Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Site shuts down credit transactions after security complaint

Site shuts down credit transactions after security complaint

by Nikola Strahija on November 1st, 2002 E-commerce site cybergames.co.za was this week forced to stop accepting credit card payments after an anonymous complaint that the site was not secure.Credit card gateway company SETcom on Monday suspended the site's account and refused to process further credit card transactions after being informed that no encryption was being used to protect client details on the site.



“It is down and it will stay down until the issue is addressed,” says SETcom MD David Liu.

A concerned citizen going by the pseudonym “Tyrebender” late last week informed the company that Cybergames was using no encryption when accepting credit card details. Such details sent via an unencrypted connection can be readily intercepted and misused.

“There are two legs to transactions, one from the browser to [Cybergames'] server and one from its server to our server,” says Liu. That first leg was not using a secure socket layer certificate but the second part, from them to us, was secure.”

Tyrebender said he had informed Cybergames of the vulnerability, and had given it a week to respond, before complaining to SETcom and the bank where the site holds a merchant account. He received no response from the site or bank.

“No ways will we carry an insecure transaction,” says Liu. “In a case like this, if we are informed of a problem, we shut it down right away.”

However, he says this is the first incident the company has seen where a merchant was found not to have a valid certificate.

The site is currently only accepting payment via direct bank deposits, as is related site planetdvd.co.za.

“Our server is not secure and we have disabled [credit card transactions] until it is secure,” says Zaere Saley, the former owner of the site who now identifies himself as its technical manager.

The South African Federation Against Copyright Theft (SAFACT) said in August that Saley had applied for voluntary sequestration during a court hearing in which Cybergames was accused of trading in illicit software and DVDs. SAFACT and other parties at the time said they were granted a court order restraining Saley from dealing in counterfeit goods.

Saley says the credit card problem originated with Webserv, the company that designed the Web site, and it would be enabled once the necessary encryption had been put in place. Repeated attempts to contact Webserv for comment were unsuccessful.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »