Argos exposes customers’ credit-card numbers in emails

Barry Collins reports:

High street retailer Argos has compromised its customers’ security by sending their credit-card details – including the vital security code – in unencrypted emails.

The company has been including the customer’s full name, address, credit-card number and three-digit CCV security code in order confirmation emails, which are sent once a customer has placed an order on the Argos website. Although the credit-card details don’t appear in the text of the email itself, they are contained – in plain text – in the HTML code of the order confirmation.

[…]

The flaw was spotted by PC Pro reader Tony Graham from Wiltshire. He was trying to hunt down another order confirmation in his inbox by searching for the last four digits of his credit-card number. He was surprised to find the Argos order confirmation in the search results. When he couldn’t find his credit-card number in the email message itself, he clicked the View Source option and was astonished to discover his card number and security code were embedded in the HTML.

Read more in PC Pro.

About the author: Dissent