Just went to book something online. About to click the "Pay" button and noticed the page wasn't secure. Who the hell, in 2017, captures credit card details via insecure 'http'??? And 'https' worked on the home page but not the payment page!! Backed out of that, messaged them and we'll see if anything comes of it.

  • 2
    Haha, though if they use libs provided directly by stripe, braintree, paypal, the payment processing is done through them and their ssl connection. It depends if they keep card infobon their own server or let those gateway handle it.
  • 0
    @rusty-hacker Yeah, I know about that mechanism. Bit those details, if captured on http, still have to be transmitted to https. Whilst there a drive for https everywhere (which may or may not be totally necessary), you should never capture anything potentially sensitive - especially card details - on a non-secure page. Not nowadays anyway.
  • 0
    Turns out they didn't know and were straight onto the website devs (which is the reaction your want). Didn't give us discount though!! Oh well...
Add Comment