I got a fraud charge on my NEW card shortly after i used it with Apex.. Hmmm. I wonder if they were the source of the leaked info

 

Ut oh

 

Yes, the story broke over on the AKFiles. See the General forum there for the thread.

The card I used to buy NPAP parts was compromised and had to be canceled.

 

Not good....man, I see deals online and stop short of ordering anything because of these hacks.

So far, calling in orders has proven safe, but I always wonder about the person who answers.

I really should just get a pre-paid and feed it as needed.

 

I believe this is what im going to do in the future. It is pissing me off Apex is taking no fault and saying its impossible that the site was compromised.

 

My bank will do visa gift cards with no fee. That's what I use. With no fee I just cut them up when I'm done. I don't recharge them.

 

My debit card was recently compromised (nearly $300 of fraudulent charges), and Apex was the last place I used it online. My computer has been consistently free of malware (regular scans), and there is no way someone could physically get a hold of my Visa without risking staring down the barrel of a Glock.

 

I never use my bank debit card for internet purchases,VISA card issued from the same bank but not my debit card linked to my checking account.

 

I thought about ordering a blem set of wood Yugo handguards yesterday but then decided to take a pause because of this. This crap happened to me last winter and I'm not willing to deal with it again.

 

Same here...need a new/unissued M70 LHG, and Apex is the only place I can find them other than the PITA ordering method through IWD for a new unit. I'm just not willing to risk ordering from APEX until they admit there's a problem and implement a fix.

 

There's still an option to mail your payment in with a check or money order.

 

APEX has always been a web based company, and we have always been security oriented.
We didn't wait for these reports to start looking at the web site, it has always been an ongoing effort.
I was in touch with our site contractors immediately when our customers started making reports..
This thread is probably going to give you the best overview of what some customers have had happen and what we have done up to this point:

Credit card Fraud - The AK Files Forums

Not sure you can read it if you are not a member though.
Since all the indications show (even after taking the site down on the 24th) that the actual web site and its server were not penetrated (no real point for anyone to even do so as we never "see" or store your card data) we did look at the CC gateway. You actually enter your card data into their web page and the gateway provider encrypts/moves the data to their system. All APEX gets is a message back about the transaction.
When contacted the gateway won't talk to you about any security issue, NONE of them will, and neither will the card companies.
We use the biggest provider in the gateway industry, and being a firearms related company our choices of a gateway provider are limited as are our choices for a card processor (a great many financial institutions won't service gun related companies).
It has been noted that the gateway provider performed a software update on the 26th.
It could be routine, I will never know as they won't provide details.
We have been watching the dates of customer reports, paying particular attention for anything used for a purchase after the 24th of August.
When we took the site and server down that evening, checked thru the logs, ran scans, added more security tools, even though we had no "that was it" findings, we did routine updates and then went thru all the settings and made some changes to ensure we were as "tightened up" as possible.
I also had the APEX internal network rechecked in case something malicious was running, I have a different contractor for that.
The scans and firewall logs had nothing out of the ordinary.

BUT, just this morning I had a telecon with another company that specializes in e-commerce penetration.
They are already running some preliminary tests, and I expect to have them engaged on Sunday or Monday.

On a related note..this is a very easy way to have you CC data taken right now.
Here is news of 330,000 point-of-sale sites where any customers CC data could have been intercepted:

http://krebsonsecurity.com/2016/08/d...sale-division/

The above report is from 16th of August..
The first news of it dates to July 25th..
APEX does NOT use MICROS.
Lots of fast food places here in the USA do.

Richard

 

The above report is from 16th of August..
The first news of it dates to July 25th..
APEX does NOT use MICROS.
Lots of fast food places here in the USA do.

This is true! I just had my card compromised about a month ago by Wendy's Fast food. Speaking with my financial institution it's becoming quite common these days.


As far as apex, IMO they are doing all they can. What other company would come to the forums and inform us of the process and issues? Sure they didn't inform us all but that's what our financial institutions are for. Keep in mind that weidners and AIM have had the same issues in the past yet they weren't here for explanations. Shit happens these days and I'll i can say is if one place is having issues then wait to spend your $$$ until the issues are handled. Because in today's world it will happen again.

Richard, I'm guessing that your site is secure. Can you give us a definate yes or no on if we should order off the site or wait until next week to order after you find out more info?

 

Apex should at least acknowledge that there may be a problem and urge people to phone in orders if possible.

http://krebsonsecurity.com/2016/08/data-breach-at-oracles-micros-point-of-sale-division/

The above report is from 16th of August..
The first news of it dates to July 25th..
APEX does NOT use MICROS.
Lots of fast food places here in the USA do.

This reads as a classic case of denial.

 

Apex should at least acknowledge that there may be a problem and urge people to phone in orders if possible.

http://krebsonsecurity.com/2016/08/data-breach-at-oracles-micros-point-of-sale-division/

The above report is from 16th of August..
The first news of it dates to July 25th..
APEX does NOT use MICROS.
Lots of fast food places here in the USA do.

This reads as a classic case of denial.

I understand the frustration and anger over having to replace credit cards.
It is one reason I added that link (above)
We all use cards when grabbing lunch and that point-of-sale terminal breech isn't making it to the news.

This has been in the forefront of my daily activities ever since my CS people brought the customers concerns to my attention.
However, it is about what we know, not what we theorize.
The info I share in my posts is what I know about the systems we monitor and control. The other segments (like the gateway and card processor) I can only pass along what they tell me or what I read on their web site.
APEX was founded on the principle of top notch customer service so you may understand why some of my posts show the frustration I am feeling about not having a clear cut definite fix to a defined problem.
I want to be able to tell all our customers we discovered "XXXXXX" and corrected it!
We have spent a lot of time and resources on this.
We never want any APEX customer to have a concern about the products you purchase, how it is shipped or the activity of making the purchase.
It is why that even today I was working with another company about running more additional testing.
I am still seeking to further understand and prove that CC data is safe for our customers to use on our web site.

Richard

 

From what they're saying that wouldn't be any safer, as phone in's use the same system.

 

I got hit with fraud on my CC too, just a week after ordering Sten parts from them.

The are a distributor for us, so I will give them a call on Tuesday to discuss.

Sven
Manticore Arms

 

Sorry you had your card data intercepted.

I see that order was placed on the 22nd.
I have some other customer reports from that date.
We took the site down on the 24th, and the next day my site contractor advised that he had tightened up settings on the gateway.
The gateway is normally maintained by the company that we pay for that service.
As I stated earlier, the gateway scheduled a network wide outage on the 26th, after we had opened trouble tickets about the customer reports.
So, as I said before, no "smoking guns" but my site contractor (using the tools he has) is not finding any exposures and we think all is secure as it can be.
AS I posted above, the company I started working with this morning will now test and try and penetrate our security.

Sven, you are welcome to call/text/email me anytime.
As one of our suppliers I am always available to you.

Richard

 

I had over 2k in fraudulent charges on my credit card after buying two Npap kits from Apex also. I haven't had to get a card replaced for fraudulent charges in a couple years. I needed some parts from these kits to complete a couple kits I already had. Otherwise I wouldn't have paid that much for a Npap kit to start with. The extra hassle of credit card issues just makes it hardly worth the trouble. Think I'll just stick to buying kits locally and on my annual trip to Knob Creek with cash.

Nathan

 

Quite honestly we all run this risk every time we swipe our cars somewhere. Use a CC not debit card and from there why worry. It's the banks money. They'll cancel it me send you a new one.

 

My card was fraudulently used at champs sports for $450 and journeys (trendy clothes) for $250 in Kentucky. I live in TX.

 

Once your CC info has been harvested it is usually sold on dark net markets for less than $10. The sellers even list your name and address. Then the buyer makes a copy card and goes on a buying spree. If it's in your same general geographical region the CC company is none the wiser its fraud.

I understand the frustration and anger over having to replace credit cards.
It is one reason I added that link (above)
We all use cards when grabbing lunch and that point-of-sale terminal breech isn't making it to the news.

This has been in the forefront of my daily activities ever since my CS people brought the customers concerns to my attention.
However, it is about what we know, not what we theorize.
The info I share in my posts is what I know about the systems we monitor and control. The other segments (like the gateway and card processor) I can only pass along what they tell me or what I read on their web site.
APEX was founded on the principle of top notch customer service so you may understand why some of my posts show the frustration I am feeling about not having a clear cut definite fix to a defined problem.
I want to be able to tell all our customers we discovered "XXXXXX" and corrected it!
We have spent a lot of time and resources on this.
We never want any APEX customer to have a concern about the products you purchase, how it is shipped or the activity of making the purchase.
It is why that even today I was working with another company about running more additional testing.
I am still seeking to further understand and prove that CC data is safe for our customers to use on our web site.

Richard

Richard hopefully you will get to the bottom of this. Good luck. I can only imagine how frustrating it is.

 

The problem may not be from APEX it could very well be that the credit card processing company has been compromised. The issuing card carrier that people that have had unauthorized purchases made on their cards will investigate to find out if the processing company has been compromised.

I had CC compromised about 6 months ago on a card I hadn't used in almost a year, the credit card issuer called to let me know as they knew it was a card I didn't normally use and I suspect they recognized it was a phony transaction, they cancelled the bogus transaction and issued new a new card...

I rarely use a bank card, I use a CC 99.9% of the time when ordering online...

 

I been watching this from the start (akfiles).

Man, o man. People acting like it's new thing or end of the world. If you D enough to use debit card, well it's going to be a lesson for you.
CC get stolen every day. I had my CC stolen(not apex), I didn't care. It's matter of time it will happen. Call CC all was fixed. If your CC giving you trouble about this. You need better CC.
There are people that want to steal your money!
This is going to happen, grow up.

 

Last year I used my card at an Albertsons grocery store and then 2 months later 2 fraudulent charges showed up at a Walgreens 70 miles away in Colorado. Go figure....I think these days it is the luck of the draw. I live in an area with very low violent crime, but fraud crimes are committed here an average of 4-6 times per day according to my local police department.

 

Well this explains everything. This morning I got an email from my bank telling me I will be issued a new card and the old one will be deactivated due to a possible merchant fraud. Last time I bought from them was a year ago

Sent from my XT1650 using Tapatalk

 

Was this the notice you received?
I saw it posted on the card fraud thread over at AK Files.
To me this is an indicator of something larger going on than what has happened to a portion of APEX customers.

Bank of America®
Security Alert: We're Issuing You a New Card To Help Keep Your Information Safe
ATM/debit card ending in xxxx
Xxxxxxx Xxxxxxxxx, PLLC,
We're letting you know your ATM/debit card may have been part of a compromise at an undisclosed merchant. This doesn't mean that fraud has or will occur on your account. However, as a precaution, we issued you a new card that will arrive soon in a Bank of America® envelope with a Wilmington, Delaware, return address.

 

Phaggots tried to get me today, but my card caught them.

 

Seriously, thanks Apex for telling us the info you have and keeping us informed. Some companies just shut up when something like this happens.

 

I can see why some companies don't share any info or updates.
On the other forum its become a lightning rod for all CC data theft reports, most are my customers, and I have asked that they send the date they used the card.
That helps us establish that the work that started on the 22nd and then taking the site down on the 24th and all the work that was done on that night put an end to the interceptions.
Also, it was our customers calling that made us aware that some criminal group had targeted the card gateway APEX uses and had found a way to copy that data.
Unfortunately it takes some days before anyone knows there card data has been replicated, and as we are seeing now it can be weeks before we hear about it.
Fortunately card companies & banks are ready to handle it and issue new cards.
What they won't do is chase down the offender.
On the other forum it was reported that a card number was used to pay a health insurance deductible! That definitively has a name of buyer of a stolen CC tied to it!

In the past we have really expended some time/effort working other isolated customer reports, only to find compromised customer devices, or that the customer was on a open wi-fi (like a hotel) where a lot of this type of data gets harvested.

APEX is good now, we just have to be verified and continue to try and stay ahead of the organized crime groups that are always looking for a way to steal.

Richard

 

Richard I got hit with cc fraud on my Chase card for 72.00 from a German internet company. Chase took care of it and issued me a new card.

It was around the 24th.

 

Right after my NPAP order my account got hit for $1680.00. Airbnb or some shit. Whatever that is.

 

Do you have an indication of the earliest report of an occurrence at Apex?