Advice: Competitors' EXTREMELY insecure cc processing setup

Hi there,

We recently acquired a client who had been using a competitor’s web development service for many years.

During the process of updating our client’s online order form to a complete eCommerce store, we discovered that our competitor is selling their clients a VERY insecure order-form setup where credit card numbers are sent via e-mail in plain text.

Our client no longer uses this system, but our competitor’s website indicates that they still have at least one client who is still using this dangerous setup.

In our dealings with this competitor (prying domain names etc. loose from their clutches) they have been rude and unhelpful, sometimes even verbally combative. All the same, I can understand that it stinks to lose a client and one doesn’t want to make it TOO easy. But they were pretty unprofessional, IMO.

Anyway, please respond to the poll or leave feedback here if you have any thoughts to share. Thanks!

I personally like the idea of both b and c. I’d gauge how to handle your email to the client AFTER you receive a response from your competitor. Document everything well though, be very polite and professional, as I feel any action that is not anonymous, could be kicking the hornets nest, so to speak, though it must be done. Think of what a good story this is for talking to future prospective clients, while leaving your competitors name out.

So the question here really is what is the right thing to do… I think doing C & D both would really be the morally appropriate options. You have no obligation to deal with your competitor if they are verbally abusive. Also, they probably know that what they are doing is insecure.

I only see it morally incorrect to not notify the client, but not in a format that would imply that you are looking for their business.

See, that’s the thing - I’d LOVE their business, so it feels a bit icky to tell the client about this huge risk they’re taking, while knowing that it looks like I’m trolling for business. Maybe we should intentionally decide not to work with this particular client even if they ask?

Thank you for the responses.

I’m disappointed that no one else is giving their input here, unless of course you have some good poll results. Anyway my post was stating that you should form your email to the client as if you are not requesting their business, you are just sending a concerned FYI. They will undoubtedly put some research in to the matter as well as the company that notified them of this. They know that you are hoping for their business just by sending them that FYI, but it’s not in bad light if you mention nothing of your services and how you can fix it.

EDIT: Actually letting them know how their private information should be held would be a good idea, just not that you offer that service :slight_smile:

Who are you disappointed at? I think there is some decent feedback on this thread… there could be more, but the OP got some advice. :wink:

I’m sorry I was thinking that Lalia and I were the only posters. Additionally I read your post wrong the first time around Tanya. So Tanya and I differ on the original contact with your competitor, I don’t necessarily see contacting them as a must myself either. But please notify the client. I think if you take the high road and notify them without “advertising” your services. No one likes sales calls or spam emails, you’ll get your point across that you can do better with a professional informative email.

Very much agreed. Cheers K. Wolfe :slight_smile:

Thanks, guys. I’m kind of surprised that this thread is “hot” (many views, burning icon) but only got 2 people to respond.

HOWEVER, your responses were super high-quality and I appreciate them very much. They’ve helped me a lot, so thanks again. :slight_smile: