This week I had an alarming experience when five of my credit cards, along with one of Justina’s were compromised in 12 hours. It started about 10 pm with a fraud message from Santander and continued through the night as one by one my cards got attacked. The attacks followed a similar pattern, first a small transaction of about £5 then increasing amounts culminating in them attempting charges of £10,000 to £30,000 and in one case of £107,000.
Luckily my banks stopped or reversed all the transactions before we lost anything, but it was still an alarming experience and a reminder of just how careful we need to be with our details. The cards are from different banks, and the only connection is that at one time or another I have used them all for business transactions. I guess that one of my supplier websites was compromised, I cannot think of anything else that connects all these cards including Justina’s.
Considering this attack, I have been reviewing our security on Valentte.com and would like to reassure you of several things.
When you shop on our website, we never have sight or access to your card details. We use a third-party payment processor called “Payment sense” who have the highest security levels available. When you click checkout and submit your card details, we never see this information, nor do we store it on our server. The data is sent directly to Payment Sense who process and authorise the transaction. They then return us an authorisation code, so we know that we are going to get paid.
If you telephone us and place an order the situation is slightly different. We do temporarily record your card details on a manual credit card slip. We then process the card transaction on our portable terminals, the same way that we do at a show. As soon as this is completed, the slips are shredded.
If you shop with us at a show, we use a portable card terminal that connects via the mobile phone signal to our payment processor who in this case is First Data. They then return an authorisation code confirming payment. Our machine prints out two receipts, one for you and then ours which contains your card details including card number and expiry date. But critically it does not have the 3-digit code from the back of the card. This exclusion means the card number cannot be fraudulently used online as online transactions always require the 3-digit code.
This brings me to a significant security consideration. If any website stores your card details and does NOT require you to re-enter the 3-digit code to process your transaction you need to be extremely careful. You are vulnerable to a similar attack as I suffered if that website is compromised. Ask yourself if you want to be in this position. Should you be trusting the site that much?
The reason this is so dangerous is that no card processor will allow a transaction over £30 to be authorised without either the pin number, or the 3-digit CSV number or some other two factor authorisation system being completed. So provided a website isn’t storing your 3-digit code you are reasonably safe. If they are however, then you are wide open. If their website gets compromised, you will get hit. It’s that simple.
This experience has also made me rethink the cards I use for purchases, and I’m going to put as much of my spending onto credit card rather than debit cards. I believe the credit card companies are more used to combating fraud; they also are bound by much stricter consumer protection laws that require them to reverse transactions. This is not the same with your debit card; you are at your bank’s mercy. Not a position that I want to find myself in.
The internet offers us the most incredible shopping opportunities. We can connect with companies and customers across the globe. However, it brings significant challenges and risks. Please take care, shop with companies you can trust, those that take your security seriously and use cards that offer a money back guarantees when things go wrong.
This week, I’m at Sudeley Castle for a show with UK Grand Sales, today I heard a lovely quote which I will leave you with. Thank you as always for shopping with us.
“Happiness is not contained in what you get, happiness is found in what you become.”