Well, that stinks !!!!!!!!
What's that smell? Perfume merchant senses the scent of a digital burglary
Online merchant fragrancedirect.co.uk has confirmed a miscreant broke into its systems and made off with a raft of customers’ personal data, including payment card details. The e-retailer, based in Macclesfield, England, wrote to punters this week to inform them of the digital burglary and the subsequent data leakage. “We …
COMMENTS
-
Saturday 28th September 2019 08:30 GMT H in The Hague
Payment card details
I always find the idea that the merchant stores payment card details rather worrying. Do they store enough details to facilitate fraudulent debits?
Here in NL they've found a way around that: most web shops, etc. use the iDEAL system. Basically the customer indicates which bank they use, the merchant sends the transaction details to that bank, the customer uses the bank's usual method (token, etc.) to approve the transaction, and the merchant receives the bank transfer. So the merchant simply doesn't have access to data which could be used fraudulently. Costs the merchant EUR 0.29 per transaction I think. Just saw that there are also overseas payments processors which support the system.
https://www.ideal.nl/en/
But obviously depends on the banks agreeing to cooperate which is perhaps less likely in the UK business environment.
-
-
Monday 30th September 2019 10:21 GMT Tom Paine
PCI-DSS is a global "standard". It'll be a really interesting case study some day. On one hand it HAS uplifted the lowest common denominator security standards to a common, not too awful level. On the other, there's a massive industry dedicated to extracting money from retailers and others who take CC payments and getting them the right bit of paper whilst making no real difference to a shonky security posture.
Or so I hear.
-