Pages: 1
Martie
http://www.msnbc.com/news/553615.asp
Web host's customer database stolen
Hacker claims theft of 46,000 ADDR.com client records
Web host's customer database stolen
Hacker claims theft of 46,000 ADDR.com client records
Jaiem
Wow!
I wonder why they kept CC info on their web servers?
I wonder why they kept CC info on their web servers?
RotoHost
You gotta feel for ADDR right now...
One of the reasons we went with revecom.com was the risk of hackers accessing our CC database. Now, we let revecom collect all the info, process the charge, and send us the order details. We don't even know what our clients CC # is. It's not as flexible as a regular merchant account, but it's a fair compromise.
I would hate to have 46,000 clients breathing down my neck.
One of the reasons we went with revecom.com was the risk of hackers accessing our CC database. Now, we let revecom collect all the info, process the charge, and send us the order details. We don't even know what our clients CC # is. It's not as flexible as a regular merchant account, but it's a fair compromise.
I would hate to have 46,000 clients breathing down my neck.
akashik
No, I can't say I feel too badly for them at all. The article is correct in their lack of concern and non-responsiveness to their customers, so I almost laughed out loud when I read "They have yet to respond"
Having an 'alleged' 50 000 customers is no excuse either. If those two guys had grown their support center (ie. coughed up a few dollars here and there), they'd reduce their waiting list from all the repeat complaints from not resolving issues in time, the first time.
Long, long time ago I actually had an ADDR account so I speak from experience. I cancelled in 4 days due to not a single reply to some very basic questions I had. Naturally I'll be checking my credit card in case they decided to keep it 'on file' when they shouldn't have.
Greg Moore
Having an 'alleged' 50 000 customers is no excuse either. If those two guys had grown their support center (ie. coughed up a few dollars here and there), they'd reduce their waiting list from all the repeat complaints from not resolving issues in time, the first time.
Long, long time ago I actually had an ADDR account so I speak from experience. I cancelled in 4 days due to not a single reply to some very basic questions I had. Naturally I'll be checking my credit card in case they decided to keep it 'on file' when they shouldn't have.
Greg Moore
RotoHost
Well, I have to admit that I didn't read the article 
Actually, I read the news on Yahoo this morning. I haven't had any dealings with them either. And, I would definitely keep an eye on my CC statements.
Actually, I read the news on Yahoo this morning. I haven't had any dealings with them either. And, I would definitely keep an eye on my CC statements.
Mr Chunder
Whoa ! It's a great idea in these times of outsourcing to place CC payment/collection functions with third party CC payment sites - there is no responsibility on the etailer but then what happens if the CC payment site then gets hacked. It's OK for the etailer to blame it on the third party but if this happens frequently, then we'll all end up with a problem if too many people thought ecommerce on was unsafe.
It would ne nice for Addr to explain why CC info was left on their web database. Sounds like awfully poor business practice to me.
I would like to hope that Addr or any other site processing CC transactions make use of as much security as possible. Ideally, once the transaction has been received by the webserver, records should be plucked to safety, well behind a corporate firewall.
It would ne nice for Addr to explain why CC info was left on their web database. Sounds like awfully poor business practice to me.
I would like to hope that Addr or any other site processing CC transactions make use of as much security as possible. Ideally, once the transaction has been received by the webserver, records should be plucked to safety, well behind a corporate firewall.
akashik
Mr Chunder,
Well you'd *think* they would do that. I'm sure their customers thought their privacy was being looked after too
I agree with the third party service too. There's a serious advantage when you let someone else handle that. As CC services usually do that, and only that, it's important for them to lock things up nice and tight. The day I start storing creditcard numbers on our server is the day I start loosing a lot of hair
Greg Moore
Well you'd *think* they would do that. I'm sure their customers thought their privacy was being looked after too
I agree with the third party service too. There's a serious advantage when you let someone else handle that. As CC services usually do that, and only that, it's important for them to lock things up nice and tight. The day I start storing creditcard numbers on our server is the day I start loosing a lot of hair Greg Moore
lenix
Alot of people/hosts are confident in whatever security they may have setup to the point where they don't take the extra steps to providing their customers with the security needed. Or, just plain lazyness. I wouldn't trust my clients credit card information with a 3rd party. This brings in even more possible problems... If they're a 3rd party processor then they most likely have a large customer base therefore making them a bigger target for attackers. It doesn't take much to setup a seperate server running mysql and simply inserting a few lines into a db and having a script called by cron to check to see if there is any 'pending' invoices and if there is it can do the processing locally on that server. Just my two cents ;o
Mr Chunder
lenix - thanks for your two cents. Hwoever, I think that the sum total is zero.
It makes sense to outsource things to the best people able to handle it. This approach is cost-effective and free up a company to concentrate on its core business, becuase remember, nothing is simple.
This is why the hosting business exists otherwise you could say that any man could do his own hosting.
Writing your own credit card processing and storing their details locally is going against this principle and, I feel is very dubious, to say the least. Their must be all sorts of issues with not only storing their details on your system but the general processing of credit cards, authorisations, etc.
What is stopping your server from being hacked, either externally or internally by your own staff ?
How do you receive credit card numbers over the web? Securely ? I bet addr had their own CC processing system and look whats happened.
I'm sure that there is a lot more to separate server, cron and a copy of mySql. Give me a reliable, third party CC processor any time !
It makes sense to outsource things to the best people able to handle it. This approach is cost-effective and free up a company to concentrate on its core business, becuase remember, nothing is simple.
This is why the hosting business exists otherwise you could say that any man could do his own hosting.
Writing your own credit card processing and storing their details locally is going against this principle and, I feel is very dubious, to say the least. Their must be all sorts of issues with not only storing their details on your system but the general processing of credit cards, authorisations, etc.
What is stopping your server from being hacked, either externally or internally by your own staff ?
How do you receive credit card numbers over the web? Securely ? I bet addr had their own CC processing system and look whats happened.
I'm sure that there is a lot more to separate server, cron and a copy of mySql. Give me a reliable, third party CC processor any time !
Jaiem
Catalog companies routinely keep CC info in their DB for your future orders. I suppose you could ask that they don't but who knows if they really remove it or not.
Internal security is a concern but little you can do about it other than watch your statement carefully.
Internal security is a concern but little you can do about it other than watch your statement carefully.
lenix
If you have the resources/knowledge of doing so at your disposal then by all means... I guess I didn't think of the situation from a 'newbies' point of view 
nevermind heh
nevermind heh