security breach at wiggle?

[515mm]

I don't believe that it is illegal for a company to hold a record of your credit card details. It is however illegal for them to hold them if you tell them not to.

Fair enough. I work in retail and we were told - when we asked a Barclays Merchant Services operative about it - that holding onto an individual's CC details was illegal. Perhaps the rules have changed, perhaps we were misinformed or we got half the truth. Either way, wiggle ain't got my details any more....

 

[515mm]

I had my credit card details used illegally a couple of weeks ago. This was a new, replacement card, complete with a new account number, which I had never used. I'm still waiting for an explanation from Nationwide as how my details came to be used for motorway tolls in Barcelona while I had my nose to the grindstone in Glasgow.

So your details don't have to have come from a retailer.

Good Lord! Hope you didn't suffer any loss...

 

[magnatom]

Mate,

I'm not censoring anyone. We've just been here before and it just gets nasty.

Also remember, you and your mates were all buying cycling gear. Therefore, you all have something in common. Therefore it increases the likelyhood that you will all have shopped at different cycling stores in the past, and have had those in common. Criminals don't always use cards straight away. Often they get sold to databases and bought by others and used at a later date etc. So without proper investigation it is impossible to say for certain that Wiggle are at fault.

That's why I think it is unfair, on wiggle, to name them as the culprit, especially as they are generally a very good company to deal with.

It just so happens that just over a month ago my credit card was used fraudulently. However, I have no idea how it happened etc and although wiggle is one of the companies I have used in the past, I don't think this has any bearing on their 'guilt' or not.

Just be careful who you accuse, that's all I'm saying....

P.S. I'm happy for wiggle to hold my credit details.

 

[Stan]

+1 magnatoms comments. I personally have no problem with Wiggle or any other on-line shop holding my cc details. I try to use Mastercard securecode suppliers where I can. I check my transactions online and not just when I receive my statement. The Mastercard uk site has a sections on fraud to which I attach a link. Hope this helps.

http://www.mastercard.com/uk/personal/en/education/fraud.html

 

[PBancroft]

Fair enough. I work in retail and we were told - when we asked a Barclays Merchant Services operative about it - that holding onto an individual's CC details was illegal. Perhaps the rules have changed, perhaps we were misinformed or we got half the truth. Either way, wiggle ain't got my details any more....

IANAL, but... I seem to recall that storing credit card details is not in and of itself inherently illegal.

I think that it depends upon the circumstances. If you are are a store or distance retailer and are keeping credit card information recorded in a book, or on order pads, or even locked away in a filing cabinet or safe somewhere on the premises then you would probably be against the merchant conditions and liable to be fined.

Probably not illegal, but you might find that the credit card companies would be wary of dealing with you as a retailer.

On the other hand, online retailers, like Amazon, and people who use third party services (such as Protx) use highly secure systems that go well beyond your regular "hide the porn from my wife" encryption. Wiggle will do the same thing.

They also go one step further - they give you a choice to store the card information with them, or you can pay via PayPal, or you can pay via WorldPay (which is owned by the Royal Bank of Scotland).

All of these services store your information online.

And of course, you can choose to advise Wiggle (or any other store) not to keep your information... in which case they are required to remove it from their highly secure porn server... I mean transaction server.

There are other ways that your card details could have been stolen. You could have malware on your computer which is logging everything you type. Someone could have come across a store's transaction records where they haven't been as diligent as they could have been in obfuscating details. Wiggle might have been to blame.

It's not worth jumping to conclusions unless you're puposefully out to make a company look bad.

 

[JamesAC]

My card was used fraudulently a couple of months ago.

If you shop at any one of: Woolworths, Marks and Spencers, Amazon, The Edward VIIth, Sainsburys, Morrisons, any Wetherspoon pub, Machine Mart, ScrewFix, B&Q, Red Rimmed Rosie's House of Correction (I paid by cash) then you should immediately cut up your credit card, withdraw all your remaining money and put it in a shoe box under your bed.

Seriously: it was our local branch of Sommerfields: the whole neighbourhood got done, anyone who'd shopped there on a particular Sunday afternoon. My bank was quite proactive: the first I knew of any problem was when someone phoned from the bank to ask if I was trying to carry out a large transaction on my card -- in Canada!! When I said that I wasn't, they stopped the transaction and my card.

I don't know why these stories about Wiggle keep getting thrashes around. Maybe alternative establishments spread the rumours?

 

[andy_wrx]

Is holding your credit card details illegal ?

No, the company can retain it for a period of time 'required for business, legal and/or regulatory purposes'
- section 3.1 of the Payment Card Industry Data Security Standard, set-up by Visa, MasterCard, Amex, Diners, etc

Offering you a quick ordering process next time you order would be included as such a 'business purpose'
(as would Amazon's 'one-click' ordering, etc).

But they must hold it securely encrypted, limit access to it to suitably vetted personnel, run anti-virus and hacker checks, etc, etc, etc.

And they're not allowed to hold the CV2 security number from the back of your card, once they've charged it. They can't keep that together with your card number, expiry date, etc.

https://www.pcisecuritystandards.org/


All retailers taking card payments must comply with these terms, but the level of checking Visa and Mastercard do on them will depend on how many cards they process - the big merchants like Tesco will be audited more thoroughly than Bloggs Ltd who take 5 card payments a day.

But if it was true that as rumoured Wiggle did suffer a breach 18months or 2 years or whatever it was ago, they would have had such swingeing terms applied to them by their merchant and their website and back-office systems would have been gone through so forensically thoroughly that a repeat breach would be far less likely than another retailer.

Here's how someone might have got at your card
http://news.bbc.co.uk/1/hi/uk/7675191.stm

 

[spen666]

....

Also:

1)It's impossible to 'agree' to illegal terms and conditions.

.....

If it is illegal- what is the legislation that makes it illegal?
Lets have the details of the Act and the section/subsection please.

 

[spen666]

Is holding your credit card details illegal ?

No, the company can retain it for a period of time 'required for business, legal and/or regulatory purposes'
- section 3.1 of the Payment Card Industry Data Security Standard, set-up by Visa, MasterCard, Amex, Diners, etc

....

I agree with your conclusion, but what you quote to support it is notlaw. It is an industry standard, not a legal requirement

 

[RedBike]

I think you can remove your own credit card details from Wiggles site.

Click My account from the top.
Log in
On the left is a menu, select Card details.
Replace the card number with 8888 8888 8888 8888

Job done

 

[ufkacbln]

Lets step back.........

This occurred a while back and Wiggle called in the Police who investigated the problem and gave them a clean bill of health.

Credit card fraud may be from your PC and not the retailer - SO I think it unfair to ad 2 and two come up with 5 and then announce this to the world!

 

[arranandy]

I ordered stuff from Wiggle yesterday and had an email today from them to say my bank had refusedmy card and they were therefore they were unable to process my order. I hope this isn't a repeat of the problems they had earlier this year

 

[snapper_37]

Lets step back.........

This occurred a while back and Wiggle called in the Police who investigated the problem and gave them a clean bill of health.

Credit card fraud may be from your PC and not the retailer - SO I think it unfair to ad 2 and two come up with 5 and then announce this to the world!

+1

Always used Wiggle, never had a problem although I do use paypal via them. Just my choice as have usually got a couple of quid knocking about from ebay account. Like someone has said - if you're unhappy, remove the details from the site.

O/H did have a few train tickets bought in Finland. Nothing to do with Wiggle though. Probably a porn site no doubt

 

[yenrod]

Hi guys - didn't know the best place to post this so I went to the most viewed topics

I just had a conversation with one of my pals who uses wiggle - his credit card details have been used fraudulently in an attempt to buy airline tickets.

Mine was used fraudulently on tuesday to buy 2 mobile phone top-ups (2nd time in 6 weeks)

and two other wiggle user pals of mine have had their details used fraudulently in the last 4 weeks.

The last time I used wiggle they didn't ask for my CC details - yet I got my goods and the moneys were deducted from my CC account. They MUST have my CC details on their database. This is illegal. Tell your mates - get your details off the wiggle d-base now.

Well if you research me on here then you'll find i did have mine cloned too so I reckon it could well be wiggle.

I also shelled out bigtime for some shoes from there too.

Thankfully i have new card - new details but from now on i definately will be avoiding the place: even the prices have gone up.

 

[yenrod]

Maybe if wiggle released a recognised telephone no. then some of this wouldnt be getting printed !