The home improvement chain also said the malware responsible for the breach has been removed from all stores.
To prevent fraud, e-retailers should not give customers shipping company tracking numbers for their orders, Julie Fergerson, head of security for ClearCommerce, says.
To prevent fraud, e-retailers should not give customers shipping company tracking numbers for their orders, Julie Fergerson, head of security for ClearCommerce says. Having that number makes possible a popular scam that developed last holiday shopping season, she says. In that scam, a criminal acquires legitimate information about a consumer, such as credit card number and address, then uses that information to place an order and have it shipped to the customer’s real address. Because the information is genuine, the retailer believes it to be a legitimate order. But once the order is on its way, and the criminal has the tracking number, the criminal calls UPS, FedEx or Airborne, gives them the tracking number and tells them he is on vacation and asks them to re-direct the package to a hotel or other address. “The best way to avoid that kind of fraud is to not give the customer the tracking number,” Fergerson says.
Rather, sites can allow customers to track the progress of the package by posting updated information on the order on its web site, allowing the customer to know where the package is, yet not providing the valuables means of committing fraud to criminals, she says.