back to article What's that smell? Perfume merchant senses the scent of a digital burglary

Online merchant fragrancedirect.co.uk has confirmed a miscreant broke into its systems and made off with a raft of customers’ personal data, including payment card details. The e-retailer, based in Macclesfield, England, wrote to punters this week to inform them of the digital burglary and the subsequent data leakage. “We …

  1. Blockchain commentard Silver badge
    Facepalm

    Well, that stinks !!!!!!!!

  2. The Nazz Silver badge

    Reminds me of my favourite perfume (huh?).

    "Sweat" by Graft.

    1. harmjschoonhoven
      IT Angle

      Re: Reminds me of my favourite perfume (huh?).

      Pertinax and burned* epoxy.

      * In particular after lunchtime.

  3. macjules Silver badge

    All to be expected...

    Total Inability To Safeguard User’s Perfumes?

    1. IceC0ld Silver badge

      Re: All to be expected...

      Hey, I thought I was the TITSUP 'specialist' :o)

  4. H in The Hague Silver badge

    Payment card details

    I always find the idea that the merchant stores payment card details rather worrying. Do they store enough details to facilitate fraudulent debits?

    Here in NL they've found a way around that: most web shops, etc. use the iDEAL system. Basically the customer indicates which bank they use, the merchant sends the transaction details to that bank, the customer uses the bank's usual method (token, etc.) to approve the transaction, and the merchant receives the bank transfer. So the merchant simply doesn't have access to data which could be used fraudulently. Costs the merchant EUR 0.29 per transaction I think. Just saw that there are also overseas payments processors which support the system.

    https://www.ideal.nl/en/

    But obviously depends on the banks agreeing to cooperate which is perhaps less likely in the UK business environment.

    1. Captain Scarlet Silver badge

      Re: Payment card details

      If a script kiddie can implement some code into the payment form to swipe whats in the CC field then not much they can do, the news article suggests is Magecart related.

  5. Ken Moorhouse Silver badge

    'malicious code'

    Max Factor discovered it whilst cleaning up the code.

  6. James Loughner

    In US there is PCI compliance All should follow this or similar standards

    1. Tom Paine Silver badge

      PCI-DSS is a global "standard". It'll be a really interesting case study some day. On one hand it HAS uplifted the lowest common denominator security standards to a common, not too awful level. On the other, there's a massive industry dedicated to extracting money from retailers and others who take CC payments and getting them the right bit of paper whilst making no real difference to a shonky security posture.

      Or so I hear.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019