A team at Oakland-based Sweet Maria’s, one of the nation’s largest online green coffee and supplies sellers, is working diligently to resolve any outstanding issues that may have led to some customers’ credit card information being compromised.
According to Sweet Maria’s Director of Operations Erica Lee, approximately one dozen customers have reported fraudulent or attempted fraudulent charges on their cards since a reddit user posted the following (excerpt) yesterday:
Both myself and my brother had our information stolen and the only place in the last year that we both have used our cards was on sweetmarias. I’m wondering if this has happened to anyone else or if we both just got unlucky at the same time.
Numerous other redditors then replied, some saying hundreds of dollars in fraudulent charges were made using their cards following a Sweet Maria’s online order. It remains unclear whether the charges are actually tied to Sweet Maria’s website or payment system, or if they are coincidental. The company processes thousands of orders per week, and the alleged frauds posted by redditors cover a time frame of at least six months.
“It appears to be a few random cases,” Lee told Daily Coffee News this morning. “It’s not like this is a Home Depot situation.”
Lee says the company is addressing the issue today as if the site has been hacked, although checks thus far suggest that it is secure and free of malware.
“Our server scans are coming back clean, and the Paypal fraud department came back with a clean report,” says Lee, adding that the company is investigating each individual claim. “We have a few thousand orders that go every week and it’s only been a few customers that have had this problem. But we’re going through to make sure everything is covered.”
Lee says credit card information is transferred and encrypted through Sweet Maria’s merchant processor, PayPal, and the company plans to unveil a direct PayPal payment option by the end of this week, since many customers perceive that as the most secure option.
Lee, who replied to the initial reddit post and encouraged customers worried about their card security to contact Sweet Maria’s directly, said the company plans to provide updates on that thread.
(Update: Feb 12, 2015. Sweet Maria’s has provided the latest word on security measures.)
We are very sorry to hear you’ve experienced fraudulent activity on your card. We understand how distressing and inconvenient it is to have your information compromised. We take our customers’ security seriously and have done every security scan available. We are happy to say that all of our scans on our site, payment processing system, and server have come up clean. We have detected no malicious activity on any of these systems.We have added a page to our website, accessible from any Sweet Maria’s store page, that details steps we have taken to ensure that our site is as secure as possible.
We have never stored customer credit card numbers but as an added layer of security we now have PayPal available as a payment option. You can use your credit card or your PayPal account through their secure payment system.
Unfortunately we can’t control every level of online security, so we encourage you to regularly scan for viruses and malware. There are malicious software programs that can record keystrokes as you enter information into your internet browser and scanning for these is an extra step you can take to protect yourself.
Please do give us any additional information about fraudulent charges and let us know if you have further questions or concerns. We appreciate your business and your patience. Thank you.
Sweet Maria’s Coffee