There was a recent thread here and just to alleviate any concerns, I wanted to post my original comment on that thread for all to see:
Just to explain a bit about how cc processing works and to ease any concerns about shopping online with SC:
*The screen you enter your cc info on here, is housed on our site. You can see that the URL changes from "http" to "https". "s" means "secure." When you hit "enter" and the # is sent through cyberspace, we never see it. It goes to the cc processor who has a secure vault of this information. We only see your vault ID so we can tell our processor which account to charge. We also have the last 4 digits of your cc# as a reference. Basically, the employees at SC never even have a chance to steal your cc info and make fraudulent charges.
*NOT ALL SITES FUNCTION THIS WAY.
*Most larger online retailers do, but not all. Smaller retailers may not have set up the structure correctly, so you need to be careful there as well.
*If a hacker would try to get your information from us, they couldn't because we don't have your cc information. They would have to hack our cc processor's site.
*Studio Calico is PCI Compliant. If you ask other online retailers if they are PCI Compliant and they don't know the answer, DON'T SHOP THERE. Trust me, if they are PCI compliant, they will know it. We had to jump through all kinds of hoops, shred all kinds of paper and promise never ever to take cc information any other way than a secure link.
CC theft and identity theft are on the rise BIG TIME. I think that's why you see so many people commenting here. Thankfully there are much smarter people on the good side of things who are working to protect all of us. I've never been hacked, and here are a few rules I follow after being hounded by Kennon to change my personal behavoir:
1. I don't use a debit card online. If I do, I accept the risk that it's not backed by the cc company and I take a risk if fraudulent charges are made using it, the company may not reimburse me. On the other hand, using a credit card, because of the way charges are made and approved, you usually have this protection.
2. I use secure passwords with upper/lowercase, punctuation, and numbers. I know it's a pain in the neck, but trust me, it's worth it.
3. If you have doubts about an online company, ask if they're PCI compliant.
4. I never email or text my cc information (or SSN for that matter). This is a VERY unsecure way to transfer information and you should never be asked to do this, and if you are, DON'T.
5. I never follow links from my email asking me to reenter account information. Because of the size of Paypal and Facebook, many hackers will send you emails that appear to come from those companies and ask you to reenter account information. They may not directly ask you for CC info, but when you click that link, it goes to their site, and the username/password you enter is what they collect, then they can easily go to the real site and access your information. So, if you ever want to change account info, you should go to your browser, and physically type the URL for the correct site, then change your account info. NEVER FOLLOW EMAIL LINKS.
***Added***
You are way more likely to have your account information stolen at a restaurant or physical storefront than you are online. Anytime you hand your card over to someone and it's out of your site, they can easily copy account information then use that card online. Because they used it online, you think you were "hacked" online, but in reality, you weren't. There's not really much you can do about this one except keep an eye on your server and cc at all times.
Yes Thanks for that.... but I hope you know that we (or at least me) wasn't implying it was studio calico.
A long time ago I was told you should never shop on a site that is not https - and ironically even when my cc company called me to discuss stuff... the last time they picked up something.... I said Hang on, I am not telling you anything I'll call you back ... who do I ask for.... then called the number on my statement.
Note: the page where you enter your CC info here IS hosted on our site (it's why your address bar says "www.studiocalico.com") but as soon as you hit submit your data goes directly to our processor and we never see it.
There was a recent thread here and just to alleviate any concerns, I wanted to post my original comment on that thread for all to see:
Just to explain a bit about how cc processing works and to ease any concerns about shopping online with SC:
*The screen you enter your cc info on here, is housed on our site. You can see that the URL changes from "http" to "https". "s" means "secure." When you hit "enter" and the # is sent through cyberspace, we never see it. It goes to the cc processor who has a secure vault of this information. We only see your vault ID so we can tell our processor which account to charge. We also have the last 4 digits of your cc# as a reference. Basically, the employees at SC never even have a chance to steal your cc info and make fraudulent charges.
*NOT ALL SITES FUNCTION THIS WAY.
*Most larger online retailers do, but not all. Smaller retailers may not have set up the structure correctly, so you need to be careful there as well.
*If a hacker would try to get your information from us, they couldn't because we don't have your cc information. They would have to hack our cc processor's site.
*Studio Calico is PCI Compliant. If you ask other online retailers if they are PCI Compliant and they don't know the answer, DON'T SHOP THERE. Trust me, if they are PCI compliant, they will know it. We had to jump through all kinds of hoops, shred all kinds of paper and promise never ever to take cc information any other way than a secure link.
CC theft and identity theft are on the rise BIG TIME. I think that's why you see so many people commenting here. Thankfully there are much smarter people on the good side of things who are working to protect all of us. I've never been hacked, and here are a few rules I follow after being hounded by Kennon to change my personal behavoir:
1. I don't use a debit card online. If I do, I accept the risk that it's not backed by the cc company and I take a risk if fraudulent charges are made using it, the company may not reimburse me. On the other hand, using a credit card, because of the way charges are made and approved, you usually have this protection.
2. I use secure passwords with upper/lowercase, punctuation, and numbers. I know it's a pain in the neck, but trust me, it's worth it.
3. If you have doubts about an online company, ask if they're PCI compliant.
4. I never email or text my cc information (or SSN for that matter). This is a VERY unsecure way to transfer information and you should never be asked to do this, and if you are, DON'T.
5. I never follow links from my email asking me to reenter account information. Because of the size of Paypal and Facebook, many hackers will send you emails that appear to come from those companies and ask you to reenter account information. They may not directly ask you for CC info, but when you click that link, it goes to their site, and the username/password you enter is what they collect, then they can easily go to the real site and access your information. So, if you ever want to change account info, you should go to your browser, and physically type the URL for the correct site, then change your account info. NEVER FOLLOW EMAIL LINKS.
***Added***
You are way more likely to have your account information stolen at a restaurant or physical storefront than you are online. Anytime you hand your card over to someone and it's out of your site, they can easily copy account information then use that card online. Because they used it online, you think you were "hacked" online, but in reality, you weren't. There's not really much you can do about this one except keep an eye on your server and cc at all times.
thanks for this post April
Yes Thanks for that.... but I hope you know that we (or at least me) wasn't implying it was studio calico.
A long time ago I was told you should never shop on a site that is not https - and ironically even when my cc company called me to discuss stuff... the last time they picked up something.... I said Hang on, I am not telling you anything I'll call you back ... who do I ask for.... then called the number on my statement.
My mom's gotten her CC # stolen twice over the past 10 years -- and both times it was traced back to a (different) not nearby gas station.
Note: the page where you enter your CC info here IS hosted on our site (it's why your address bar says "www.studiocalico.com") but as soon as you hit submit your data goes directly to our processor and we never see it.
Great info - thanks April! It's happened to me a few times, but I was never worried about here. :-)