1. Credit Card Security At Lovehoney

    The BBC claims today that the extent of Internet fraud has been understimated.

    "An undercover investigation by BBC News revealed how easy it was to obtain stolen credit and debit card details on the internet," says the article. "Posing as computer hackers, two journalists infiltrated a website selling thousands of stolen card details which had been stolen online from small internet retailers. "

    We take security very seriously at Lovehoney. The Lovehoney Web site is tested every day by ScanAlert - the HackerSafe logo on the right of the page shows you that we meet the credit card payment industry guidelines for security and to protect your personal information.

    When you click the HackerSafe logo, a window will open which explains:

    "This site is tested and certified daily to pass the HACKER SAFE Security Scan. To help address concerns about hacker access to confidential data, the "live" HACKER SAFE mark appears only when a web site meets the HACKER SAFE standard.

    Research indicates sites remotely scanned for known vulnerabilities on a daily basis, such as those earning HACKER SAFE certification, can prevent over 99% of hacker crime."

    Our Help section explains more about the other steps we take to keep your personal details secure.

    Comments (2)

    • Gary: April 23, 2008 14:06
      It's actually a well known fact amongst the hacking community to target sites who display the hacker safe logo.
      Hacker safe is purely a monitoring service that advices issues with code and your server. Unless they spot a critical issue the logo is still displayed with the security issues still present.
      Your actually putting yourself at more risk in displaying the logo.
    • Richard: April 24, 2008 09:17
      Hi Gary,
      Many thanks for your message. It's an interesting argument - it's better for us to persuade customers that we take security seriously by not having any visible signs on the Web site that we're taking security seriously - but I don't think it holds water.

      I don't doubt that there is pride in the hacking community in having a go at sites that use HackerSafe - HackerSafe claims to have 80,000 sites signed up so they're spoilt for choice.

      Yes, HackerSafe is "purely a monitoring service" in the same way that Manchester United is purely a football team. I don't think it pretends to be otherwise, does it?

      On balance, better to have it that not, if only for the behind-the-scenes rigour it imposes on development and server maintenance.