E-commerce webmasters need to have basic knowledge about security.
If you want people to hand over personal details, including credit card numbers then you need to make them feel comfortable. Using SSL is one way of doing so.
We implemented a policy of using SSL at every point where sensitive information was being exchanged and it seems to have worked.
However, my attention has been drawn to a relatively prominent Irish website where the SSL encryption has been implemented incorrectly. I could have placed a credit card order with them this morning without using SSL. This is not good.
It seems that whoever set up the site did not run some basic debuggin on the SSL implementation:
If I go to www.domain.tld and follow through to order I get SSL – good.
However if I go to domain.tld and try to place an order there is no SSL and I can (or could as I would never place an order that way) do so send it all over plain text.
Leave a Reply