We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
LUSH - Important News - UPDATED
Options
Comments
-
yummy.scrummy.mummy wrote: »20 years in IT security and you still arent aware that online security systems can be broken into by people who know how. you can create new things to protect more, but the fact is that hacking pays more than securing a system and always will. i do have a clue about what im talking about, please do not judge
I am afraid I have to fully agree with hallmark, you are totally wrong with your assumption that hackers can easily crack well encrypted information.
Getting into a system is the easy bit. (shouldn’t be but far easier than encrypting the information)
It would take years and lots of luck to crack the information if correctly encrypted. currently 1024-bit keys or 1024-bit keys are not breakable.
I sell online but use a third party (worldpay) for credit card transactions.
PCI DSS - Payment Card Industry Data Security Standard - is a set of requirements that all businesses that take credit or debit card payments must comply with.
Its my guess that lush were not compliant.
0 -
Does using my credit card give more protection against fraud than my debit card ?- I always think because there's more cash available on my credit card than in my current account it makes more sense/cuts down the risk to use my debit card.
I think it's safer to use your credit card, but prob depends on the size of the company you are paying? I used to use my debit card a lot and was refunded for tickets I booked on a dodgy site but never received under my bank's fraud guarantee. A few months ago I ordered a £17 jacket for my DS through a site called vanguard workwear and never received it. The bank said they only refund if they can contact the company to establish it exists and that i'd have been protected more paying by a credit card. So as a rule I use my debit card for bigger companies (such as Amazon, Asda, boots etc) as I know they're not just going to disappear, and my credit card for smaller or online only companies.0 -
I did think over xmas that there was a problem @ Lush. their site was down due to 'sale demand' yet there was no online sale! their twitter page kept posting 'new products', 'online sale' e.t.c posts yet nothing was online until after the sale finished in stores! they had no online sale! then they started posting xmas products in the new year in the 'new products' section, with an 'error' when u clicked.
ANYWAY, the fact it goes as far to Oct is disgraceful. why is it only waaaaaaaaaaaaay into January they've decided to let people know? and to take the mick with their comments on being hacked just shows how unprofessional they are!
so over the WHOLE xmas time frame (when they make the MOST money) their site was compromised and they want us to believe they only 'JUST' found out about it?! HAHA!!!
They should keep posting utube videos, as they clearly dont give a rats arrrrrrrrrse about the fraud.0 -
Cheapchick wrote: »I think it's safer to use your credit card, but prob depends on the size of the company you are paying? I used to use my debit card a lot and was refunded for tickets I booked on a dodgy site but never received under my bank's fraud guarantee. A few months ago I ordered a £17 jacket for my DS through a site called vanguard workwear and never received it. The bank said they only refund if they can contact the company to establish it exists and that i'd have been protected more paying by a credit card. So as a rule I use my debit card for bigger companies (such as Amazon, Asda, boots etc) as I know they're not just going to disappear, and my credit card for smaller or online only companies.
I have heard this too - that banks are notoriously slow in refunding fraudulant payments back to your debit cards because the money is in effect yours - however they will refund fraudulent items purchased by credit card much quicker- because it is the CC's money!
since I heard that, I have only ever used Credit Cards for online purchases0 -
I did think over xmas that there was a problem @ Lush. their site was down due to 'sale demand' yet there was no online sale! their twitter page kept posting 'new products', 'online sale' e.t.c posts yet nothing was online until after the sale finished in stores! they had no online sale! then they started posting xmas products in the new year in the 'new products' section, with an 'error' when u clicked.
ANYWAY, the fact it goes as far to Oct is disgraceful. why is it only waaaaaaaaaaaaay into January they've decided to let people know? and to take the mick with their comments on being hacked just shows how unprofessional they are!
so over the WHOLE xmas time frame (when they make the MOST money) their site was compromised and they want us to believe they only 'JUST' found out about it?! HAHA!!!
They should keep posting utube videos, as they clearly dont give a rats arrrrrrrrrse about the fraud.
Well, they didn't want anything to spoil their New Year's Honours, did they?0 -
I am amazed at the number of people on here that are feeling sorry for Lush and saying it is not their fault.
Well actually, they must shoulder a lot of the blame. They are not some tuppeny ha’penny company; they have international sales of over £150 million, yet preferred to make large donations to dubious political causes than invest in decent security systems.
In addition, surely greed can be the only reason they waited until the Christmas buying frenzy was over before informing customers.
Apart from the hassle and inconvenience, most people whose stolen details were used will not be out of pocket, but someone has to pay, and it won’t be the banks. The retailers who were defrauded lose out big time. They have to refund the bank for items they no longer have AND pay an admin fee.
The message on their website was unbelievably crass given the circumstances. The only people likely to laugh about this are the hackers.
So, no. I don’t feel sorry for Lush. They shut their website down at the quietest time of year after milking it for all it was worth during the busiest time.0 -
it could easily have happened if you opened an email supposed to be from LUSH and made an order through that link0
-
sarahg1969 wrote: »Well, they didn't want anything to spoil their New Year's Honours, did they?
Very good point. Mark and Margaret Constantine, founders of Lush, received OBEs for services to the beauty industry in the New Year's hounours list.¿Alguien ha visto a mi nave espacial?
Biting is excellent. It's like kissing, only there's a winner.0 -
metoyoubear wrote: »It won't seem to let you change that,or at least i can't get it to work so i changed the start date and the cv number instead.
I've just emailed play to close my account as i hardly use them anyway and would rather input everytime i use it, see what they say!0 -
Thinking about how to prevent anything like this happening again : when my new cards arrive will I ever dare buy online again?
An early poster said "if I were a Lush customer I would be demanding to know why credit card numbers are being stored on their database"
Why were my card details stored on the Lush database?
What's to stop this happening to my new cards?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.2K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.7K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.2K Mortgages, Homes & Bills
- 177K Life & Family
- 257.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards