Moonpig, the personalized greetings card giant, has ceased transactions through its mobile apps after a concerned cyber-security expert exposed a site vulnerability which endangered the financial details of its 3.6 million customers.
The vulnerability was first reported privately to the company by researcher Paul Price in August 2013 and then again a year later with the firm apparently doing nothing to deal with the issue. The issues raised suggest that PCI DSS 3 requirements for secure application development and for more rigorous testing of both external and internal services specifically to help spot weaknesses such as this.
Read Mark Kedgley's opinion on this news story in the article's comment section here.