All things Shopify and commerce
Hi,
First of all, I do not have a Shopify store. I've used the platform mainly as a consumer to purchase products. Second, I use a well-known virtual card service for online purchases (Privacy.com), which allows me to maintain separate cards per vendor/merchant.
The situation I find myself is the following. On July of 2023, I made a purchase through a Shopify-integrated store (Vendor A) for which I created a unique Privacy card. After this purchase was completed, I paused the card and did not buy anything else from this Vendor A. Then, yesterday I got a notification from Privacy stating that the card had two transactions declined while paused. Both transactions originated from a vendor which I've never used before (Vendor B) who doesn't seem to use Shopify's platform to sell products.
Why am I reaching out to Shopify? Well, I can rule out Vendor A for two reasons. First, and please correct me if I'm wrong, stores do not have access to the customer's credit card information (number, expiration, CVV). Second, the card in question is tied to Vendor A and CANNOT be used anywhere else. So, the only thing that comes to mind is an internal leak of customer information or at least a bad actor.
I know this is a very sensitive matter, so please feel free to reach out to me directly and I will provide exact transactional and vendor information.
P.S. I am posting this message here because I could not find a suitable communication channel for it (email, support, etc.). But, I would greatly appreciate it if someone could help me route this message or point me to the correct location.
Thank you for your attention to this matter, and I look forward to any help provided.
Hi @rudisimo
Thank you very much for reaching out about this, I definitely appreciate your concern and I want to make sure you are getting the support you need.
It's important to note that Shopify is not able to confirm if a merchant store is hosted using our platform or services, so while we can provide support in a case where you checked out using Shopify Payments or Shop Pay (our first party products), the information we can provide if you checked out via other gateways is limited. Generally speaking, any kind of data breach of this nature would be quite large and would be something we would be legally obligated to communicate with merchants and users of our platform. Without direct evidence that the Shopify checkout flow itself was compromised, it is very hard to say where the card details were gathered from.
I strongly recommend connecting with the store you purchased from for additional assistance with this matter, if they are not using Shopify Payments as their gateway then the merchant would want to contact their gateway provider for further assistance.
Some things to consider, is the checkout on the store secure, or are they using a "hijacked" checkout or compromised checkout. Stores using Shopifys checkout anonymize customer information and the business owner only has access to the last 4 digits of a credit card, the card type and provider, and any customer information you provided at the checkout itself. No one at Shopify, including Shopify employees, would have that information available to them either.
If you do believe that there was a security issue with Shopify's product or services, please feel free to email those details to safety@shopify.com and our team will be happy to have a closer look.
Shay | Social Care @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog
Thanks to everyone who participated in our AMA with 2H Media: Marketing Your Shopify St...
By Jacqui Sep 6, 2024The Hydrogen Visual Editor is now available to merchants in Shopify Editions | Summer '...
By JasonH Sep 2, 2024Note: Customizing your CSS requires some familiarity with CSS and HTML. Before you cust...
By JasonH Aug 12, 2024