Ecommerce Company Stands Up to Hacker

For Immediate Release

Contact: Matt Gillin
mgillin@ecount.com
704-365-5027
704-906-3600 (after 6 p.m.)
704-366-9556 (fax)
www.corp.ecount.com

PHILADELPHIA, Penna., October 11, 2001 – Much like America in general these days, Philadelphia-based e-commerce company Ecount stood up to its attackers this week. Ecount refused to be bullied by a cyber criminal who inappropriately accessed its database and continues to try to extort the company.

After an isolated hacking in late August, the criminal has since been frozen out of the company’s systems by beefed up security measures. The criminal then inaccurately notified Ecount’s customers, via email, that he had their credit card numbers. Under no circumstances could the hacker have credit card numbers, because it is Ecount’s company policy not to store clients’ credit card information. The information that the cyber criminal believes he has is actually Ecount account numbers that look like credit card numbers. The main goal of the cyber criminal was to extort money from Ecount, with the threat of publicly exposing the attack. However, Ecount has directly and repeatedly updated its customers about the hacker’s threat and how the company was safeguarding them against any financial harm.

Within 24 hours of detection, company officials retained a team of experts from Ernst & Young’s Fraud & Security Unit to help assess the situation, determine the facts, and institute both immediate and long-term safeguards. The hacker`s first threat to go public failed, when the company deliberately alerted customers and the media of the botched attempt, and of the precautionary moves taken, which included the blocking and re-issuance of accounts and passwords. Ecount also contacted the appropriate authorities, and notified the hacker that the company would not, under any circumstances, negotiate with criminals or do anything that would violate the trust of its customers.

While Ecount’s swift response plan won high praise from its customers, it further irritated the hacker. Upon learning that his extortion attempt was rebuffed, he made a last ditch effort to undermine the company, by directly contacting Ecount’s customers via email. Again, Ecount preempted his move by directly warning customers of his malicious plan.

The response to Ecount’s customer communication strategy has been overwhelmingly positive. “Thank you so much for the wonderful memo regarding the hacker,” stated one customer. “I am proud to use your services and like that you have kept us informed. It seems you have out best interests at heart.” Another customer stated: “I appreciate your keeping us informed. I feel comfortable knowing that you have the matter in hand and are letting users know what steps have been taken. Your openness and honesty is refreshing.”

IRCE 2008 Conference Multi-Media CD-ROM

Ecount’s fundamental business model also gave the company an advantage in dealing with the criminal, in that their products enable consumers to make online purchases, without exposing their credit cards or other personal financial information. “Unlike the recent rash of Internet credit card thefts, there is literally zero financial liability or risk to Ecount customers,” said Gillin. Additionally, through its aggressive security enhancements and customer notification efforts, the company successfully rendered the criminal’s threats meaningless.

“We hope that Ecount’s success in working with our customers to thwart this attack can serve as a model for dealing with these unscrupulous cyber criminals, and provide a deterrent to future attacks on innocent companies such as ours,” said Gillin. He further emphasized, "I understand and am sorry that our customers may have been inconvenienced by our added security measures; however, we know they agree that security and trust must be our top priority. And we thank our customers for their continued confidence and support.”

#