Warning for all Battlefront Customers - Credit Card Fraud

[RichG]

I hope Matrix don't mind me posting this here, but I believe a lot of people may miss the post at the Battlefront forum.

It appears that a lot of people who have made on-line payments to Battlefront since the release of Combat Mission Shock Force 2, which coincided with them moving to new servers, have had unauthorised / fraudulent payments taken from their credit cards or Paypal accounts.

If you have made any purchases in the last couple of months with Battlefront please check your cards and read this thread:
http://community.battlefront.com/topic/ ... nsactions/

A good number of their customers appear to have been effected so it is much bigger than just a coincidence.

[Titanwarrior89]

[:-]

[demyansk]

Good job letting everyone know. Glad I didn't buy.

[z1812]

Battlefront has done a thorough investigation, as any company would if there was any chance their payment arrangements were compromised. No problems were found.

I, along with many others have recently made game purchases without problems.

If you are concerned, check the link the OP provided and read the posts. You will find that Battlefront has been very upfront about their procedures and the steps they have taken to ensure their payment arrangements are secure.

[rico21]

It's really sad to be robbed twice, once buying the game, a second time for buying it.[:(]

[demyansk]

Great

ORIGINAL: rico21

It's really sad to be robbed twice, once buying the game, a second time for buying it.[:(]

[ezzler]

I bought from there at Xmas.
had card hacked about two weeks later.

its a business card. So wasn't used anywhere else.

Might just be coincidence. But i'm glad people are made awarwe.

[rico21]

I feel very sensitized.
When I buy a good game, I'm ready to be stolen 3 times.[:)]

[Rising-Sun]

Someone or a group must have breach their site and taken customer infos. I got hit on that ebay, that ebay saying they couldnt see the problems. So if they (any sites) cant seem to protect customer infos, then there a risk.

All you have to do is either make a paypal separate account that cannot go negative and/or bank account on secondary to transfer funds for online purposes. On the bank statements, make sure it is locked, so it cannot go negative or ended up paying for those overdraft fees.

[BletchleyGeek]

Steve Grammont has posted an update on this matter, detailing the actions pursued in response to the concerns raised and his position on the matter:

If anybody is inclined to post REAL information to threads like the one on Matrix, here's the summary of where we're at:

1. A tiny fraction of customers who placed orders in the past 2 months have chimed in here to say their credit cards had fraudulent charges placed in the beginning of January. This includes my own card which, one would be correct to assume, was never used to purchase anything from Battlefront.com. Which means some sort of group compromise happened AND that it includes people that have not placed an order with Battlefront.com.

2. Battlefront never has, and never will, collect customer credit card information. Instead, credit card information goes direct from a customer's browser to our payment processor (PayPal/PayFlow). All Battlefront gets is a report from the processor which gives the transaction a thumbs up or thumbs down along with some transaction codes. Since someone can't steal what we don't have, there's absolutely no chance in a billion years that credit card information was taken from our server.

3. While it is theoretically possible to hack our website and change the order processing script to have the customer's browser hijack credit card info, this has already been checked by our webstore host and there have been no changes to our scripts. They checked twice, in fact, because I asked them to.

4. If anybody thinks they are immune from massive data breaches like these, think again. It must be remembered that nearly a billion online accounts were documented to have been breached in 2018. Most of us have had a credit or bank card compromised more than once (I had an ATM card physically skimmed, including PIN). Even those who think they haven't had a card compromised have probably received a replacement credit card out of the blue. That means the card company thinks your card has likely been compromised and is proactively replacing it.

5. Some think that the tiny fraction of customers who had a credit card compromised AND placed an order for CMSF2 couldn't be a coincidence. Which is wrong on so many levels. First, most of the people reporting in say they bought a CMSF2 product, which isn't surprising since that's the biggest selling group of products in the time period covered. Obvious coincidence. Second, my credit card was also hit with fraud charges at the very same time in a very similar way as the others noted here, but I've never used it to purchase items from Battlefront.com. Obvious coincidence. Third, timing of a specific purchase and a fraud charge inherently means nothing because a card used years ago, and stored somewhere, is just as vulnerable as a card used 5 seconds ago. Trying to tie a specific transaction to a specific breach is, therefore, not straight forward and is prone to being coincidental. Fact is, Humans are thoroughly documented to be very poor evaluators of cause/effect and extremely prone to incorrectly finding meaning in something that has none. Be it religion, "lucky" lottery numbers, bad things happen after a black cat crosses ones' path, two people in a room of 30 having the same birthday is noteworthy, etc.

With that said, because the world is a very complex and nasty place when it comes to cyber security, I can not 100% rule out someone somehow got a hold of a tiny slice of customer payment data one time for a limited time. Nor can I rule out winning the lottery if I pick up a discarded ticket on the sidewalk. Which is why I will always check into the possibility of a customer breach just as I will always pick up a discarded lottery ticket.

Steve

[rico21]

I find it really sad to use credit card problems to say that a game is bad.
Whereas it suffices to say that:
"This game is not good!"

[JamesHunt]

This thread is ridiculous.

A "Lot of people" "a good number", "not a coincidence" everything based on assumptions fabricated by the OP itself without having source information to rely on.

Sure stating that it 100% was not BF´s fault isn´t possible as it never is in such cases when some guys step up that their CC got hit. But for such incidences in my opinion the very first step is always apply "in dubio pro reo" not jumping into conclusions and final judging wihtout having any insight. From my perspective Battlefront did everything to provide transparency and they stated that they consulted with their security responsibles and also stated that that they couldn´t find any possible threat or breach and that 99% of their credid card purchases went trough without anybody calling out an issue.

One could argue that this is meant as being an "informative thread" but if you check the OP´s post history he is extremely busy with taking a dump on everything Combat Mission relevant here. For me the act alone to create a thread with a clickbaity title on a company´s direct competitor site is rather a douche move with raises the suspicion that his main intention is to bring damage to the game company he has personal issues with. And perhaps getting some drama sensations from causing bad blood between Matrix and Battlefront.

[rico21]

Battlefront sells us its new Combat Mission, taking care not to sell the old ones and to prevent them from being updated.
So no, we do not need credit card history to dislike them.

[MOS96B2P]

I bought Battlefront's Combat Mission Shock Force 2 with a credit card (as did several of my friends) and we had no problems. In fact Battlefront has an expansion for Combat Mission Fortress Italy in the works (Rome to Victory) and I will purchase that as soon as they start taking orders. No worries.

In the past I have bought from both Battlefront and Slitherine / Matrix with both credit cards and Paypal and never had problems. I'm happy with Slitherine / Matrix and Battlefront and as far as I know none of these companies are to blame for what appears to be the seasonal increase in credit card fraud.

[76mm]

Well, while we're on the topic of credit card fraud, Matrix's payment service provider (BluePoint) stores my credit card info every time I make a purchase at Matrix, even though I ask them not to. Having Bluepoint store my CC info makes it that much more likely that someone could steal it from there. I have raised this point with both BluePoint and Matrix several times now, but as of the last time I ordered, lo and behold BluePoint had stored my CC info once again. I am getting very frustrated that BluePoint and Matrix do not seem to be taking the of CC data security very seriously.

[demyansk]

I agree

[BletchleyGeek]

I am getting very frustrated that BluePoint and Matrix do not seem to be taking the of CC data security very seriously.

TBH these days I just use PayPal - linking payments to a non overdraft bank account as wisely suggested above - or Amazon to pay stuff in the Internet.

[RichG]

ORIGINAL: JamesHunt
if you check the OP´s post history he is extremely busy with taking a dump on everything Combat Mission

James, having looked through my post history you will see I have three mentions of Battlefronts broken V4 update and the length of time it is taking to get a fix. This is hardly "extremely busy with taking a dump on everything CM". In fact, i have in the past highly praised Battlefront and the CM games, and I should add, I want to see them succeed.

You will also have seen that I have been critical of Matrix own security in relation to this very website. This is hardly partisan behavior. Highlighting potential security/privacy/fraud risks should be encouraged. We put up with far too much bad practice in general on the internet and that is only to the advantage of those scumbags who wish to profit from such weaknesses.

[Yogi the Great]

ORIGINAL: 76mm

Well, while we're on the topic of credit card fraud, Matrix's payment service provider (BluePoint) stores my credit card info every time I make a purchase at Matrix, even though I ask them not to. Having Bluepoint store my CC info makes it that much more likely that someone could steal it from there. I have raised this point with both BluePoint and Matrix several times now, but as of the last time I ordered, lo and behold BluePoint had stored my CC info once again. I am getting very frustrated that BluePoint and Matrix do not seem to be taking the of CC data security very seriously.

I agree, however I believe you are given the choice the first time you order (with new card) as with many vendors. The problem is that there is a box that has to be checked for this and the default is that the box is checked which means you would have to notice that and uncheck the box. Pain in the rear as sooner or later when placing an order you can easily forget to "uncheck" the box.

[z1812]

ORIGINAL: RichG

ORIGINAL: JamesHunt
if you check the OP´s post history he is extremely busy with taking a dump on everything Combat Mission

James, having looked through my post history you will see I have three mentions of Battlefronts broken V4 update and the length of time it is taking to get a fix. This is hardly "extremely busy with taking a dump on everything CM". In fact, i have in the past highly praised Battlefront and the CM games, and I should add, I want to see them succeed.

You will also have seen that I have been critical of Matrix own security in relation to this very website. This is hardly partisan behavior. Highlighting potential security/privacy/fraud risks should be encouraged. We put up with far too much bad practice in general on the internet and that is only to the advantage of those scumbags who wish to profit from such weaknesses.

All anyone has to do is check your post history to see for themselves what the tone of your posts are concerning Battlefront.