Saturday, April 21, 2007

Waiters in 40 restaurants in 5 states stole diner's credit card info

Wow, I read this headline today and shook my head. Highlights of this CNN story:

• Waiters in 40 restaurants in 5 states stole diner's credit card information
• Ringleaders paid waiters $35 to $50 for information from each credit card
• Suspects then created high-quality counterfeit credit cards
• Credit card fraud ring operated from November 2005 until this week

Customers will sometimes discuss with me the use of their credit card for online purchases. And they are right to be concerned. I have heard some stories about other sites having terrible security!

Lets look at ecommerce ordering:

Once you place an online order, many small, unprofessional websites receive it via an email notification. This has your credit card info on it for anybody to see (or to be intercepted by a hacker or unauthorized user). These emails sit on unsecured computers at high risk of compromise by any existing (or future!) users.

The businesses then prints out these order emails for their shipping department. Then what happens to them? Where do they go? Do they go in the trash can to be fished out by the dumpster diving bad guys?

It is worthless for a site to advertise 128 bit encryption, while exposing your payment information to a variety of other compromises.

Relentless Improvement takes your security very seriously. Upon entering your order into our SSL protected shopping cart, your credit card information goes directly into an encrypted server, via a secure encrypted link. These servers are co-located in a high-security data center that also serves banks and credit card companies.

In our state of the art order management system only the last four digits of your credit card are visible to employees. Your information is never printed out, or exposed to hackers in unsafe emails.

Furthermore, all Relentless Improvement customer service computers are secured by PGP Whole Disk Encryption. In the remote event an unauthorised individual gained entry and attempted access, they would find it impossible as PGP encryption is considered by all experts to be impenetrable.

When buying from a company with nothing but cheap prices (and unknown quality), you can be assured they cannot afford (and could care less about) the protections necessary to prevent your identity theft.

Be a smart shopper and careful consumer. Now, more than ever, integrity matters.

Pete