A couple of days ago my sister visited and we talked about going to a play later in the spring. While she was there I picked up my laptop to get tickets. Turned out that there was only one way to get tickets and that was by buying them with a card on a web site. I had a card so no problem so far.
I started filling out the form. I was a little bit annoyed since the site wasn’t using https and the only sign of some kind of security was the sentence: “You will pay over a secure connection”. I hit the pay-button and a lightbox turned up asking me for my card details. Without looking closer at the form I closed the browser. My sister looked at me.
– Why did you do that?
– It wasn’t secure, I replied.
– How could you tell?
– Did you see any padlock?
I later emailed the support for the web site. The answer I got sounded pretty much like my sister. They didn’t get it. How could I say it wasn’t secure? It was! They even told me so on the site! In addition they emailed me links to their provider who also said that everything was very very secure. I emailed them back with screenshots of their site compared to another site that I actually do find secure. I explained everything in detail and gave them some suggestions on how to improve things. Today I got an email again. A positive one. They said that they were happy about my suggestions and would as soon as possible make sure that the whole checkout was secure. I was happy.
Ok, so now here is three questions.
- Why don’t people in general know about secure connections?
- Why don’t people who run a web shop know about secure connections?
- How do we fix this?