Non secure ecommerce checkouts ?

[Russell Smith]

I have been told of and now have checked out a website that when you get to the credit card checkout page it does not say hppts or show the padlock symbol.
The website claims that payments are made with 128 data encryption so payments are safe.
So my question to the guys on here who know in more detail than I do:
If the page with your details on does not show the "s" after the usual http and also no lock symbol is it safe to proceed.
I have also been told that the site has no certificate!

Russ

 

[danrandon]

russ pm me the website and i'll check it for you, they may just rout it through a secure server once you enter the details

 

[Russell Smith]

You have it, let me know soonest mate.

Russ

 

[broken92]

Hi Russ,

As I explained on Sunday I checked the website using numerous browsers and not one indicated any form of secure connection on the checkout page.

There was no certificate present to indicate any form of Secure Sockets Layer encryption (SSL).

Niether was there any indication of the Padlock symbol to indicate any security or certificate.

They are using Perl scripts for the order checkout, however this still does not offer any form of encryption, it is merely the language the scripts have been written in.

They do have a link saying they use SSL and if you tag the on the end of the main URL you will see the page in question - acatalog/Site_Security.html

Dan is correct in that they may route you through a secure connection after you details are entered, but this is very bad practice and does nothing to reassure the customer.

I wouldn't touch this website with a barge pole mate.

Dave - Fatbobs Fusion - (Full time ecommerce web developer.)

 

[Polly]

anyone gonna let us know which site it is? i have a feeling i know which one but could do with letting people know so they can buy securly (sp?)

 

[Gassy]

No names until we are sure please.

I know who it is as it was me who pointed this site out to Russ on sunday.

Lets confirm before we name anyone

 

[danrandon]

pm'd you back russ

 

[true_death]

Can we have the name of the site please.

Bit worried now.

 

[Russell Smith]

It has been checked by someone with the relevant experience and they have confirmed what I was told.
I will post the website details gladly because this sort of **** should be stopped but let me send a few pm's first.
It is a paintball website so make sure if you are buying anything online you check it out first.

Russ

 

[Flash-Bugout]

They do have a link saying they use SSL and if you tag the on the end of the main URL you will see the page in question - acatalog/Site_Security.html

There's Just a few sites I know that use actinic catalogue.

The one in question (well, the one I've found after a couple of seconds of checking) is asking for a credit card number on a http:// page - no security at all.

On the flip side, the chances of actually having your card number taken via a website that isn't using SSL (the S on httpS) are still a whole bunch less than, for example, when you give your card to a waiter/waitress, or if you ever give your card number over the telephone - you can listen in to any telephone line with a little bit of kit that costs only a couple of quid.

That said, I personally would never put my card into a non-https page (I also do that whole ecommerce web development thingy for a job)