The Consumers’ Association, a British advocacy group that campaigns to increase online security, said Friday that it suffered a security breach in its TaxCalcsoftware site that left the credit-card information of nearly 3,000customers exposed to unauthorized third parties.
The security flaw affected customers who purchased a copy of theAssociation’s Which? TaxCalc 2001 software from its TaxCalc.com site.
According to the BBC, the flaw was discovered by someone who learned it waspossible to download TaxCalc.com pages containing credit card details intoMicrosoft FrontPage. Once the discovery was made, the person reported theincident to the London Times, which then informed the Consumers’Association.
“The TaxCalc site will remain shut until this problem has been resolved,”said Kim Lavely, deputy director of the Consumers’ Association. “We will beadvising them to contact their credit card issuers to cancel their cards.”
Taxing Situation
TaxCalc guides users through the process of completing British SelfAssessment tax returns.
According to IDP Ltd., the UK software publisher that created the programfor the Consumers’ Association, TaxCalc has sold almost 250,000 units sinceBritain implemented self-assessment tax returns.
IDP said on its Web site the security issue is limited to customers whopurchased TaxCalc directly from TaxCalc.com. The Consumers’ Association hascommissioned an independent security expert to conduct a security audit onthe TaxCalc site.
How Ironic
The most recent annual Internet survey conducted by the Consumers’Association own research group, Which? Online, found that 72 percent ofBritish Internet surfers are worried about online fraud.
In June 1999, Which? Online launched the Which? Web Trader program toencourage the development of a safe and secure online shopping environmentfor consumers.
The program provides approval logos to Web sites that meet the e-commerce andsecurity standards pre-established by Which? Online. One of the standardssays that approved sites must ensure that their Web sites are secure “sothat consumers’ personal information and transactions remain confidentialand cannot be interfered with.”
Last year, the Web Trader program became affiliated with Trust UK, ane-commerce code of practice accreditation body formed by the Alliance forElectronic Business and Consumers’ Association, with backing from the UK’sDepartment of Trade and Industry.
Cobbler’s Shoes
This is the second security breach this week to impact an organizationthat specializes in Internet security or fraud.
On Monday, Anacom Communications, an online credit card processing andsecurity provider, announced its databases were illegally accessed andfraudulent transactions were taking place using the merchant accounts on theAnacom network.
Anacom is the developer and owner of the WebCharge, WebCheck and InternetFraud Screening (IFS) payment processing gateways and technologies.
If somebody like Which can’t get it right then what chance does the consumer have? This is an organisation funded by the EC, a household name in the UK, and they can’t even get their own house in order.
Hopefully people will eventually realise that “you can’t get “owt for nowt” and professional ecommerce authenticators like surfchek will become the benchmark for consumers’ trust.