Roses Only disputes MasterCard on fraud

Roses Only says no data was ever stolen from its servers and no card fraud has been committed using its customers' card numbers sourced from Roses Only.

MasterCard's Albert Naffah was been quoted in The Sheet and elsewhere before Christmas saying that the big increase in online card fraud in the financial year to June 2008 was attributable to a security breach at big online retailer Roses Only.

Cross border card-not-present fraud against Australian-issued credit and charge cards (including scheme debit cards) was up 60 per cent in the 12 months to June 30 to almost 150,000 cases. There were also more than 60,000 Australian based card-not-present frauds.

Albert Naffah, business development manager in Australia for MasterCard Worldwide told The Sheet: "This set of data captures the remnants of the Roses Only breach; there has been significantly less fraud in the last two quarters of the year compared with the first two quarters."

Roses Only founder and CEO James Stevens has contacted The Sheet to dispute this explanation, writing in an email yesterday that "There is no evidence that a fraudster of any sort can be linked to our site as the source of credit card data. We had a forensic investigation that makes this quite clear.

"There was never any evidence of data being taken from our servers. We pride ourselves on our quality, service and customer integrity. We have always had to be secure even before online."

A merchant, even a large one like Roses Only, would have difficulty knowing whether their customers' card numbers had been subsequently used in fraud, said Ian Povey from CardsConsult.

"Only the issuer would know if the cards had subsequently been skimmed and copied around the world, and the scheme which gets all these things reported back to them."