I have no sympathy with data breach hackers. My SIL was hacked three years ago and it has been a mess trying to straighten this out. The guy that hacked her only got a couple of years for it. He had a history of doing this over and over again. Most ( being generous here) never quit doing this type of hacking.

I just got a fraudulent charge on my card. I made a purchase through them earlier but forget which card I used. I made a purchase through them with PayPal using my card that was hacked. Maybe it was before or maybe it was this time. Who knows. Whoever did it did a payment that would occur over and over again for 25 dollars with answers ansestry

The email from Burnt Ridge said the info was not stolen from them, but from a company that they use to handle their online orders. The breach affected other customers of the processing clients besides BR as well. It makes sense that a thief would go after such a company since there would be a lot more to steal than from a plant business.

This is exactly what we thought. A nursery is just too small to have own IT staff. It is all out-sourced to 3rd party contractor.

I remember few years back we received a notice from one of our credit card companies about a " possible compromise" concerning a credit card they issued. I called several times to the credit card company to find out which company we bought something from had their info hacked. Finally one of the credit card employees stated it was the processing center that was hacked. So it was impossible to know what actual store it was, even if we did buy something from that store.

There have certainly been some processors hacked in the past few years. Heartland, Global Payments, RBS Worldpay, etc. If so you shouldn’t blame the merchant, that’s at a point outside of their control. Can’t say for certain that’s what happened with Burnt Ridge or not though…

NetCraft indicates that the server OS of Burnt Ridge’s webserver is Windows 2008. That was end-of-life’d by Microsoft in January of 2020. How many exploits have been discovered and went unpatched since then? Their webserver can negotiate a TLS1.2 connection but not TLS1.3, which matches the capabilities of Win2k8 so good chance that NetCraft’s guess is correct.

PayPal is big enough that they can act as their own gateway, and processor. That’s not to say they can’t be hacked though, they’re good but is anyone ever “perfect”? Not to mention their almost predatory pricing, the fees they charge are close to double what many charge. Burnt Ridge pockets perhaps $95 or $96 of a $100 sale if you pay with PayPal. For a small merchant, that can be a big deal. On a side note, rumblings in congress of some possible reform in that area. link

A few years ago a large online merchant shipped a bunch of bigscreen TVs for ~$5 when it was discovered they had a flaw in their website which unscrupulous “customers” found and exploited. I have a sneaking suspicion Burnt Ridge’s site might exhibit a similar flaw as well…

Burnt Ridge should really step up their game…

How much business does a place online get with PayPal opposed to just using credit card though. It is super easy to go on PayPal and click the button. I would say it is almost even addicting. I can say I have likely bought many things as an impulse buy that if I had to take my credit card out and enter it I may have not bought. If I had to take a check out and mail it as well as get a magazine like some mail order nursery do I can say I would have far less plants than I have today for sure. Every step that makes buying things easier makes more sales. The more work for the customer the less sales. That is why at USPS where I work we are supposed to get people to the front of the line in 5 minutes. The easier it is to get the the front and spend the money the more they want to come back. If you as a business are using an outdated software or hardware I would say that is a issue for security.

That is also part of the reason why Amazon excels (predicted ~40% of all ecommerce sales for 2022). Their “Buy Now” button and your tokenized card ready to go. No need to think about it, “I want that item”, click and it’s on the way…

I’ve more than once been offered to pay via card from a small (in person) merchant… Only to say to them “nah, let me pay you with cash or write a check, I know that [Stripe|Paypal|Venmo|whatever] you’re using exacts a toll.” I’ve never not been thanked by them for doing so.

For ecommerce sales, most folks allow their browser to store their card details and plug them in automatically, also pretty fast and easy. More secure than conspiracy theorists might think as well…

And yes I’m saying that from external appearances, Burnt Ridge appears to be using both outdated application software and server operating system. Wish we knew how much annual ecommerce sales they process. Probably less than $6Mil which is the point where a merchant is required to undergo an external audit by a PCI QSA. I’d be surprised if any competent assessor would “pass” them, if what appears to be in place is correct.

Only reason I haven’t ordered from Burnt Ridge lately is 18 months thereabouts I was shopping and had items in my shopping cart…
but needed to get to bed…

the next day the items in my cart had gone up in price over 10%.

So, I abandoned the cart.

All items plant related have gone up is the issue. One Green World’s bushes used to be in the teens in terms of cost. Nows they are 20s through 30s. Raintree used to have theirs trees in the 20 something to 30 dollar range and are now in the 60 dollar range. While most trees have not gone up like Raintree did they have gone up quite a bit. just not the extent. It is just demand has gone up so much.

I ended up having to sleep on all my check/mail in orders for 24 hours. More often than not, the frenzy of ordering didn’t look as inviting the next day and I cut my order in half or tossed it altogether. Credit card purchases for me are more tempting and harder to self regulate.

I have gotten carried away with online graft orders two years in a row. Running out of spaces as a result.

Thanks for starting this thread. I too got an email from BR about this, but didn’t see it until I went looking for it after I saw this post. I usually use Pay Pal anytime I can, but for some odd reason, I guess I used my cc. Not happy… now I need to go figure out which card I used and check statements. Oh well. At least I know and I’m not using my cc online anymore, it’s just too risky. If they don’t take 3rd party payments, I guess I won’t be buying from them.

I’ll still order just continue as always to use PayPal etc

Price of jujube trees went up like $69 per bare root at GrowOrganic, they used to have decent prices. I’m looking for a cheap source for bare root trees.

The “Li” from Burnt Ridge for $35 is about as good as can be done these days I suspect.
I don’t know anywhere to obtain a cheaper tree.

Thanks, I already have 2 Li. I think they have Chico for $45 and Contorted for $50.

Bareroot trees online is the cheapest I can find unless you want to count on Costco. Like I said prices have just increased because of demand

Demand, + gas and shipping and packaging and labor and even ‘because everyone else is raising prices’.

That is what many don’t realize. If everyone raises their prices than you may as well since there is no on. else to go to. Gas has gone down but it is still super high. Labor prices have not gone up too many places but there is a shortage of labor right now is the issue. I have seen nurseries starting to charge for delivery charges. I bought a few trees from Stark Bros and saw they had a dollar or two charge for delivery services. I guess they have free shipping often times so a delivery service fee should not be unheard of. Stark Bros used to be more expensive but their items are getting pretty competitive. Particularly with their sales.

They have bareroot at Home Depot and I don’t have to pay for shipping charge.