I thought that people should be made aware of this, as I was not. LastBottle keeps track of your credit card information after you make a purchase without asking permission to do so. I found this out today as I was able to make an order without entering any credit card info (I have previously purchased once from them).
Now this is not as bad as the Wine Library situation because according to Cory, “All credit card data is tokenized through a third party and we merely verify your info with the third party (authorize.net).” However I never ever allow web sites to store my credit card information on their servers, even Amazon.com. Every other web site I use on a regular basic asks me if I want to store my information for easy purchase. I always decline. LastBottle never gave me that option, instead automatically stores the info. Given the frequent hacks into company sites, I am not comfortable with this and have asked LastBottle to remove my stored information - I haven’t heard back yet.
You may not store it personally on your web site, but it is stored. And it is without permission. How else could I have placed an order today without giving credit card information. And to verify it was without permission, I went and created a second account, went to the order wine page where the credit card information is requested and there was no option to opt out of having the information stored.
Yes, while I’d definitely take issue with the initial post at least in abstract, the response from Cory does seem a bit strange. It would be misleading to say anything else.
Ok. Sorry a bit complicated (i was a little confused myself) and my response was a bit short. We are currently adding an option upon checkout that you can click for authorize.net (our third party) not to store your information.
I apologize for my knee jerk reaction it is just that the Wine-Library situation is completely different and while I don’t know that exact details they definitely made some huge mistakes in how they store and encrypt (if they even did) people’s credit card information.
I will mention that the company that stores the information is Authorize.net and they facilitate 1 and 4 of all online transactions. As you can imagine they are using a very robust encryption system and at no time can I see anyone’s credit card numbers (just the last 4 digits).
If anyone has any questions, please email me wine (at) lastbottlewines (dot) com
I’ve just received a response from Corey that resolves the issue for me:
We are adding an option that upon checkout you can request for your information to not be stored at authorize.net. I would say that the wine-library situation happened because they did not take proper measures to ensure credit card security. I can assure you that we are using state of the art, top of the line encryption.
Sorry for the hassle and thanks for your patience. I was just talking with the programmers to get everything set up. I do apologize for having the information stored. Thanks for the order.
Cheers,
-Cory
My issue was as much to do with the fact that they stored my credit card information without permission. They forthcoming solution is more in line with other top on-line retailers. And I always decline having my information stored; you hear every week about a retailer being hacked, even ones with a much more secure solution than wine-library had.
The reluctance to allow data to be stored online. It’s a vaguely luddite attitude - there is a reason accounts are insured against fraud, and bank fraud prevention departments are VERY good.
Hmm. Since I work in the computer industry and frequently in web security, I find the luddite reference amusing. On the contrary, being on the cutting edge of technology, I am painfully aware how “secure” these web sites actually are. And having had to replace credit cards from time to time, know what a time sink that can be. However, feel free to
Sorry for any offence - while I do still disagree, I did not think about the connotations of my post. It was definitely not intended as a slight. That said, security being what it is (lower than ideal, you are certainly right there), the convenience of being able to order something on Amazon with a click, for example, far outweighs the very short time it takes me to replace a credit card if necessary. I was defrauded through my credit card data being pulled from an online source last year, and had the new card in my hand within 2 days. I spent less than 10 minutes on the phone. While this may have been more of an issue in the past, as long as you are in good standing at your bank it should be an extremely painless process to get a new card - if it is not, research switching banks!