E-commerce webmasters need to have basic knowledge about security.
If you want people to hand over personal details, including credit card numbers then you need to make them feel comfortable. Using SSL is one way of doing so.
We implemented a policy of using SSL at every point where sensitive information was being exchanged and it seems to have worked.
However, my attention has been drawn to a relatively prominent Irish website where the SSL encryption has been implemented incorrectly. I could have placed a credit card order with them this morning without using SSL. This is not good.
It seems that whoever set up the site did not run some basic debuggin on the SSL implementation:
If I go to www.domain.tld and follow through to order I get SSL – good.
However if I go to domain.tld and try to place an order there is no SSL and I can (or could as I would never place an order that way) do so send it all over plain text.
I seen something like this last christmas with visa of all people!! they had a website WinWithVisa.ie (I think it was called)
It asked you to give you name and visa number but the submission form never went secure.
I couldn’t beleive that Visa of all people expected people to give out their CC details over an unsecure connection.
Needless to say my visa information stayed unsubmitted.
It’s strangely ironic too that the people you would expect to be most aware of the problems with CC security online would themselves be so lax.
It’s like an insurance company telling you you have to have an alarm on your house, then they leave the keys in the door of their own office at night.
Hopefully they’ll have it fixed by next week. If they don’t, then they deserve a larting!
Donncha – Hopefully 🙂
I’m not mentioning any names yet though
I have a some quastions, can sombody help?
Advantages?
Disadvantages?
of doing ecommerce in an insecure, and in an overly secure inviornment?
Please help,
Thanks John