Retail Technology
| Log in | Subscribe
Subscribe | Log in
Retail Technology
Subscribe

Questions remain unanswered as cosmetic retailer promises to set up temporary replacement site

Questions remain unanswered as cosmetic retailer promises to set up temporary replacement site

 

Handmade cosmetics retailer, Lush took the decision late last week to shut down it UK transactional website.

 

It had discovered that the site had been hacked and customers’ credit card details compromised.

 

While the company did not reveal any details on the source or extent of the breach, its US counterpart confirmed in a statement that only the UK site had been affected.

 

Shoring up defences

 

It also said it would have a new temporary website up and running to accept orders soon. But the need for it to set up a completely new operation has raised more questions over how far the breach has affected its operations.

 

A statement on the Lush.co.uk site says: “We refuse to put our customers at risk of another entry – so have decided to completely retire this version of our website.”

 

And, at the time of writing, it has yet to answer a request from the Guardian newspaper as to whether its online payment systems were Payment Card Industry Data Security Standard (PCI DSS) compliant.

 

But on the same holding homepage of the hacked site, Lush directly addressed the hacker or hackers involved with a tongue-in-cheek message that hasn't gone down so well with some its customers.

 

"Our web team would like to say that your talents are formidable," said the website statement. "We would like to offer you a job - were it not for the fact that your morals are clearly not compatible with ours or our customers."

 

PCI penalties include fines and the possibble removal of the ability to accept credit card payments altogether.

 

On 7 January 2011, earlier this month, Lush announced it had enjoyed a successful Christmas trading period using the web-based Retail Suite from specialist provider, Itim in its 702 retail stores.

 

Itim also integrated a point-to-point encrypted payment solution for Lush in its stores that encrypts card details at the card reader for it to be decrypted at a secure data centre.