How One Penny Excited Customers

When we set out to make a more secure and robust payment system we embarked on what is known as Reference Transactions (see prior blog for full details).  This system is the most secure and safest data storing system you can have for Credit Card data.  In order to get the full advantage we needed to make sure that all the current Credit Card numbers we had matched to the correct accounts and to have the most recent transaction saved.

Along with our processor we came up with a great migration method, we decided that we would run a $0.01 authorization (not a charge) and immediate void against all Credit Cards stored in customer’s accounts.  If the card is valid we will get back a confirmation, if it is invalid, well, we can just delete it from their account.

Unfortunately this ‘brilliant’  idea created quite a bit of excitement.  Now, this isn’t the excited state we wanted our customer’s in.  Early in the morning on Tuesday our phones lit up, emails started to flood us.  It seems that way more people than we ever thought check their accounts daily or have alerts set up.  Really it was an issue with Debit card holders who’s checking accounts were immediately impacted by the authorization.  While it is not a charge it does show up as “pending” until the void is processed by the bank.  Ironically, authorizations occur immediately, voids, not so much.

Realizing we made a giant mistake in not sending out notification prior and alerting customers we crafted an email explaining the situation.  As if first angering customer’s that we validated their accounts, accounts they specifically saved on our site, we then got a flood of emails in regards to our explanation email.

It seems that 80% of the customers were appreciative of our system enhancement and let us know in kind gentle manner that they were thrilled.  Then there is the 20%, these customers through out words like “phishing”, “scam”, “fraud”.  They called for my job, wanted accountability to the person that devised the “marketing scam”, the guy that “tapped their accounts”.  Personally it was a tough pill to swallow, after all, I made the ‘brilliant‘ decision in the first place and now they hated me.

I will admit now, the whole “penny for your thought” is alive and well, I am sorry we had to find out this way and we definitely will approach a conversion of this nature much differently in the future.  Interestingly this issue has caused our processor to take a step back and evaluate how they handle the situation we encountered.


Online Security

One of the biggest fears of customers when ordering online is the protection of their information.  This protection is something we take very serious.

The first portion is simple, our privacy policy is very strong, we do not share your information with any third party in any way, especially email addresses, these are guarded like Fort Knox.   The only exception to the sharing of information is with respect to drop ships from manufacturers where we provide them your shipping information ONLY.  This information is not to be used in any way beyond the shipping of the product.

Now for the more complex piece,  Credit Card information.  I am happy to say that at ACK we take your Credit Card information very serious.  We use the toughest encryption when transmitting the credit card information to our processor and as of today we no longer store any of the data on our servers.  That’s right, we can have an all out assault and hack into our system and your information is still secure.  How is this?  Well, without going into too much detail we have moved to a system that allows us to reference your card information in our Processors system, thus they store the information and we merely reference it, this means that if you save your card to your account on our site you are not storing your card number with us, you are merely telling us to reference it in the future.  I know, that isn’t necessary easy to understand, what is easy to understand is that we do not store your credit card information.  What we do store is the last four digits of the card number so we can tell you which card you put it on, but past that we have no knowledge of the card itself.

Hopefully this helps to make everyone feel that much safer and I sure hope that other sites rely on similar technologies to protect user data, there is no need to keep the data local and with “cloud” systems on their way this will become just that much more important.

–Peter @ ACK