Can a customer's credit card get hacked after purchasing from us?

Solved

Can a customer's credit card get hacked after purchasing from us?

Suemac
Visitor
2 0 0

A customer contacted me today saying that right after purchasing from us her credit card was hacked and her information was used to make fraudulent purchases.  She indicated that it was our site that had a breach of security.  Is this possible?

Accepted Solution (1)

Shay
Shopify Staff
3110 473 652

This is an accepted solution.

HI @Suemac 

 

Thank you for reaching out about this and the details you shared here. I am sorry this happened to a customer from your site. While nothing online is 100% secure all of the time, the chances that your payment gateway was compromised would be very very low. 

 

What payment gateway did the customer use? If it was Shopify Payments, we have not had any reports of issues related to that and if we did we would be contacting merchants ASAP to inform them of this (this would be a legal requirement on our part). 

 

The unfortunate answer is that most likely the device the customer made the purchase on, or their internet connection, was compromised. I would encourage your customer to do a full virus scan or reinstallation of their computer operating system to remove any possible malware or viruses being used to collect their data. 

 

If the customer insists that this is an issue with your online store or the Shopify platform, they can reach out to our support by emailing legal@shopify.com with any evidence they have to support this and our team would be happy to investigate further with the customer. 

Shay | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

View solution in original post

Replies 5 (5)

Beacon-Jason
Shopify Partner
284 17 62

Hi @Suemac Jason here with Beacon.

 

Yes, bad-actors use stolen CC information all the time to make fraudulent purchases on sites.

 

If you have not already done so, quickly cancel and refund the order and do not ship out the item. If you have already shipped out the item, you can quickly contact your shipping provider and intercept the package so that you do not lose out on your inventory.

 

If you do not refund the customer, eventually they will contact their CC provider and open up a chargeback case, which is really bad for merchants because you will be charged additional fees and the original payment reversed if you lose the case. This is why it's important to quickly cancel and refund the order as soon as possible so that a chargeback case cannot be opened.

 

Next, make sure to educate yourself and learn to spot bad orders in the future because it will happen again once you start scaling up your business. 

 

https://help.shopify.com/en/manual/orders/fraud-analysis

 

https://blog.lizuna.com/how-to-prevent-shopify-chargebacks-with-a-phone-number/

 

I hope this helps!

 

 

Decrease fraudulent orders, stop chargebacks with Beacon. The most customizable fraud and risk management system built for Shopify businesses

https://apps.shopify.com/beacon
Suemac
Visitor
2 0 0

Her order was legitimate, she was saying that her credit card information and name was stolen to buy products elsewhere.  Is it possible that her personnel information and credit card number was taken from our shopify site.

Chargeflow-Avia
Excursionist
22 1 5

Hi @Suemac

This is possible due to compromised security on your website - and here are a few tips to cover in order to save yourself from happening this again:

 

1. Keep all software on your site up-to-date

2. Use strong passwords for all accounts associated with your website

3. Use a secure connection (SSL) for any page where customers input sensitive information

4. Regularly scan your site for malware and vulnerabilities

5. Have a plan in place for what to do if a breach happens

6. Train staff on cyber security best practices

7. Educate customers about how to protect themselves online when visiting your website

8. Make sure all third-party payment processors are PCI compliant and have up-to-date safeguards in place for processing payments

9. Investigate any suspicious activity as soon as possible and take appropriate action

10. Monitor bank and credit card statements for any fraudulent activity associated with your website

 

These simple steps can help ensure that your customers' data is safe and secure and that you are taking the necessary measures to protect them from identity theft or other malicious activities. If you have already been affected by a security breach,

Please let me know if my answer is helpful by clicking "Like" and marking it as a solution!

Chargeflow is the best chargeback recovery software for Shopify brands. Free to start, 24/7 Live Chat Support, ROI-guarantee and the highest win-rates. Let us take care of your chargebacks.

Shay
Shopify Staff
3110 473 652

This is an accepted solution.

HI @Suemac 

 

Thank you for reaching out about this and the details you shared here. I am sorry this happened to a customer from your site. While nothing online is 100% secure all of the time, the chances that your payment gateway was compromised would be very very low. 

 

What payment gateway did the customer use? If it was Shopify Payments, we have not had any reports of issues related to that and if we did we would be contacting merchants ASAP to inform them of this (this would be a legal requirement on our part). 

 

The unfortunate answer is that most likely the device the customer made the purchase on, or their internet connection, was compromised. I would encourage your customer to do a full virus scan or reinstallation of their computer operating system to remove any possible malware or viruses being used to collect their data. 

 

If the customer insists that this is an issue with your online store or the Shopify platform, they can reach out to our support by emailing legal@shopify.com with any evidence they have to support this and our team would be happy to investigate further with the customer. 

Shay | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

garylarsonhi
Visitor
1 0 0

My card info was also stolen from Shopify!   Totally unsecure.   Now I'm fighting the merchant who wont reply AND my card's bank.   Its a total mess.   All from Shopify!   Criminal business!!!

 

Gary