Punter bitten by fraudsters after using R-Comp sitePublished: 17th Jun 2006, 23:26:21 | Permalink | Printable
Holy insecure HTTP, Batman!Fears have been raised over R-Comp's apparent lack of a secure online ordering web page. The RISC OS dealer has a number of order forms on its website, all of which appear to send sensitive details in a plain text email to R-Comp. Anyone nefarious enough to intercept an unencrypted email could maliciously use the information inside to commit fraud.
The web pages that have left users concerned are here, here and here. The Office of Fair Trading recommends buyers check a company's privacy statement and the security of the payment before approaching a virtual checkout.
One RISC OS user used R-Comp's seemingly insecure order form to buy some products, and days later had two mystery payments on his account.
Richard Porter said: "I had two fraudulent transactions on my card on March 20 and had to have the card stopped and replaced. I only had to sign a declaration that I wasn't responsible for the payments. I was asked if I'd given my PIN to anyone, which I hadn't.
"Looking back through my statement, I find that a payment to R-Comp was made on March 15 via their web site. A coincidence?"
Richard added that he has no proof that his details were leaked through the rcomp.co.uk, but he was forced to get a new card and get the fraudulent charges reversed.
He added: "I didn't take this up with R-Comp as it was only some time later, after someone else had mentioned the security issue on the Messenger mailing list, that I checked the dates on my statement."
A spokesman for R-Comp said: "I think the situation, whilst distressing, is coincidence. We don't, in fact, ask for several of the items a fraudster would need for many fraudulent transactions.
"In all the years, the only fraud we've seen was one stolen card."
Previous: Select subs asked to renew despite no Select 4
Next: Twenty things to get instead of Qercus sub
DiscussionViewing threaded comments | View comments unthreaded, listed by date | Skip to the end
Please login before posting a comment. Use the form on the right to do so or create a free account.
Search the archives
Today's featured article
An introduction to IP networks
Part one of masking the 'net
10 comments, latest by Umair on 9/9/04 10:11PM. Published: 4 Sep 2004
South East show news
Volunteers wanted, charity hardware not wanted
7 comments, latest by Sawadee on 9/10/04 9:45AM. Published: 8 Oct 2004
News and media:
RISCOS Ltd •
RISC OS Open •
MW Software •
Advantage Six •
CJE Micros •
Liquid Silicon •
Chris Why's Acorn/RISC OS collection •
The Register •
The Inquirer •
Apple Insider •
BBC News •
Sky News •
Google News •