Just some food for thought...

Just recently, we had to find specific hard drives to replace a failed hard drive (equipment only ran specific types due to firmware size).  Being that the hard drives are no longer available, only three sites on the Internet stated they carried them.  The one website that we went to was a very interesting site.  Red flags were flying all around my office!  First, the website did not utilize https for transactions.  That should have turned anyone away!  But, my colleague called them up and ordered over the phone thinking that was a safer way to obtain what was needed.  Wonder how the company entered the information?...through the web!  I got an email stating that my order was processed and included is the username and password (another red flag flying around)!  Then another email came through stating welcome and if there are any questions to call (555) 555-1234 or send an email to dummyemail@xyz.com (xyz was actually the name of the emerchant software they were using!).  Even the favorite icon for their site was the same as the emerchant software site!  I immediately had the credit card canceled and a new one reissued.
 
A week later...an email from amazon.com came to my attention.  Your credit card ending in #### was used to open a new account.  We have closed the account.  If this account was closed in error, please contact us to resolve.  Then two days later...another email stating your Amazon order has been canceled!  Obviously someone was using the credit card utilized in the purchase!

Just shows how companies just throw up a store front to get business but lack the knowledge/resources to make it secure for the consumer.

Granted…The colleague should have left that merchant in the dust after knowing they had a high chance of having a vulnerable site.

Live and learn!

good story! quick thinking on the credit card cancellation! definately something to think about...