I have noticed several cycling related sites run insecure web based purchasing.

I was registering at one ite the other night when I realised the url was http rather than https. I stopped registering and went to the logon page which was the same.

Effectively without the https your username/password and everything else is unencrypted in the tinterweb.

I am not saying you credit card details are not secure as they may use a third party but I did not go that far.

I have emailed the retailer who have said they will deal with it but they have had no probs before, thats not really the point as neither had TKMax till they lost 45.7 million credit card details!

I looked at several sites others also had insecure login pages. Most use https. I wont name names you can check yourself but just a heads up.

Some sites have a https login form contained within a http page. So to the user it appears that the logon details are sent in clear text but behind the scenes then https is actually used. But some no doubt use unencrypted http throughout.

I understand that but when yu are registering typically it isnt, then if you are shopping it should be which it isnt on a particular site as I did register using a very old email addy thats already spammed to death.

Any I am not a web guru so you may be right hence not naming anyone. Just that my understanding is OK you may have a login applet but the shopping site once your in should be secure ie https.

I wont name names you can check yourself but just a heads up.

What use is that? If you suspect shops are open to fraud then say which ones! If you’re not confident then stop scaremongering.

njee

Im not scare mongering at all. I started the thread in good faith. I have stated I am NOT a web guru but I am an experienced IT prfessional. it looks like there are several and no doubt someone who is a web guru can add to the thread.

Its a forum, for discussion. If you have nothing constructive dont post.

Most of the smaller stores use third parties for dealing with credit cards. In which case they have no need to take or store your credit card details on their own site. The only details that would be open is your personal details (name, address, password, etc). It’s not uncommon for them not to have SSL, and a certificate doesn’t necesarilly make your data secure! Your card information may be getting transfered securely, and then stored unencrypted and illegally in a database.

So certificates aren’t everything.

Fair enough, I would rather use a secure site though!

Fair enough, I would rather use a secure site though!

I see what you’re saying. And they only have themselves to blame as it’s their job to make you feel comfortable.

But the term ‘secure’ in this context is relative.

If you are taken to PayPal or wherever to take payment, then you can rest assured that your payment details are in good hands.

I agree with what you are syaing, but they can still see what yu are buying etc.

Would the login details be insecure or would that be an embedded applet?