Kudos to Monoprice
I’ve been a huge fan of Monoprice.com as a company, due to their fantastic products and prices, for a long time now. I now have another reason to love this company. Recently, Monoprice was notified of a potential security breach when a few of their customers notified them "that information from credit cards they used on the Monoprice website had been misused". While they had no indication that a breach had happened, nor any proof from customers that something was awry, they chose to stop taking orders entirely, notify all their customers of the situation via their website, and contacted numerous 3rd parties to conduct an investigation on their system.
According to Monoprice, as of 3/25, no security breach has yet been
found, however, they have made numerous changes to their systems:
We rebuilt our
network using new hardware and software. We reviewed all web
application source code and all databases to ensure there are no
security holes. Our network security is professionally managed. We have
deployed an improved firewall. We’re performing vulnerability scans
using service provided by two vendors, Trustwave and McAfee Secure.…
Additionally, we’ve contracted with a Qualified Security Assessor,
Accudata, which is assisting us complete the formal steps to become a
certified Level 1 PCI DSS merchant. Accudata staff told us the
certification process may take several weeks.
Click through to read the rest of my blog entry.
This is great to hear and I applaud their proactive efforts, including
the additional certifications they are aiming for. However, I skipped
over one part in the middle there, which I found extremely satisfying to
read:
We process
credit card payments in real-time without storing any card data on our
servers. We began accepting credit card payments on our website only
after completing these steps.
I can’t say enough about this particular step. In my mind, every single
company on the internet should be doing this. With the significant
rise in identity theft and data breaches, there is no reason that people
should have to risk their information being stored on some other
company’s computer system. I realize that we lazy Americans may not like having to pull out our credit card every time we want to make a purchase, but isn’t peace of mind worth this little inconvenience? As an Amazon Prime member, I have contacted Amazon.com about the fact that you are forced to store your credit card
information in your account during every purchase. If you wish to
remove your information, you must go back into your account and manually
delete the credit card every time, which I have done more times than I care to
count. Personally, I do not store any of my credit card information
with any company I do business with.
Again, as much as I have loved Monoprice for their quality products at
affordable prices, their handling of this situation has earned them even
more trust and praise in my book. If you have never heard of Monoprice, go check out their vast assortment of A/V, network, and computer cables, as well as the wide array of adapters, switches, and mounts. At the risk of finding myself at the end of a fruit-flavored lawsuit, I’m going to paraphrase a tagline: There’s a cable for that [at Monoprice]!
Monoprice had their entire store closed down from 3/5 through 3/22. Personally, I just placed my first order with them about an hour ago.The entire scenario is documented on Monoprice’s website.
* Disclaimer: I do not work for Monoprice, nor was I paid for this completely unsolicited commentary, and this post does not necessarily represent the views of MissingRemote.com.