SDE - payment issues? (excised from Who's Next announcement thread)

[sjc]

I bought Who's Next over the weekend from SDE shop via credit card and today I got a call from my credit card company questioning a 900 pound charge. They cancelled my card and are sending me a new one. If it wasn't for this thread, I'd be going nuts running anti virus software on my PC. I'm in the US.......

 

[JediJoker]

Okay, this has gone far enough. A clear link has been established between card details entered at SDE and credit fraud. It genuinely appears as though the website has been compromised. @PaulatSDE: you really ought to issue a statement warning customers to use alternate payment methods (PayPal, Shop Pay) until this security vulnerability has been dealt with, and then deal with it.

 

[ramokoff]

I've made a couple of purchases from SDE recently without any issues. Credit card hacks happen frequently. SDE has tens thousands of customers and only a few have reported problems. With this information, no responsible person can reasonably claim that the issue is with SDE's website. Besides, at least one person has presented an already virtually impossible scenario linking the issue to SDE (the problem occurred despite using PayPal for payment).

 

[PaulatSDE]

It should go without saying that we take this stuff seriously, but literally one or two people have contacted us with recent payment issues. I think one of them didn't even have an issue – they were just concerned because they'd read - here, presumably - that there was a possible issue.

@JediJoker please do not write things like "A clear link has been established between card details entered at SDE and credit fraud" which is total nonsense and a rather irresponsible thing to write on a forum like this. We are investigating one specific issue to see what the root cause might be and are working with Shopify in that instance. Shopify is the e-commerce platform we use and it is secure and Level 1 PCI compliant. All credit card payments are processed via Shopify Payments (More info here > https://www.shopify.com/uk/security/pci-compliant).

We will not be issuing a statement because one or two people having an issue out of 5,000 Who sales is a tiny, tiny fraction. If someone genuinely feels something has gone awry, the advice is to contact us at [email protected] and we will deal with it in a professional manner.

Thanks
Paul

 

[JulesRules]

I've counted nine separate people reporting this issue in this thread alone. Sorry, but that's more than enough to suggest Shopify is having a problem (with credit card buyers only, PayPal seems unaffected), especially since most people buying these discs aren't on this forum.

Edit - Also, all instances of the issue seem to have arisen recently, which suggests that something happened somewhere. Nobody has had this problem even a month ago.

 

[JediJoker]

I've counted nine separate people reporting this issue in this thread alone. Sorry, but that's more than enough to suggest Shopify is having a problem (with credit card buyers only, PayPal seems unaffected), especially since most people buying these discs aren't on this forum.

Indeed. It seems to be an issue specific to the SDE Shop website, though, not Shopify in general. Those of us using PayPal or Shop Pay are generally not having our details stolen, while some of us entering credit card info directly on the website are. I understand fully that the payment processing happens at/through Shopify, but who hosts your website, @PaulatSDE? The data leak is likely coming from there, not from Shopify.

Additionally, while I understand the business interest of not deterring potential customers over what seems like a non-issue, I find your cavalier and indifferent attitude here most disheartening. Even if it were one transaction in ten thousand that may have led to identity theft, that's still upending someone's life that might have been spared. I'd have a hard time living with that possibility.

 

[PaulatSDE]

Indeed. It seems to be an issue specific to the SDE Shop website, though, not Shopify in general. Those of us using PayPal or Shop Pay are generally not having our details stolen, while some of us entering credit card info directly on the website are. I understand fully that the payment processing happens at/through Shopify, but who hosts your website, @PaulatSDE? The data leak is likely coming from there, not from Shopify.

Additionally, while I understand the business interest of not deterring potential customers over what seems like a non-issue, I find your cavalier and indifferent attitude here most disheartening. Even if it were one transaction in ten thousand that may have led to identity theft, that's still upending someone's life that might have been spared. I'd have a hard time living with that possibility.

I have asked you to stop giving ill-informed opinions which are masquerading as facts but here's another example: "Who hosts your website? The data leak is likely coming from there, not from Shopify".

Shopify hosts the website. If you are suggesting that Shopify has been compromised, then millions of sites worldwide would be impacted. Shopify handles the credit card payments and handles the data security between Paypal and Shop Pay etc.

I do not have a cavalier or indifferent attitude. We have spoken to Shopify about the one or two incidents that have been reported to us and we will investigate and take all queries sent to us directly about payment issues seriously. What I am saying is that your statement: "A clear link has been established between card details entered at SDE and credit fraud" is simply untrue. There is no data to support this assertion.