Cotton Traders, the clothing retailer, is refusing to give details of the security arrangements in place when its website was hacked and customer card details stolen.
The firm denied reports that 38,000 customer card details and addresses were stolen, earlier this year, but would not say the real figure of how many customers were affected.
A company representative said the figure was “significantly less” than the 38,000 quoted by the BBC.
Barclaycard processes all payments made on the Cotton Traders website, but said it would not comment on individual cases.
A source close to the problem said Barclaycard was not at fault, and did not host the Cotton Traders website or store its customer data.
Cotton Traders would not state which hosts it uses or what systems are in place.
It also refused to comment on whether it had encrypted the data that was lost, but confirmed that customer credit card data is currently encrypted. It said it had recently upgraded security on its website, “validated by leading industry experts”, but would not say what changes have been made.
Actions to remedy the problem were completed five months ago, and all customers potentially affected were notified at the time, the company said. It said it took security “very seriously”, and that its website is “safe”.
“In January 2008 we identified a security issue. We immediately brought in industry security experts to resolve the problem,” Cotton Traders explained.
Police are investigating, payments clearing body APACS confirmed.