By Lana Clements

Luxury retailer Fortnum & Mason breached security standards and put customers' financial security at risk by asking them to email personal credit card details, it has been claimed.

The store, whose past customers include Queen Victoria, owed a number of customers a refund after failing to deliver hampers in time for Christmas. But, in an extraordinary move, some were apparently told to email sensitive data, otherwise money couldn't be returned.

In an email seen by Computerworld UK, an adviser asked for the type of card, name, long number, expiry date and the security number. A spokesperson for Fortnum & Mason says: "we are investigating that claim" and couldn't comment any further.

The Payment Card Industry's Data Security Standard (PCI DSS) standards should be adhered to by all companies that accept credit cards as a form of payment. The rules stipulate that customer card details processed or sent online should have measures in place for protection including, online encryption.

If details are just ordinarily emailed they are not provided with due encryption. It also leaves the possibility of details being stored on mail servers, subject to interception or hacking.

The security number, on the back of cards, should be particularly guarded and not shared online without protection. Retailers should never ask customers to be as flippant with their security as to email credit or debit card details.

Customers should always be alert when asked to send credit card details over emails, especially with the prevalence of phishing scams that set out to obtain details for fraudulent use. If asked to compromise security via email, customers should refuse and instead phone and speak to a verified adviser.