considering a purchase from Monoprice?

lowtech · « **on:** 13 Mar 2010, 06:57 am »

Or worse yet, have alread done so.

http://www.krebsonsecurity.com/2010/03/monoprice-com-shuttered-after-fraud-complaints/

mhconley · « **Reply #1 on:** 14 Mar 2010, 06:45 am »

Glad to see the company is doing the right thing...

I have made many purchases from Monoprice in the past and will not hesitate to do so again in the future. They are a stand-up company providing top quality products at very reasonable prices. This current issue simply illustrates the security risks inherent with conducting business on the internet.

The way they are handling it is just another indication of what type of company they are...

Martin

lonewolfny42 · « **Reply #2 on:** 14 Mar 2010, 06:46 am »

Good advice is to check your credit card statements....

Thump553 · « **Reply #3 on:** 14 Mar 2010, 12:20 pm »

Figures-I bought $1.79 in cables from them about two weeks ago. Oh well, have to keep my fingers crossed.

Big Red Machine · « **Reply #4 on:** 14 Mar 2010, 12:36 pm »

Good company - once they shipped the wrong part to me and realizing it was only a $1.50 cable they said keep the one you have and we'll send the new one free of charge instead of paying to return such an inexpensive cable.

mcgsxr · « **Reply #5 on:** 14 Mar 2010, 07:43 pm »

I work for a firm that, among other things, sells reviews and certification around data security standards, and credit card data standards specifically - the only surprise for me on that page, is how prominently they have broadcast it - and I think that is a great surprise - good on them for being upfront about it.

Doublej · « **Reply #6 on:** 14 Mar 2010, 10:11 pm »

Quote from: mcgsxr on 14 Mar 2010, 07:43 pm

I work for a firm that, among other things, sells reviews and certification around data security standards, and credit card data standards specifically - the only surprise for me on that page, is how prominently they have broadcast it - and I think that is a great surprise - good on them for being upfront about it.

What's Payment Card Industry best practice for something like this? Shut down the website until further notice with no statement of reason? Continue processing credit cards with no statement to customers until you know for a fact you had a breach?

mcgsxr · « **Reply #7 on:** 14 Mar 2010, 10:53 pm »

PCI is a complex standard, and it depends.

The breached party must contact the processor within 24 hours. There is no agreed upon step around public disclosure - and that is often governed more by the security policies of the firm/jurisdiction. In some states all those whose data has been breached must be notified, not so in others, as I understand it.

Also - I am not a QSA (the designation for those who perform the audits and subsequent remediation steps), I am the sales guy...

considering a purchase from Monoprice?

lowtech

considering a purchase from Monoprice?

mhconley

Re: considering a purchase from Monoprice?

lonewolfny42

Re: considering a purchase from Monoprice?

Thump553

Re: considering a purchase from Monoprice?

Big Red Machine

Re: considering a purchase from Monoprice?

mcgsxr

Re: considering a purchase from Monoprice?

Doublej

Re: considering a purchase from Monoprice?

mcgsxr

Re: considering a purchase from Monoprice?