# Betterbee Data Breach



## johnwratcliff (Feb 24, 2015)

Unfortunately this is a fact of life. I wouldn't blame them. Every major retailer has been breached and half of our hospitals have been as well. A lot of times the things happen for no reason. This is what I do for a living. I understand what you are going though. It's happened to me. But I wouldn't blame them.


----------



## beeware10 (Jul 25, 2010)

how about sending them a written order and check. It will only add a couple of days to your order.


----------



## Michael B (Feb 6, 2010)

I live close enough that in person ordering will be the process. I will call and order to have my order held for pick up. Drive there and pay in cash. You know....the old fashioned way.

I don't blame betterbee. Until they have presented a mitigation process to ensure that every step has been taken to minimize the risk.....


----------



## drlonzo (Apr 15, 2014)

Michael B said:


> Until they have presented a mitigation process to ensure that every step has been taken to minimize the risk.....


This is called being PCI Compliant. EVERY business that accepts credit cards and debit cards is supposed to be PCI Compliant. It's what I did for a living for quite a while. It's also what most companies don't bother to do till it's too late. What should be done is that Betterbee's CC Processor be notified of the breach. They in turn put the hammer down on betterbee till they fix their mess. Being PCI compliant doesn't fix all the problems, but it also doesn't make it easy for the criminals either.


----------



## FLBEEK (Jul 15, 2014)

I mitigate my risk by using one time use credit card numbers, with a limit maybe $5-$10 above my order total, and an expiration date of a month later.


----------



## tarheit (Mar 26, 2003)

Even huge companies with dedicated security personel are getting hacked. Working for a company and being involved with PCI compliance on a daily basis, I can tell you it isn't easy and takes real effort to do right, particularly at the highest level of PCI compliance. Even with that effort, PCI compliance isn't enough to be completely secure. While you should generally not store credit card numbers, some businesses must, particularly with scheduled payments, or when total amounts are calculated and charged at some time later than when the order was made. There are some services that allow credit card processing in these senarios where the seller never sees or stores your credit card data, (I'm working for a company that is doing this), but it's not typical. And of course when you get hacked, it is an expensive thing to deal with and you can be fined. Sellers typically get the short end of the stick as the credit card companies hold them responsible for fraudulent purchases.

So on face value I wouldn't fault betterbee. They've done better than many companies who didn't notifiy customers or in some cases even identify the breach for a very long time.


----------

