SDE - payment issues? (excised from Who's Next announcement thread)

QuadraphonicQuad

Help Support QuadraphonicQuad:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
I bought Who's Next over the weekend from SDE shop via credit card and today I got a call from my credit card company questioning a 900 pound charge. They cancelled my card and are sending me a new one. If it wasn't for this thread, I'd be going nuts running anti virus software on my PC. I'm in the US.......
 
Okay, this has gone far enough. A clear link has been established between card details entered at SDE and credit fraud. It genuinely appears as though the website has been compromised. @PaulatSDE: you really ought to issue a statement warning customers to use alternate payment methods (PayPal, Shop Pay) until this security vulnerability has been dealt with, and then deal with it.
 
Last edited:
I've made a couple of purchases from SDE recently without any issues. Credit card hacks happen frequently. SDE has tens thousands of customers and only a few have reported problems. With this information, no responsible person can reasonably claim that the issue is with SDE's website. Besides, at least one person has presented an already virtually impossible scenario linking the issue to SDE (the problem occurred despite using PayPal for payment).
 
Last edited:
It should go without saying that we take this stuff seriously, but literally one or two people have contacted us with recent payment issues. I think one of them didn't even have an issue – they were just concerned because they'd read - here, presumably - that there was a possible issue.

@JediJoker please do not write things like "A clear link has been established between card details entered at SDE and credit fraud" which is total nonsense and a rather irresponsible thing to write on a forum like this. We are investigating one specific issue to see what the root cause might be and are working with Shopify in that instance. Shopify is the e-commerce platform we use and it is secure and Level 1 PCI compliant. All credit card payments are processed via Shopify Payments (More info here > https://www.shopify.com/uk/security/pci-compliant).

We will not be issuing a statement because one or two people having an issue out of 5,000 Who sales is a tiny, tiny fraction. If someone genuinely feels something has gone awry, the advice is to contact us at [email protected] and we will deal with it in a professional manner.

Thanks
Paul
 
I've counted nine separate people reporting this issue in this thread alone. Sorry, but that's more than enough to suggest Shopify is having a problem (with credit card buyers only, PayPal seems unaffected), especially since most people buying these discs aren't on this forum.

Edit - Also, all instances of the issue seem to have arisen recently, which suggests that something happened somewhere. Nobody has had this problem even a month ago.
 
Last edited:
I've counted nine separate people reporting this issue in this thread alone. Sorry, but that's more than enough to suggest Shopify is having a problem (with credit card buyers only, PayPal seems unaffected), especially since most people buying these discs aren't on this forum.
Indeed. It seems to be an issue specific to the SDE Shop website, though, not Shopify in general. Those of us using PayPal or Shop Pay are generally not having our details stolen, while some of us entering credit card info directly on the website are. I understand fully that the payment processing happens at/through Shopify, but who hosts your website, @PaulatSDE? The data leak is likely coming from there, not from Shopify.

Additionally, while I understand the business interest of not deterring potential customers over what seems like a non-issue, I find your cavalier and indifferent attitude here most disheartening. Even if it were one transaction in ten thousand that may have led to identity theft, that's still upending someone's life that might have been spared. I'd have a hard time living with that possibility.
 
Indeed. It seems to be an issue specific to the SDE Shop website, though, not Shopify in general. Those of us using PayPal or Shop Pay are generally not having our details stolen, while some of us entering credit card info directly on the website are. I understand fully that the payment processing happens at/through Shopify, but who hosts your website, @PaulatSDE? The data leak is likely coming from there, not from Shopify.

Additionally, while I understand the business interest of not deterring potential customers over what seems like a non-issue, I find your cavalier and indifferent attitude here most disheartening. Even if it were one transaction in ten thousand that may have led to identity theft, that's still upending someone's life that might have been spared. I'd have a hard time living with that possibility.
I have asked you to stop giving ill-informed opinions which are masquerading as facts but here's another example: "Who hosts your website? The data leak is likely coming from there, not from Shopify".

Shopify hosts the website. If you are suggesting that Shopify has been compromised, then millions of sites worldwide would be impacted. Shopify handles the credit card payments and handles the data security between Paypal and Shop Pay etc.

I do not have a cavalier or indifferent attitude. We have spoken to Shopify about the one or two incidents that have been reported to us and we will investigate and take all queries sent to us directly about payment issues seriously. What I am saying is that your statement: "A clear link has been established between card details entered at SDE and credit fraud" is simply untrue. There is no data to support this assertion.
 
I just checked my banking accounts for any fraudulent transactions, thankfully nothing suspicious here. I use Capital One as my primary bank and they have a browser extension called Eno that generates unique virtual credit cards linked to your real credit card for every website you shop at, so as a precaution I deleted my SDE virtual card and can easily generate a new one next time I make a purchase. I would recommend everyone check if their bank offers a similar program, I never have to worry about using my real credit card online.
 
Off topic, but Paul mentioned 5000 Who sales, that must be one of their biggest sellers.
And out of caution I checked my VISA account, no sign of a problem.
 
To be clear: you mean you enabled 2FA on the online accounts associated with those cards, correct? I'm not aware of any card issuers offering 2FA at point-of-sale. Too many disparate systems to make that feasible.
Correct. But I have 2FA with PayPal as well, though I have noticed some POS seem to get around that somehow...I'm thinking either WalMart or Lowe's. But I have 2FA with both of them where I get a code either by email or text.
Crooks gonna crook, and figure out how to defeat systems sooner or later, as apparently there are a virtual plethora of ******** in the world.
 
Last edited:
Is anyone still having problems with their credit card being hacked right after buying on SDE?
 
Is anyone still having problems with their credit card being hacked right after buying on SDE?
No, but when I went in to buy the new Elton John earlier my secure browser suggested I change my SDE password as there had been a breach, could this be linked to the problem? I use paypal so not had a problem as of yet
 
No, but when I went in to buy the new Elton John earlier my secure browser suggested I change my SDE password as there had been a breach, could this be linked to the problem? I use paypal so not had a problem as of yet
I'd say that's a smoking gun. Paypal is a separate service, it only exchanges the price/confirmation data between the website and their service. If using SDE and saving the credit card info on file with them, that can absolutely be how the credit card account information was being leaked/stolen.
 
I'd say that's a smoking gun. Paypal is a separate service, it only exchanges the price/confirmation data between the website and their service. If using SDE and saving the credit card info on file with them, that can absolutely be how the credit card account information was being leaked/stolen.
Paul’s gotta pay for those trips to the USA somehow. 😉
 
I noticed one of the recent changes in the SDE cart check screen is this 'Shop' dialogue. It is ticked by default. I have personally had some very shady experiences with 'Shop'. All of your entered information is saved by them.

1730921734497.png
 
I noticed one of the recent changes in the SDE cart check screen is this 'Shop' dialogue. It is ticked by default. I have personally had some very shady experiences with 'Shop'. All of your entered information is saved by them.

View attachment 110831

Regardless of website or vendor, I usually leave this unchecked. Because I use PayPal or similar type payment. Thanks.
 
Back
Top