turnersloane
Verified User
- Joined
- Sep 27, 2006
- Messages
- 57
A client of mine recently called about an order he'd placed via an online Mom & Pop type music store. He was concerned that the order page - where he entered his credit card number and personal info - may have not been secure. Obviously I asked him the right questions (URL had "https", security lock in the browser), but he did not think the order page was secure.
In order to confirm, I visited said website, and my clients' suspicions were correct. The shopping cart pages are not secure, nor is any secure cert ever presented. I even performed a test using a test credit card number and the order was processed even with bogus name, address, CID, etc. !
My concern is for the people who may use this website for online shopping and who may not know any better to ensure that they are on a secure page. What can be done, or who can I report this business to? The worse part is that the Mom & Pop store are using a service via a larger provider. I contacted the store and they claim they are working on the issue; meanwhile, anyone placing an order via this music store or others using the service of the larger provider are sending credit card numbers and personal info in the clear!
I've looked at the PCI websites, along with Visa & MC, but wasn't able to find assistance. So, I've turned to this forum for help....
I would prefer not to name the store or provider, but if that will help, let me know.
Sloane
In order to confirm, I visited said website, and my clients' suspicions were correct. The shopping cart pages are not secure, nor is any secure cert ever presented. I even performed a test using a test credit card number and the order was processed even with bogus name, address, CID, etc. !
My concern is for the people who may use this website for online shopping and who may not know any better to ensure that they are on a secure page. What can be done, or who can I report this business to? The worse part is that the Mom & Pop store are using a service via a larger provider. I contacted the store and they claim they are working on the issue; meanwhile, anyone placing an order via this music store or others using the service of the larger provider are sending credit card numbers and personal info in the clear!
I've looked at the PCI websites, along with Visa & MC, but wasn't able to find assistance. So, I've turned to this forum for help....
I would prefer not to name the store or provider, but if that will help, let me know.
Sloane
