Jump to content
Member? but forgot everything, can't log in... Frozen out??? ×

THIS IS A POLITICS-FREE ZONE.

WTF with Crown Jewelers & Security??

DiamondGurl

By DiamondGurl
in Credit Forum

 Share

The last post in this topic was posted 6398 days ago. 

 

We strongly encourage you to start a new post instead of replying to this one.

Recommended Posts

DiamondGurl

DiamondGurl

Posted
Posted

I applied for a CJ account and would like to activate it, however, the security on their site in non existant!

 

First of all, when you try to log in, you're not even in secure mode! You can force yourself into secure mode to log in, but when you go to check out, on the page where you enter your credit card information for the downpayment - NO SECURE MODE - and you can't even force that page into secure mode - when you try, it empties the cart.

 

Anyone else see this problem? I cannot believe that a company such as Crown Jewelers cannot see and fix this problem - they are leaving themselves open to huge liability.

 

It's such a simple fix, I do it every day for a living, I just don't get it.

 

Anyway, there is no way in hell I'm activating this account until they get their security issues worked out - I'm even worried just having my account information on their server.

 

Anyone else?


auser99

auser99

Posted
Posted

Yea, their site is undergoing a makeover..

 

I have a post about this from a week or so ago.. simply type in https in the url instead of http, you go to secure mode :clapping:

 

 

 

 

I applied for a CJ account and would like to activate it, however, the security on their site in non existant!

 

First of all, when you try to log in, you're not even in secure mode! You can force yourself into secure mode to log in, but when you go to check out, on the page where you enter your credit card information for the downpayment - NO SECURE MODE - and you can't even force that page into secure mode - when you try, it empties the cart.

 

Anyone else see this problem? I cannot believe that a company such as Crown Jewelers cannot see and fix this problem - they are leaving themselves open to huge liability.

 

It's such a simple fix, I do it every day for a living, I just don't get it.

 

Anyway, there is no way in hell I'm activating this account until they get their security issues worked out - I'm even worried just having my account information on their server.

 

Anyone else?

DiamondGurl

DiamondGurl

Posted
  • Author
Posted

I did that, but it dumps the contents of the cart! Arrrrrrrrrrrgh!

 

 

Yea, their site is undergoing a makeover..

 

I have a post about this from a week or so ago.. simply type in https in the url instead of http, you go to secure mode :clapping:

 

 

 

 

I applied for a CJ account and would like to activate it, however, the security on their site in non existant!

 

First of all, when you try to log in, you're not even in secure mode! You can force yourself into secure mode to log in, but when you go to check out, on the page where you enter your credit card information for the downpayment - NO SECURE MODE - and you can't even force that page into secure mode - when you try, it empties the cart.

 

Anyone else see this problem? I cannot believe that a company such as Crown Jewelers cannot see and fix this problem - they are leaving themselves open to huge liability.

 

It's such a simple fix, I do it every day for a living, I just don't get it.

 

Anyway, there is no way in hell I'm activating this account until they get their security issues worked out - I'm even worried just having my account information on their server.

 

Anyone else?

Kavey

Kavey

Posted
Posted

If you have paypal use that. Dont give them your credit card number anyway. There are a few threads about them either using your credit card or double charging it. I would ONLY pay them by paypal or send in payment.

j0emV

j0emV

Posted
Posted

yeah that is a great idea.. I was just gonna mail them a money order or something but paypal is MUCH quicker. I tried to order something last night and noticed it wasnt secured and when I forced it to use the secure server it dumped my cart so I said forget it...

millyjb

millyjb

Posted
Posted (edited)

I was a victim of their "security breach" last year that everyone here was talking about. I tried to contact them many times via phone and email and they never came back and confirmed to me what happened. I will never use my personal credit cards to pay them again. You would think they would have learned their lesson with that security breach but apparently they haven't if their site still isnt secured. I am thankful to them for helping me get started to better credit but I think I have more than paid them back for that after the pain I went through with my credit card.

Edited by millyjb
CreditDespair

CreditDespair

Posted
Posted

Yeah definitely ALWAYS use paypal with CJ. I just got my line of credit with them last week. After viewing their site and talking them to the phone, I determined that they aren't the most reliable people whatsoever. I just need the high cl to be reported on my reports. If you use paypal, you will never have a problem because they won't be able to make errors regarding your payment. And, if they do, PayPal has your back.

  • 11 months later...
ekinnee

ekinnee

Posted
Posted

They have some kid doing all of the programming and database work for them. The original breach was due to a "SQL Injection" issue. I found it after they had been compromised and explained everything to them, they refused to fix it as it would cost them money to re-work the site and at that time they weren't being hammered by card holders.

catlover78

catlover78

Posted
Posted
I applied for a CJ account and would like to activate it, however, the security on their site in non existant!

 

First of all, when you try to log in, you're not even in secure mode! You can force yourself into secure mode to log in, but when you go to check out, on the page where you enter your credit card information for the downpayment - NO SECURE MODE - and you can't even force that page into secure mode - when you try, it empties the cart.

 

Anyone else see this problem? I cannot believe that a company such as Crown Jewelers cannot see and fix this problem - they are leaving themselves open to huge liability.

 

It's such a simple fix, I do it every day for a living, I just don't get it.

 

Anyway, there is no way in hell I'm activating this account until they get their security issues worked out - I'm even worried just having my account information on their server.

 

Anyone else?

 

Same thing here. I applied, got approved, went to make a purchase and saw it wasn't secure, so I cancelled it.

 

Cat

direred

direred

Posted
Posted
They have some kid doing all of the programming and database work for them. The original breach was due to a "SQL Injection" issue. I found it after they had been compromised and explained everything to them, they refused to fix it as it would cost them money to re-work the site and at that time they weren't being hammered by card holders.

 

Since they accept other cards as well as their own, the right thing to do would be to file complaints with the security departments of Visa, MC, and Amex pointing out that their site still violates the Payment Card Industry guidelines despite a prior breach.

 

Then send copies of the complaints to Crown.

 

Maybe *then* they'd spend the money.

direred

direred

Posted
Posted
This thread was posted almost a year ago - are you guys saying that they still have the security issue?

 

I need coffee. Or a nap.

 

I don't know about their security now, but if they still don't have https, I sure wouldn't be putting in my card #s.

ekinnee

ekinnee

Posted
Posted
They have some kid doing all of the programming and database work for them. The original breach was due to a "SQL Injection" issue. I found it after they had been compromised and explained everything to them, they refused to fix it as it would cost them money to re-work the site and at that time they weren't being hammered by card holders.

 

Since they accept other cards as well as their own, the right thing to do would be to file complaints with the security departments of Visa, MC, and Amex pointing out that their site still violates the Payment Card Industry guidelines despite a prior breach.

 

Then send copies of the complaints to Crown.

 

Maybe *then* they'd spend the money.

 

On trust me, I spent hours in conference calls with Visa and MC.

ekinnee

ekinnee

Posted
Posted
On trust me, I spent hours in conference calls with Visa and MC.

 

Wow! You must really wanna shop at Crown Jewelers! :blink::blink:

 

No, read my previous posts. I had to deal with much of the crap involved with CJ's idiocy.

tazytiggy

tazytiggy

Posted
Posted

They have logo's at the bottom saying they are secure and wantnot, but when I go there I don't get the lock and I get a certificate warning. Any payments I make threw there I use paypal, that way I'm protected.

  • 2 months later...
heidiroo

heidiroo

Posted
Posted

bumping for the folks on the NFCU thread -- I had my CC info stolen, made the stupid mistake of paying my initial "down payment" on their website, now some flowers hat is enjoying a trip to Italy on me!

collins135

collins135

Posted
Posted

I have stopped using CJ. I purchased something twice and each time I paid the dp through paypal. Fine there until I go back and look at the account balance, it charged me twice for the one purchase. I had it happen both times I tried to buy so now I dont buy anything from them. I have had to spend hours calling an emailing them to get it fixed each time. I only keep them open purely for the util factor but even that is about not great since they arent reporting to EQ.

heidiroo

heidiroo

Posted
Posted

You can shop at [www.CrownJewelers.com] online with confidence. We have partnered with Authorize.Net, a leading payment gateway since 1996, to offer safe and secure credit card and electronic check transactions for our customers.

The Authorize.Net Payment Gateway manages the complex routing of sensitive customer information through the credit card and electronic check processing networks (see an online payments diagram). The company adheres to strict industry standards for payment processing, including:

 

*

128-bit Secure Sockets Layer (SSL) technology for secure Internet Protocol (IP) transactions.

 

*

Industry leading encryption hardware and software methods and security protocols to protect customer information.

 

*

Compliance with the Payment Card Industry (PCI) Data Security Standard.

 

 

 

Boy I bet we could get them on false advertising. They do NOT comply with PCI Data security standards!

cKG

cKG

Posted
Posted

I can't even change the default password on the CJ page, because no matter what new pw I choose, I get a "* / & $" are illegal characters!"

 

Well, what can you expect from a semi-free credit line?

The last post in this topic was posted 6398 days ago. 

 

We strongly encourage you to start a new post instead of replying to this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing



  • Member Statistics

    • Total Members
      190435
    • Most Online
      9039
    mhudson323
    Newest Member
    mhudson323
    Joined

About Us

Since 2003, creditboards.com has helped thousands of people repair their credit, force abusive collection agents to follow the law, ensure proper reporting by credit reporting agencies, and provided financial education to help avoid the pitfalls that can lead to negative tradelines.

Pages

×
×
  • Create New...

Important Information

Guidelines

  I accept