BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Friday, 22 June, 2001, 12:03 GMT 13:03 UK
Which? under fire over security scare
Which? Online warning
The Which? Online warning about its security blunder
By BBC News Online technology correspondent Mark Ward

The Consumers' Association (CA) has been sharply criticised by security experts for its blunder that exposed credit card details on the internet.

Although the CA acted quickly once it knew about the breach, experts said it simply should not have made the mistake in the first place.

Experts said that the web is now too mature for people to blame "teething troubles" for such errors.

The insecure site has been shut down and the Association is now conducting an independent audit to work out what went wrong.

Consumer caution

On Friday the Consumers' Association revealed that it had fallen short of its own standards by exposing consumers' credit card details on its TaxCalc website.

There's a danger that we are willing to accept that blunders are going to be made

Aled Miles, Symantec

Up to 2,700 people are thought to have been affected by the blunder and the CA is urging them all to cancel their cards to thwart anyone who has stolen the details.

The Association said it had commissioned an independent assessment of the TaxCalc website to find out what went wrong. The website will be shut down until the breach is fixed.

But experts said that the CA can offer no excuses for making such a public mistake.

"There's a danger that we are willing to accept that blunders are going to be made," said Aled Miles, UK managing director of security company Symantec. "This should not happen."

Mr Miles said people now knew enough about the best way to run websites to ensure confidential information is protected and get it right every day.

He said: "There are hundreds of websites that hold sensitive information and do so in a very secure way."

His comments were echoed by David Sear, chief executive of online cash company WorldPay.

He said: "It is not difficult and the technology is available, so we really should not see this happen in today's online trading community."

Mr Sear said he saw no reason why credit card details had to be stored by companies once a payment has been processed.

Stake your reputation

Now there are many schemes and certification bodies that oversee the security industry and try to ensure that best practice is employed and companies and consultants are doing a good job.

In recognition of the fact that web security can be easy to get wrong and hard to master, many companies are handing over the responsibility for it to external firms who do nothing but monitor networks for hack attempts, screen out computer viruses, and look for loopholes to close.

Nokia phone
Nokia too has suffered a security lapse
Symantec's Aled Miles said that many companies are doing this because they have realised that trust in their good name takes a long time to build up, but can be destroyed or damaged with a single blunder.

Ironically the Consumers' Association is one of the organisations behind the Trust UK scheme which tries to encourage high standards among web firms.

It is only the latest in a long list of organisations that have put customers at risk through lax security.

Earlier this week Nokia admitted that a bug in the sign-up system for its Club Nokia website had allowed some members to see the details of other people.

At the same time US company ZixIt reported that a database holding details of customers' credit cards had been hacked. The company said it was still investigating and as yet did not know how many people were effected.

In one of the worst security breaches, online music maker CD Universe was hacked, exposing the credit card numbers of up to 350,000 customers.

Search BBC News Online

Advanced search options
Launch console
See also:

20 Jun 01 | Business
Online banks warned on security
20 Jun 01 | Business
Net police fail online shoppers
31 Jan 01 | Sci/Tech
Major net security holes identified
01 Aug 00 | Business
Safety fears for web banking
18 Jul 00 | Sci/Tech
Scheme to tempt online shoppers
08 Mar 01 | Americas
Hackers steal 1m credit card numbers
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories