using a secure enough password on the adminstrator end which should contain letters in uppercase and lowercase, as well as numbers, and symbols? It's hard to say where they went wrong but I am sure they are doing everything in their power to get this situation resolved as quickly as possible.

I still have 110% faith in the operations at Perf. Nissan

 

Damn, got my letter today. No unknown charges on the card that I could see at a glance, but damn, that unnerving.

@ UrbanTacticZ, yeah, I understand the need for detailed book keeping, but information like credit card numbers should be archived, off the live system, as early as possible. Keeping an archive of this information is understandable, although still not a pleasant thought, keeping it accessible through a network is ignorant though. Having said that, I do like performance, and I'm sure with all of the site down time they have learned a costly lesson. I doubt I'll hesitate to use them for purchases in the future.

 

got mine today

 

Agreed, credit card numbers shold not be stored live on the server and should be unloaded ASAP.

Which brings me back to my other point, they should look into ditching their current ecommerce software because it was very basic and I don't think should be used for their kind of application.

For my online shopping, my customers are protected by a dedicated secure connection between my server and my payment gateway (Authorize.net) where all the data is sent. None of the credit card processing is done or stored on my server.

I'm sure they will take care if it, afterall, they aren't noobs I am very impressed that they alerted all their members and sent them courtsey emails. To me it shows their constant attention to detail and their dedication for top notch customer service!

 

X

 

Just changed my CC # too. $10 to get the new card express mailed to me. I'll make sure to mention that next time I buy anything from them.

 

I just got the letter today....chit!

 

I'd like to know this too - it's been a while since we ordered from them, and we haven't received the letter yet, but I'm still kinda worried.

 

I just placed an order by phone, because the site was already down.... I am a webmaster for 11 websites and SECURITY is very important!

What happen was hackers got into the website/web server for Performance Nissan / mynismo.com, and maybe got credit card numbers from past or pending sales transactions.

This is big time bad!! You want to contact your credit card company at once!!

I would contact Performance Nissan to find out the credit card company they use to process transactions and then contact your card company with that info..

Maybe the hackers did not get your card info, BUT don't take any chances.

Good Luck to everyone who got a letter, I hope it all works out for you folks..

And BTW to TiPIACE & lex350 Paypal is not totally safe, I just got hit on my paypal account for $237.00... Paypal does not know how someone went in and authorized payment to themselfs with my account, I did not even know this was going on until I got emails stating Thanks for payments.

Anyway.. BE SAFE ON LINE!.!.!.! GOOD LUCK!.!.!.!

YES Hackers!

 

No method of transaction is totally secure I don't think. Maybe face to face but even that has it's own risks you know? IE fake tender, stolen credit cards, etc.

This is just one of those things that happends in our current lifestyle and it's hard to avoid.

 

Just got the letter today. yay~

 

is Perf nissan down for making purchases or can you still call in orders?

 

I am sure that they are only down on their ecommerce portion, give them a call on Monday and I am sure they can help you with a phone transaction

 

Just got my letter yesterday, dammit. My bank also automatically sent me a new card with a different number. Wachovia seems to be on top of things.

 

You are wrong. Issues such as these are black/white and clearly defined in the law. I'm certain you don't speak on behalf of Performance Nissan.

http://www.privacyrights.org/ar/ITLawsCA.htm
Destruction of customer records -- the "shredding" law
Businesses are required to take reasonable steps to destroy records containing personal information upon disposal of the records by shredding, erasing, or modifying the information to make it unreasonable. California Civil Code §§ 1798.80-82

 

Call them.. Ask for Tony

he will take care of your order!

 

owh.......

The Professional is Right...

 

Got mine letter yesterday, as expected. I went to the bank, luckily, there was only 1 car at the bank's front parking lot. At first, I thought it was closed, then I peeked inside and saw someone there. I was the only one there, and in 3-5 minutes, I got my #$%^ card cancelled and replaced at no charge. I did show the lady at Chase the letter when she asked for reasons. I could of gotten an ATM card, but 5-10 business day isn't too long of a wait. Overall, a hassle, but that is life. I still would buy from Performance Nissan.

 

I received the letter as well. Just called my CC company and closed my account. The new card should arive in 3 days. There were no charges to my account I did not authorize. I'll definitely think twice about ordering from Performance again.