Andrew blogs about how he ordered pizza online and it came with an unwanted topping — fraud risk.
He accidentally discover over the phone that the place had discovered his credit card info on the company’s email — a violation of Payment Card Industry (PCI) standards.
Here’s how he found out:
Caller: “This is Joe from the local pizza place, calling to confirm your order”.
The order and delivery location was confirmed.
Caller: “And how do want to pay for this?”
Me: “Um, well I just entered all my credit card info into your website like I usually
Caller: “oh”. A moment of pause. “Oh I see your credit card info now in the email.”
Me, with a definite tone of anger: “My credit card was sent to you in email?!”
Caller: “um, I’ll get that pizza delivered ASAP.”
Andrew is distressed that he knows of no way to report the company or alert others to the security risk. Any suggestions?
How does a consumer report PCI non-compliance? [360 Security]