BBC

Thousands of people have been urged to cancel their credit cards after their personal financial details appeared on the UK Consumers' Association (CA) web site.

Red-faced officials at the CA, which campaigns for better internet security, are blaming the blunder on a fault in its systems.

More than 2,700 people who bought CA software online are thought to have been affected.

The customers, who bought Which? TaxCalc software using credit card payment, have been contacted individually by the Consumer's Association.

They are being urged to contact their credit card issuers to cancel their cards.

The CA fears their details could have fallen in to the wrong hands, while they were posted on the TaxCalc web site.

A spokesman said: "We are taking this very seriously indeed.

"We are doing everything we can to resolve it."

Hallmark scheme

The CA has been at the forefront of the campaign for better security in online transactions.

Last year it set up Trust UK, a scheme that puts a hallmark on websites that meet high standards of service.

The organisation, which is best-known for publishing Which? magazine, has hired an independent security consultant to find out what went wrong.

The TaxCalc site, which is designed to help self-employed people and high-earners to fill in their self-assessment tax forms, has been shut down while the fault is being traced.

'Serious flaw'

Kim Lavely, deputy director of the Consumers' Association, said: "This is a serious flaw in the security of the TaxCalc site and we are very concerned about it.

"As soon as we were alerted to the flaw, we removed all personal and financial details from the TaxCalc site."

CA spokesman Alan Stevens told the BBC that the organisation had every confidence that it had acted properly after discovering the fault.

"You can't have 100% security, but the important thing is we have an independent auditor in to check this particular satellite site, which sold a single product to make sure that is secure," Mr Stevens said.

Research shows the majority of people do not believe it is safe to send money over the internet.

Criticising companies

Mr Stevens said there was "no denying that it happened and that it shouldn't have happened but the really important thing is how you fix the problem.

"We have criticised companies in the past for not getting things right, where we are most critical is when they don't put things right subsequently."

He added: "We closed the site within minutes, we made sure everyone that was affected was notified."

-- Rachel Gibson (rgibson@hotmail.com), June 23, 2001