They are also not PCI compliant, I bought a phone from their online store last year and it looked suspect (not in terms of coding but because their website would be a expensive nightmare to push through the PCI compliance process) I mentioned this in a support call and got an nonsense answer that suggested that they had never heard of PCI. If this is the case they will be liable for all the fraudulent payments. They have stopped taking payments on their website now and I bet that's down to the fact that their accounts just been suspended due to non compliance by the payment processor / Merchant Bank rather than making sure their code is clean...