Rpgnow creditcard information stolen

[HinterWelt]

snip

Not to say credit card companies are any nicer to merchants either. 3 years ago we got hit for fraud in the severa thousands. While I caught it the very next day, not a single person wanted to know what the card number was, who it was, where anything was going to be shipped, nothing. They instructed me to refund the money to the card. Ok, I did, but what about the $70+ VISA kept as a processing charge? Well they didn't have to return that. We're just out of luck.

snip

Ah, yes, the fun of merchant accounts. I remember them well from my retailer days. We had our share of phone order (yeah, I am showing my age) where you would get an approval number from the company then when the charges are declined, good luck and where's my fees they say. Yech.

As for paypal, Companies using them should enable their "Accept Credit Cards" and "No paypal account required" options. A bit more risky but it is an affordable solution to handling credit cards.

Bill

 

[Mark CMG]

What gave you the idea that PayPal makes you safer?

(. . .)

With every legit biz accepting CC's these days, why bother bringing PP into it?

A merchant site that utilizes Paypal only is simply less likely to be hacked than a merchant site who tries to set up their own operation. If a merchant site uses paypal and other means, I feel it is worthwhile to add the layer of protection and use the paypal option with my credit or debit card.

Except that if you do a charge back on something you bought using paypal as a gateway, they will typically seize your paypal account if you have one.

I've gone through that process without the scenario playing out as such. While I sympathize with your current plight, I cannot echo your experiences. While I have your attention, I'd appreciate it if you address (in the private forum) the posts I made in the private forum.

 

[Soel]

Why? When GMC found that certain models of the Chevy Malibu had problems with the turn signals, they notified the owners of those cars. Should they have notified owners of all GMC vehicles? Posted it on the front of all Chevy dealerships? Ran an ad in prime time? Nobody publicizes their failures, and I don't see much reason to do so to people not directly affected.

S.C.Trustram responded better than I would have. When these things happen, you have to show that you are open to your customers. All of your customers. Such an openness would have saved them some business that they have likely forever lost.

 

[Soel]

I don't get this. Why do you want to get a message when your information clearly cannot be stolen, because it was never there?

Of course, a general announcement on the site would have been helpful.

So that I can make a clear, and fully informed decision on whether I want to do business with RPGNow? Since they didn't trust me to make such a decision, then how can I ever trust them with any sort of transaction?

 

[Zaukrie]

I'll keep buying from RPGNOW, but I think you are making a mistake by not posting anything on your site about this.

You go from being a victim of theft, to someone that is "hiding" somehting, whether you are hiding something or not. That is how some/many customers will feel. Many large companies have been hit by theft and scandal and survived without sharing that information with their customers. You, however, are a niche business whose reputation likely cannot survive a major hit. I've worked in data security (on the periphary) for a large company on and off for the last few years. We are very pro-active about notifying our customers.

I'll be presumptuous and make a suggestion:

Post something on your site. Tell people what steps you are and will take in the future. Blame the criminal, but don't blame them for the harm they've done you, but for the harm they've done to your customers (without whom we'd not exist). Tell them you take their personal information as the most important thing to you. Post links to sites about protecting your credit. Send another e-mail to everyone that had their information compromised an offer of 10% off their next purchase, even though this can't make up for our security breach, we want to apologize and offer this good faith measure.

Just one man's thought from the world of marketing and data security.

 

[Dark Seraph]

I'll keep buying from RPGNOW, but I think you are making a mistake by not posting anything on your site about this.

You go from being a victim of theft, to someone that is "hiding" somehting, whether you are hiding something or not. That is how some/many customers will feel. Many large companies have been hit by theft and scandal and survived without sharing that information with their customers. You, however, are a niche business whose reputation likely cannot survive a major hit. I've worked in data security (on the periphary) for a large company on and off for the last few years. We are very pro-active about notifying our customers.

I'll be presumptuous and make a suggestion:

Post something on your site. Tell people what steps you are and will take in the future. Blame the criminal, but don't blame them for the harm they've done you, but for the harm they've done to your customers (without whom we'd not exist). Tell them you take their personal information as the most important thing to you. Post links to sites about protecting your credit. Send another e-mail to everyone that had their information compromised an offer of 10% off their next purchase, even though this can't make up for our security breach, we want to apologize and offer this good faith measure.

Just one man's thought from the world of marketing and data security.

Kudos Zaukrie! Very constructive suggestions.

I think in this day and age too much is being taken for granted, irrespective of the real and potential adverse consequences for those who have implicitly entrusted the safety and security of their personal and financial details to vendors plying their wares online. At some stage soon legal and commercial precedence is going to have to be set where non-tolerance for this sort of breach, intentional or otherwise, is unreservedly and unequivocally expressed.

DS.

 

[molonel]

I'll keep buying from RPGNOW, but I think you are making a mistake by not posting anything on your site about this.

You go from being a victim of theft, to someone that is "hiding" somehting, whether you are hiding something or not. That is how some/many customers will feel. Many large companies have been hit by theft and scandal and survived without sharing that information with their customers. You, however, are a niche business whose reputation likely cannot survive a major hit. I've worked in data security (on the periphary) for a large company on and off for the last few years. We are very pro-active about notifying our customers.

I'll be presumptuous and make a suggestion:

Post something on your site. Tell people what steps you are and will take in the future. Blame the criminal, but don't blame them for the harm they've done you, but for the harm they've done to your customers (without whom we'd not exist). Tell them you take their personal information as the most important thing to you. Post links to sites about protecting your credit. Send another e-mail to everyone that had their information compromised an offer of 10% off their next purchase, even though this can't make up for our security breach, we want to apologize and offer this good faith measure.

Just one man's thought from the world of marketing and data security.

Agreed.

 

[two]

A merchant site that utilizes Paypal only is simply less likely to be hacked than a merchant site who tries to set up their own operation. If a merchant site uses paypal and other means, I feel it is worthwhile to add the layer of protection and use the paypal option with my credit or debit card.





I've gone through that process without the scenario playing out as such. While I sympathize with your current plight, I cannot echo your experiences. While I have your attention, I'd appreciate it if you address (in the private forum) the posts I made in the private forum.

You keep saying things sike "add a layer of protection and use the paypal option..." without indicating how or why this actually adds any protection.

Plus there are many confirmed accounts of information given to PayPal that is then used for nefarious purposes, i.e. telling PayPal personal information/credit card info is in itself a risk, likely far higher than any risk using PayPal wards against (of which I don't see any evidence).

And what makes you think a PayPay site is less likely to be "hacked" given that some hackers come from within PayPal?

I don't understand your logic here. You seem to be under the impression that associating PayPay with something makes it fundamentally safer. I think the evidence points directly to the contrary.

There are plenty of ways to set up safe, secure merchant accounts without using PayPal, in case that is a mental stumbling block for you. PayPay certainly does not have a monopoly on merchant accounts!

 

[Mark CMG]

I don't understand your logic here. You seem to be under the impression that associating PayPay with something makes it fundamentally safer. I think the evidence points directly to the contrary.

Likely we will have to agree to disagree.

 

[hexgrid]

You keep saying things sike "add a layer of protection and use the paypal option..." without indicating how or why this actually adds any protection.

Look at this way- I'm buying something from tinynicheshop.com, which I've never heard of before the google search I just did.

I can either give these people -who I know absolutely nothing about and have no reason to trust- my credit card number, or I can pay with paypal, which I've used literally hundreds of times in the past with no trouble at all.

I'll probably choose paypal. My own personal experience trumps message board horror stories.