Rakuten Breach: Live By The Web, Get Punished By The WebWritten by Evan Schuman
Please forgive the cliché, but when hundreds of online shoppers say that your site is sick, it should lie down. The Japanese E-Commerce powerhouse Rakuten, which is just months away from a planned major push against Amazon (NASDAQ:AMZN) in the U.S., is finding itself in the frustrating position of seeing literally hundreds of its customers posting about fraud problems traced
to Rakuten. And yet the $4.7 billion global retailer—operating in 27 countries—can’t seem to trace the problem.
An online publication of Consumer Reports magazine, Consumerist, has taken the lead in this coverage, and Rakuten’s shopper victims have created their own site, much to the presumed non-delight of Rakuten. The site’s called simply Rakuten Fraud. What’s worse than having a security hole on your site on the eve of a major rollout impacting lots of customers? How about being unable to figure out where the hole is?
Bernard Luthi, the COO of Rakuten.com, has become the public face of this breach and is arguing that there’s little his team can do until they can somehow replicate or trace the source of these breaches.
“We want to assure our customers and those of you who have posted on this site that we take all reports of this nature very seriously. We are investigating the issue at length, so far bringing in a series of specialists and a third-party technical forensics company to try to identify why this should be. Despite their and our efforts, we cannot identify any breach in our systems that would explain these reports,” Luthi posted on the Rakuten Fraud site Tuesday (June 11) night. If nothing else, Luthi deserves a lot of credit for responding directly on that site.
On Monday (June 10), Luthi posted that the site had started using a tokenization package for its payment system, something that—according to shopper complaints—doesn’t seemed to have stopped the problem.
The complaints suggest two different methods of fraud.