Submission + - dealing with online merchants who don't use SSL?
Unprotected Coward writes: I was just about to make an online purchase for a hardware product when I discovered the vendor (a self-titled "leading" seller for the US university market) does not even use SSL to encrypt the credit card form data (yes, I checked the HTML source, the form POST is to a non https URL). I am angry and frustrated that in 2007 this still happens with big stores (and I don't even want to imagine what application-level vulnerabilities they may have).
Besides writing them, should I call Visa or Mastercard? I thought it was mandatory for online merchants to use SSL and other basic security measures. Is it all hopeless?
Besides writing them, should I call Visa or Mastercard? I thought it was mandatory for online merchants to use SSL and other basic security measures. Is it all hopeless?