Author Topic: Online ordering - terrible security problem  (Read 2766 times)

bobajobrob

  • Newbie
  • *
  • Posts: 3
Online ordering - terrible security problem
« on: April 19, 2005, 11:57:31 AM »
I completed an online order on Sunday at http://www.sjscycles.com and received a confirmation email. The email contained, amongst other things, my name, address, full switch card number, start and expiry dates, signature strip number, issue number, basically all the information someone needs to defraud my account.

Email is *not* a secure communication medium, the mail could have been intercepted and read *at any point* during its transmission. Alternatively, if I had have entered an incorrect email address, my full details could have landed up in someone else's email inbox.
 

Andrew

  • Guest
Re: Online ordering - terrible security problem
« Reply #1 on: April 19, 2005, 01:41:55 PM »
quote:
Originally posted by bobajobrob

I completed an online order on Sunday at http://www.sjscycles.com and received a confirmation email. The email contained, amongst other things, my name, address, full switch card number, start and expiry dates, signature strip number, issue number, basically all the information someone needs to defraud my account.

Email is *not* a secure communication medium, the mail could have been intercepted and read *at any point* during its transmission. Alternatively, if I had have entered an incorrect email address, my full details could have landed up in someone else's email inbox.



Hi Rob,

Our IT manager ensures me that the scenario you describe could not have occurred and that our online store is, and always will be, a very safe place to shop.

The only order confirmation you will have received that contained your card number is a page generated by your internet browser.
This is generated locally on your computer, any information transferred additionally is done so over an encrypted SSL (secure socket layer).

If like you describe you have been sent by email an email containing your card information please forward this mail (blanking out your full card details) to andrew@sjscycles.com and we will investigate this matter immediately.

If you have any further questions relating to our online store please feel free to email our IT manager: adrian@sjscycles.com

Best regards

Andrew

bobajobrob

  • Newbie
  • *
  • Posts: 3
Re: Online ordering - terrible security problem
« Reply #2 on: April 19, 2005, 02:07:52 PM »
False alarm - I just realised I copied the details from the confirmation page and emailed them to myself, then forgot and thought the email was from you. I'm very sorry to cause any alarm! Can you please delete this thread?
 

bobajobrob

  • Newbie
  • *
  • Posts: 3
Re: Online ordering - terrible security problem
« Reply #3 on: April 19, 2005, 02:13:24 PM »
Just one more thing - it may be a good idea not to display all these details on the confirmation screen. If you print them out like it suggests, you have to be very careful to destroy them safely. Most receipts do not display all the card details, just the name and last 4 digits of the card number.