[LINK] Credit Card purchasing

Tue Jun 26 13:47:44 AEST 2007

Greeting Linkers,

I recently had occasion to purchase, over the internet, a "beauty"
service from Pure Indulgence as a gift for my partner.

This Australian company has a simple website and provides husbands or
partners an easy method of acquiring beauty gifts (like facials and body
wraps).

After making my choice, I purchased this via what appears to be a
secured Credit Card facility.

I was soon surprised to receive the following email as a response to my
purchase.

**-----------------------------------------------------------------**

From: Pure Indulgence [mailto:info at pureindulgence.com.au] 
Sent: Tuesday, 15 May 2007 3:22 PM
To: martin at nb.com.au
Subject: Gift Voucher Purchase Confirmation

Thank you for purchasing a Pure Indulgence Skin & Beauty Gift Voucher.

The person you have chosen to receive this Pure Indulgence Experience
will receive the Gift Voucher after it has been processed. 

Pure Indulgence Skin and Beauty. 
The Ultimate in Health & Beauty for Women & Men. 
Visit us at www.pureindulgence.com.au/

**-----------------------------------------------------------------**

Being a cautious citizen, I was concerned that I had not received a bank
or clearing house receipt number against my CC, so I contacted the
company to enquire.

Without elaborating a boorish discussion; I discovered from one of their
staff that the company does not utilise a payment gateway and that all
details from the website are emailed to a group account, printed off and
then manually processed.  The paperwork (all details and CC info) are
then filed in a Sales Folder and placed on the overhead shelf for access
as required.

Believing this contravenes certain privacy, banking and internet
regulations (can someone please advise) I asked to speak to a manager.

The sales clerk soon returned and apologised for not being able to put
me through, explaining that if I had a concern I could email their info
address and someone would respond promptly.

**-----------------------------------------------------------------**

From: Martin Collett [mailto:martin at nb.com.au] 
Sent: Wednesday, 23 May 2007 12:27 AM
To: 'Pure Indulgence'
Subject: RE: Gift Voucher Purchase Confirmation
Importance: High

To whom it may concern,

I recently purchased an on-line Gift Voucher from the Pure Indulgence
website and, in doing so, selected the 'build my own' option. 

The below email is the response that I received and the only indication
that I had actually purchased something. 

I would have felt more comfortable with this acquisition if your
response email had indicated the services purchased, the fee collected
and a reference number for the Voucher purchased. 

Perhaps this is an oversight with the "build your own" section of your
website; so I sent an email to enquire!

The next business day, I received a phone call from one of your staff
who indicated that the Gift Voucher was being processed.

I asked how the credit card payment was being processed and was
surprised to learn that my CC details had been just emailed from your
website to an unsecured email address.

Further discovery seemed to indicate that anyone could get access to
this information and that, once processed; the details are placed into
folders and kept on shelving in high-traffic areas.

Naturally, this raised concerns around privacy and security of my
personal information. So I write to seek some clarity on this issue.

As such, I look forward to your earliest response.

Warm Regards,
Dr John-Martin Collett | Partner | GDI Consulting 

**-----------------------------------------------------------------**

Well, I received no response; so sent a reminder on the 5th of June,
2007.  Still yet, no-one has considered the consequences of what I
believe to be improper practices over the internet.

So I ask if I am being too sensitive, or is this organisation conducting
improper internet sales?

Is there a governing body that I can contact to pursue this further
(providing, I have merited concerns)?

I look forward to the group's advice.

Warm Regards,

John-Martin Collett | Strategic Technology Architect | Dept of Public
Works 
Phone:   (07) 3405 4253
Mobile:   (0419) 554 558
Email:    Martin.Collett at publicworks.qld.gov.au
<mailto:Martin.Collett at publicworks.qld.gov.au>  
Govnet: Martin.Collett at qld.gov.au <mailto:Martin.Collett at qld.gov.au>  

***************************** Disclaimer *****************************

The contents of this electronic message and any attachments are intended only for the addressee and may contain privileged or confidential information. They may only be used for the purposes for which they were supplied. If you are not the addressee, you are notified that any transmission, distribution, downloading, printing or photocopying of the contents of this message or attachments is strictly prohibited. The privilege of confidentiality attached to this message and attachments is not waived, lost or destroyed by reason of mistaken delivery to you. If you receive this message in error please notify the sender by return e-mail or telephone.

Please note: the Department of Public Works carries out automatic
software scanning, filtering and blocking of E-mails and attachments (including emails of a
personal nature) for detection of viruses, malicious code, SPAM, executable programs or content it deems
unacceptable. All reasonable precautions will be taken to respect the privacy of
individuals as outlined in the DPW Privacy Plan. Personal information will only be used for official
purposes, e.g. monitoring Departmental Personnel's compliance with Departmental Policies.
Personal information will not be divulged or disclosed to others, unless as required by Departmental
Policy and/or State or Commonwealth Law.

Thank you.