| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| primer:security [2017/01/05 17:35] – [Summary: What to do if you're being told you need to be compliant] foxybrett | primer:security [2020/10/09 20:36] (current) – [One of my customers reported their card was stolen!] foxybrett |
|---|
| FoxyCart goes through extensive security reviews and audits constantly. We have intrusion prevention and detection. We monitor the logs. We're proactive about security. We handle millions of transactions for thousands of merchants all over the world. We receive only one or two reports of a compromised card each year. | FoxyCart goes through extensive security reviews and audits constantly. We have intrusion prevention and detection. We monitor the logs. We're proactive about security. We handle millions of transactions for thousands of merchants all over the world. We receive only one or two reports of a compromised card each year. |
| |
| Though it's certainly possible we have a security breach on our end, it's far more likely that their computer is compromised. The customer should wipe their computer, and/or toss it and get a new one. | Though it's certainly possible we have a security breach on our end, it's far more likely that your customer's computer is compromised. The customer should wipe their computer, and/or toss it and get a new one. |
| |
| Where FoxyCart has numerous safeguards in place, the customer's computer is a personal computer that may or may not be running antivirus and anti-malware. The customer uses it to browse the web and may not have the latest OS and browser security updates installed. The customer uses the computer to receive email, possibly on an older or unpatched email client. The customer's computer may be available to others (partners, spouses, children, friends) who visit questionable websites, download pirated software, etc. There are myriad ways for the customer's computer to be compromised. Once that happens, as soon as they enter a credit card number anywhere (whether that's FoxyCart, Amazon, or their gas company's website), a keylogger can grab that, send it to the attacker, and their card is immediately compromised. | Where FoxyCart has numerous safeguards in place, your customer's computer is a personal computer that may or may not be running antivirus and anti-malware. The customer uses it to browse the web and may not have the latest OS and browser security updates installed. The customer uses the computer to receive email, possibly on an older or unpatched email client. The customer's computer may be available to others (partners, spouses, children, friends) who visit questionable websites, download pirated software, clicked on an email attachment they shouldn't have, etc. There are myriad ways for the customer's computer to be compromised. Once that happens, as soon as they enter a credit card number anywhere (whether that's FoxyCart, Amazon, or their gas company's website), a keylogger can grab that, send it to the attacker, and their card is immediately compromised. |
| |
| If this has happened to you or your customer and you'd like to loop us in to discussions, feel free. We take this really seriously. It's theoretically possible that FoxyCart had a security breach, and only one single customer was impacted, but the far more likely scenario is that the customer's computer has a virus or other malware. (We once had this happen where the customer said, "I never shop online because //every time// I buy something online, my card gets stolen." The problem is obvious to those of us who've spent time scrubbing malware off friends' and parents' computers, but the average computer user places far too much trust in their own computer's security.) | If this has happened to you or your customer and you'd like to loop us in to discussions, feel free. We take this extremely seriously. It's theoretically possible that FoxyCart had a security breach, and only one single customer was impacted, but the far more likely scenario is that the customer's computer has a virus or other malware. (We once had this happen where the customer said, "I never shop online because //every time// I buy something online, my card gets stolen." The problem is obvious to those of us who've spent time scrubbing malware off friends' and family's computers, but the average computer user places far too much trust in their own computer's security.) |
| |
| ===== Bad Ideas: Email and Sensitive Information ===== | ===== Bad Ideas: Email and Sensitive Information ===== |
