Mweb Credit Card Security Risk?

S

stofmike

New Member
Joined
Nov 26, 2013
Messages
2
Reaction score
0
I had some fraud on a credit card only 2 weeks after it was issued. I had given my credit card details over the phone to Mweb and the other places it was chip and pin with the card in sight. This made me suspicious of Mweb.

When I got the second new card I instead updated the credit card details online but with Mweb you have to phone back it to get them to process the payment. The lady read back my entire credit card number. From what I know of credit card security (which admittedly it a hell of a lot) the majority of the credit card numbers are masked with only the last 4 visible to the operator (a bit like Afrihost where there are "#" and the last 4 digits). The lady confirmed that the department of 8 people can see every credit card number of every customer. This seems like a potential massive risk of someone selling all these card numbers (which may have already happened in my case).

I don't understand why once it has been entered the full card number should be visible. If he payment fails the number is reentered and rerun. Also, no verification is done against a card number.

I tweeted @MwebHelp who responded to say that only designated staff have access to customer details and then went silent.

Anyone else find it not right that full credit card details are in plain view - even if only a few people can see them?
 
With regards to the first part of your post: chip & pin does nothing to stop somebody from skimming your card details
 
mister said:
With regards to the first part of your post: chip & pin does nothing to stop somebody from skimming your card details
Click to expand...

You are correct and hence why I didn't in my post say that the fraud was caused by Mweb. It made me suspicious. Leaving that aside I still don't think it is right that customer credit card numbers are in full view
 
stofmike said:
Leaving that aside I still don't think it is right that customer credit card numbers are in full view
Click to expand...

I agree with you and it appears as if they are not in compliance with PCI.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
Click to expand...

I would contact Pasa and lodge a complaint.

http://www.pasa.org.za/contact.html
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X