I need to order this program MarkStrat for my marketing class. I registered on their site and got to the Billing Information page, and noticed that the page had no security certificates and was http and not https. I emailed the company asking them about it, and they responded
The page is secure and we do not store the credit card information. Once the charge goes through, the number is removed and we only maintain the type of card, + last four number of the card. Therefore it is completely safe.
Does this make any sense? Nothing is making me feel better about putting my credit card information into this form.
Are there any other payment options?
Maybe you could get one of those greendot cards or something. Probably cost you a few extra bucks, but then you can cancel the card and not worry about it again.
General rule of thumb for putting in your credit card number on the internet: if you have any doubts about it, don't do it.
Well, their page may be secure enough but they really ought to have https so the your data are encrypted between your computer and their server. Something which their response did not address at all.
Is there some other program you can use or perhaps they offer a different way of ordering/paying.
Um...yeah nothing about what they are saying makes any sense.
The https is needed because you are posting your credit card information to their server. I mean, it has to get from your keyboard to them somehow, right? If that connection isnt secure then your information is vulnerable.
OF COURSE they arent storing it. Being complient is absolutely a nightmare and I wouldnt expect anyone but the largest corporations to house their own database of credit card information. So whether or not they are storing it is not prudent to the question of the connection you are using to SEND your information.
Yeah, unfortunately this program is a requirement of the course. I emailed the company asking about alternative payment options and they responded with what I put above.
My girlfriend just ended up pointing me towards the BuySafe feature on bank of america, which generates a temporary cc number that worked well enough for my purposes. Problem solved.
...yeah, this is why we have places like Amazon that actually give a damn about security. I wouldn't trust them at all- if they're that lax about security on thier credit-card transaction page, what can you then assume about thier servers and such?
If they aren't going to take your security seriously, I wouldn't throw them any business, and I'd tell them so.
I agree, and I wouldn't, this just isn't the sort of thing that's optional. It's a market simulation tool for my marketing class that requires everyone in the class register before the simulation will run. I'm definitely going to speak with my professor about it though.
Oh, other great thing about the program - it won't run on Macs, and for some reason the professor assumes that every Mac user has boot camp with an installation of windows running on it. Yeah...
Is it possible that the form actually submits to a 3rd party credit card processor and is submitting via https? You can submit the form using https and not have the page that displays the form using https and it's completely valid and secure, just kind of lame as it runs the risk of scaring people off.
Is it possible that the form actually submits to a 3rd party credit card processor and is submitting via https? You can submit the form using https and not have the page that displays the form using https and it's completely valid and secure, just kind of lame as it runs the risk of scaring people off.
This is my theory as well. Their page doesnt need to be secure if they will simply be redirecting you off to a payment provider like PayPal. However, if they actually have the credit card form on their site and it's not HTTPS, then yes, you are right that it is a security issue.
Posts
Maybe you could get one of those greendot cards or something. Probably cost you a few extra bucks, but then you can cancel the card and not worry about it again.
General rule of thumb for putting in your credit card number on the internet: if you have any doubts about it, don't do it.
Is there some other program you can use or perhaps they offer a different way of ordering/paying.
The https is needed because you are posting your credit card information to their server. I mean, it has to get from your keyboard to them somehow, right? If that connection isnt secure then your information is vulnerable.
OF COURSE they arent storing it. Being complient is absolutely a nightmare and I wouldnt expect anyone but the largest corporations to house their own database of credit card information. So whether or not they are storing it is not prudent to the question of the connection you are using to SEND your information.
Dont send your info without a secure connection.
My girlfriend just ended up pointing me towards the BuySafe feature on bank of america, which generates a temporary cc number that worked well enough for my purposes. Problem solved.
If they aren't going to take your security seriously, I wouldn't throw them any business, and I'd tell them so.
I can has cheezburger, yes?
Oh, other great thing about the program - it won't run on Macs, and for some reason the professor assumes that every Mac user has boot camp with an installation of windows running on it. Yeah...
This is my theory as well. Their page doesnt need to be secure if they will simply be redirecting you off to a payment provider like PayPal. However, if they actually have the credit card form on their site and it's not HTTPS, then yes, you are right that it is a security issue.