Dropsafe

by Alec Muffett

In which #FortnumAndMason asks a customer to email them their credit card details… #security #pci #oops

Fortnum & Mason has come under fire for asking customers to email their credit card details in order to get a refund, after an IT glitch prevented the store from delivering all of its hamper orders in time for Christmas.

One regular customer, who has still not received his delivery despite placing an order in November last year, contacted the luxury London department store to request a refund.

According to a Fortnum & Mason spokesperson, the company does not keep any payment details for data protection reasons and it asks all customers requiring a refund to give their payment details over the telephone.

[…]

I will require your card details to arrange a refund (type of card, name of the card, long number, expiry date, security number [CVV code]). The system Fortnum & Mason have in place does not process direct crediting automatically due to encryption measures,” the customer relations advisor wrote.

The story of epic fail continues at Computerworld … and yes, I get cited.

Comments

One response to “In which #FortnumAndMason asks a customer to email them their credit card details… #security #pci #oops”

  1. Tom Hawtin

    The Devoxx conference requires card information to be e-mailed to their accountants. They even have the odd security session. What can you do? (Other than use the same apparent e-mail provider and hope for the best.)

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts