Buds gun shop is bad business

[9mm-jackson]

So here is what happened. I ordered a couple of things from Buds gun shop. It was when they were doing the give away for the 500k customer. Not thinking anything of it I went ahead and tried to win. A week and a half later I see some fraudulent charges on my bank account. I call the bank, it will be 24hrs to credit the money and in the meantime we need to cancel your card as this is where the charges are coming from. This was on a friday, no bank open on saturday and rent was due that day, so no access to any of my money and now I have a late payment charge due for rent being late. Then I get this email :

The following Fraud Alert notification email was originally sent Friday evening to a list of our customers facing the possibility of fraud. Upon receiving several customer responses to the email today, we realized that not everyone on the list received a notification. In an effort to be sure everyone on the list is notified, we are sending the same email again tonight.

You may have noticed the alert on our website indicating that credit card payments have been shut down for the weekend. This is due to our staff receiving multiple reports from customers who have experienced unauthorized charges on credit cards that were used previously on our website. Many of these customers also have made purchases at other locations and websites, so we cannot be sure of the source of the problem at this time. Please be assured that we are communicating with our third party credit card processor and are gathering all the information we can to evaluate the nature and scope of the problem. In the best interest of all our customers, credit card processing has been completely turned off for the weekend. We expect to have the additional details on Monday and will then respond accordingly.

If you have concerns about one or more of your credit cards please proceed to check your credit cards on-line website or call your credit card issuing bank to check for any recent unauthorized charges. Keep in mind that should you discover any unauthorized charges you will NOT be responsible for them in accordance with your card member agreement.

We apologize for any inconvenience and do not wish to alarm you, however we feel a responsibility to quickly inform customers that placed an order using their credit card in the event that fraud has occurred.

Well, I tried to contact them to see if there was anything they would do about this as the email basically to me said our 3rd party biller and your bank will handle all of it and buds is just gonna give you this email. I explained to them everything that happened.....Nothing, no response at all. I will never do business there again. I will stick to buying from www.rggunsny.com. At least he doesn't ignore you if there is a problem!

[Lavid2002]

You only have 5 posts here... this thread is useless to most people. Drive to the shop and work out your problems instead of writing harsh reviews about someones business on an online forum.

[Doodlebugger45]

It happens to a lot of businesses. Credit card hacking and identity theft is a common problem in today's electronic age. I don't know what else to reasonably expect from the store. They are not electronic experts. They turn those matters over to the bank and electronc checking experts.

It's a bummer and an inconvenience no doubt. But don't come here raking Bud's over the coals. I'm not sure what else they could be expected to do in this case.

[jimbob86]

Tis' the Perils of Online Transactions.....

[Bud Helms]

Bud's has a pretty good reputation for honesty and Customer Service. It sounds like they are doing everything they can.

So, let's move this to Retail Deals and Feedback

[Casimer]

What do you want Bud's to do?

They don't know whose been affected, and can't revoke the charges themselves. So it really is something that has to be dealt with by the card company.

Also keep in mind that Buds has A LOT of customers. They may be inundated with similar inquiries.

[WVsig]

Buds internally was the source of the fraud... look into it. This the the most recent email that they sent out:

We previously attempted to alert our customers whose credit card account information could possibly have been compromised. Although we were only acting under suspicions of fraud at that time, customer responses to our alert seem to confirm our concerns.

We do sincerely hope our initial email alert either prevented fraud from occurring on your card, or allowed you to contact your credit card issuing bank to immediately stop additional incidents of fraud. Either way, please be advised that any fraudulent charges you may discover will be considered unauthorized when reported to your card issuing bank. You should not be responsible for paying any unauthorized charges or associated fees.

Although it is unfortunately not uncommon to hear of a breach in security of confidential customer information - it was a very unpleasant situation to learn that some of your own customer files may have been compromised. Fortunately, we have been assured that only a small percentage of the customers we have on file were exposed to having their credit card data compromised. We are now reaching out once again to make each of you aware of this situation. We are asking everyone receiving this email to check your recent account activity on each and every credit card(s) you may have used to make a purchase with us. It is highly recommended (whether you actually see evidence of fraudulent transaction or not) that you request your card issuing bank to immediately deactivate the card(s) and have them issue you a new card(s).[/i]

If you discover that your card has been used fraudulently, IMMEDIATELY CONTACT THE COMPANY WHICH ISSUED THE CARD (Visa, MasterCard, Discover, Amex, etc)- and report the fraudulent charge. Give the card company the last charge transaction which you made or authorized, and ask to have the account closed, and to have the card re-issued under another number. The issuing card company should confirm that the possibly compromised card account number has been stopped, and that a new card is being sent to you. Please Note - if you have a vendor /service provider which has legitimately been debiting your card on a monthly basis, you will need to contact that source and give them the new card number as soon as you receive that information.

As an outspoken advocate of our constitutional rights, we are appalled by this invasion of our data and your personal information. Those responsible for this crime (and it is a criminal offense) have, in some cases, used the information obtained unlawfully to make fraudulent purchases. Having to accept that this fraud has occurred against us and our customers is the single worst incident in our company's history, a history we are otherwise very proud of.

We can now confidently assure you that previous security issue has been resolved. Also, the recent events obviously caused us to focus our full attention and all available resources on preventing a future occurrence. Among the actions already taken and/or currently in progress are:

1. A third party forensics analysis to better understand the cause and circumstances behind the unauthorized access to our data.

2. Upgraded firewall which is capable of real time analysis of all network traffic. Suspicious activity will automatically be blocked and our IT security staff immediately notified.

3. Future security and data storage practices will be audited to ensure PCI compliance.

4. Installation of additional and multiple active and passive scanning and monitoring security software applications. We have been advised to withhold specifics of this software for security reasons.

5. Stringent password and IP based access restrictions for all systems which contain budsgunshop.com customer information.

All of the security provisions above will soon be working in compliment of one another to protect our data, and your personal information. However, the single most comforting change which absolutely prevents your credit card information from being compromised from our website was actually accomplished earlier this week. Before we even turned the credit card payment option back on Tuesday, we had reworked our checkout process to send your information direct to our secure third party processor and immediately clear our system. The reason we are so confident that your credit card information will never be compromised on our website ?....simple, we don't have it !

As an unfortunate result of increasing our security, some customers may experience inconvenience going forward by having to provide us with their credit card information for each new debit/credit of their account. For example, we will no longer be able to add, or make changes, to existing orders and charge the difference to the credit card used when placing the original order...as we will no longer have that information on file.

This has been an extremely trying time for us and also many of our loyal customers. We sincerely appreciate the emails and phone calls from concerned customers, many of which were very helpful in tracking down this fraud. It is unfortunate, but understandable, that some people quickly jumped to assumptions and conclusions which were not at all favorable towards us. Because of this, we are aware of the many false and misleading statements currently being spread over the internet.

If you have any questions or concerns - please email those to [email protected] and we will reply as quickly as we possibly can. We are creating a dedicated help link on our website with frequently asked questions and answers on this serious issue. A toll free number will also be made available this week to any customers affected by issues of fraud. Each call will be directed to a message including helpful information as well as the option to request a return call.

I cannot begin to express how badly our entire staff feels to disappoint those of you who placed your confidence in us. Please accept my personal apology for any inconvenience that this cowardly and criminal act may have caused you.


Marion "Bud" Wells, Jr.
President

Budsgunshop.com, LLC

[mrgoodwrench76]

This very same thing happened to several busineses just recently, not just Buds. What happened to the OP is very unfortunate but is all too common. I dont see how Buds could have handled it any differently and would not hold any ill will towards them.

Unfortunately, if you choose to use your credit card via the WORLD WIDE WEB..................let that sink in for a minute.........................you should in some way be prepared for this to happen. There is no truely safe way to transfer information via the internet. If someone wants the information badly enough, they will get it.

[MC 1911]

Sounds like he's ****** because he paid his rent late. I don't know any bank thats closed on Sat. and I wouldn't wait till the last minute to pay your rent.

[WVsig]

I work at a bank... I do not work on Saturday. LOL

Seriously the issue as I read it is that Bud's is directly responsible for the accessibility and subsequent hacking of the data. Maybe they chose their words poorly but they state:

Although it is unfortunately not uncommon to hear of a breach in security of confidential customer information - it was a very unpleasant situation to learn that some of your own customer files may have been compromised. Fortunately, we have been assured that only a small percentage of the customers we have on file were exposed to having their credit card data compromised

Yes this does happen but when the vendor is the source of the exposure then they have to take the blame and responsibility which they are only doing in part. They are telling customers who have lost money to contact their credit card companies. Their internal security was not up to par considering the volume of transactions they do. IMHO YMMV

Also I have sent 2 emails to the [email protected] and not gotten a single reply in over 7 days.

PS to add insult to injury they charge you to use a credit card and expose you to fraud.

[highvel]

It may, or may not, be internal to the company, no way to know at this point, from what I read.
I wouldn't rake them over the coals, unless I KNEW FOR A FACT, that the company was intentionally processing charges they new to be illegitimate. There are brilliant criminals waiting in the shadows to pounce on any opportunity to exploit credit card information, and it happens to a lot of innocent people, but good companies end up being the brunt of blame unfortunately.

[WVsig]

Quote:

1. A third party forensics analysis to better understand the cause and circumstances behind the unauthorized access to our data.

2. Upgraded firewall which is capable of real time analysis of all network traffic. Suspicious activity will automatically be blocked and our IT security staff immediately notified.

3. Future security and data storage practices will be audited to ensure PCI compliance.

4. Installation of additional and multiple active and passive scanning and monitoring security software applications. We have been advised to withhold specifics of this software for security reasons.

5. Stringent password and IP based access restrictions for all systems which contain budsgunshop.com customer information.

All the steps since the exposure seem to be internal.

[mrgoodwrench76]

You seem to be under the misconception that an employee of Buds Guns is responsible for the fradulent credit card charges. In all likelyhood, this is just not true. The only blame to fall on Buds would be not keeping their online security up to date. You shouldn't lay blame when you have no proof.

[WVsig]

Not at all. You do not seem to understand how cards on the internet are processed. Have you owned or run a secure website based internet business. I have

All the info I have points to that their secure site that was hacked not a 3rd party card processor.

So many people are so quick to defend. It cracks me up. It appears that their secure site match their pricing.

Cheap!

[stephen426]

The company I work for processes a huge sum of money via credit cards. There are multiple steps that must be taken to ensure the security of card holder data. PCI (Payment Card Industry) Compliance is a major issue and the processes for compliance are VERY STRICT!!! The compliance covers every single step of receiving, transmitting, and storing card holder data. Online merchants have it very tough since they never see the actual card. They are also the most common targets for hacking card holder data. Fines for non-compliance can run into the hundreds of thousands and Visa and Mastercard can, and will, cancel merchants.

I can certainly sympathyze with Bud's and they were probably blind-sided by this attack. I'm not sure how big Bud's is, but PCI Compliance is not cheap. Mastercard and Visa will typically hold you to a maximum loss of $50 for any fraudulent activity. They are just sick and tired of covering the losses caused by merchants who don't properly secure card holder information. We had someone reach over the counter and grab a bunch of receipts and run off. Card number truncation (only shows last 4 digits) was not required yet (in Maryland). If the PCI Compliance was in full effect, we could have faced serious fines.

While Bud's could have taken greater steps to ensure the security of their customers' card holder data, they cannot be responsible for the late fees for rent or anything else.

[Casimer]

It reads as though the site was hacked and the CC info obtained by a third party - not someone internally. You wouldn't bother with those security measures if it were someone with authorized access to the system.

[dogtown tom]

Quote:

WVsig:...PS to add insult to injury they charge you to use a credit card......

No they don't.
If you really understood CC processing fees and policies you would know that charging extra for using a cc violates the merchant agreement.

Like many, they offer a discount for those willing to pay by methods that reduce Bud's costs for a transaction. Bud's is not alone in this policy and quite a few firearms retailers do the exact same thing.

Bud's doesn't hide the fact that they offer a cash discount and even show you the difference at checkout.
http://www.budsgunshop.com/catalog/payment.php

[scottl]

You have to weed thru the posts but they have offered some answers here:
http://www.facebook.com/home.php#!/p...p/183242161721

[Shane Tuttle]

Apparently, nobody took the two seconds to read Bud Helms' post that this thread has been moved to Retail Deals and Feedback and rules apply.

Instead of being a complete jackass and administer bans, I'm going to be a partial one and let this be a very fair warning.

Closed.