Kudos to Monoprice

Mar 31 2010

I've been a huge fan of Monoprice.com as a company, due to their fantastic products and prices, for a long time now.  I now have another reason to love this company.  Recently, Monoprice was notified of a potential security breach when a few of their customers notified them "that information from credit cards they used on the Monoprice website had been misused".  While they had no indication that a breach had happened, nor any proof from customers that something was awry, they chose to stop taking orders entirely, notify all their customers of the situation via their website, and contacted numerous 3rd parties to conduct an investigation on their system.

According to Monoprice, as of 3/25, no security breach has yet been found, however, they have made numerous changes to their systems:

We rebuilt our network using new hardware and software. We reviewed all web application source code and all databases to ensure there are no security holes. Our network security is professionally managed. We have deployed an improved firewall. We're performing vulnerability scans using service provided by two vendors, Trustwave and McAfee Secure.


Additionally, we've contracted with a Qualified Security Assessor, Accudata, which is assisting us complete the formal steps to become a certified Level 1 PCI DSS merchant. Accudata staff told us the certification process may take several weeks.

Click through to read the rest of my blog entry.

This is great to hear and I applaud their proactive efforts, including the additional certifications they are aiming for.  However, I skipped over one part in the middle there, which I found extremely satisfying to read:

We process credit card payments in real-time without storing any card data on our servers. We began accepting credit card payments on our website only after completing these steps.

I can't say enough about this particular step.  In my mind, every single company on the internet should be doing this.  With the significant rise in identity theft and data breaches, there is no reason that people should have to risk their information being stored on some other company's computer system.  I realize that we lazy Americans may not like having to pull out our credit card every time we want to make a purchase, but isn't peace of mind worth this little inconvenience?  As an Amazon Prime member, I have contacted Amazon.com about the fact that you are forced to store your credit card information in your account during every purchase.  If you wish to remove your information, you must go back into your account and manually delete the credit card every time, which I have done more times than I care to count.  Personally, I do not store any of my credit card information with any company I do business with.

Again, as much as I have loved Monoprice for their quality products at affordable prices, their handling of this situation has earned them even more trust and praise in my book.  If you have never heard of Monoprice, go check out their vast assortment of A/V, network, and computer cables, as well as the wide array of adapters, switches, and mounts.  At the risk of finding myself at the end of a fruit-flavored lawsuit, I'm going to paraphrase a tagline:  There's a cable for that [at Monoprice]!

Monoprice had their entire store closed down from 3/5 through 3/22.  Personally, I just placed my first order with them about an hour ago.The entire scenario is documented on Monoprice's website.

* Disclaimer: I do not work for Monoprice, nor was I paid for this completely unsolicited commentary, and this post does not necessarily represent the views of MissingRemote.com.

Website design by Yammm Software
Powered by Drupal