View Full Version : not safe for customers data

12-31-2011, 02:35 PM
hello, fyi i'm not some newb coming on here as my first post. i've been a lurker here for 3 years. stated that they no longer accept customers credit cards in the orders and they'll call them for it due to "reasons" being a smaller company. rubbish.

the reason is the site has no ssl, secured socket layer. his processor probably found out and probably threatened to cancel his account if he continued doing so. so he probably decided to save a fews bucks on getting a ssl certificate and calling in customers for their cc numbers. that's a waste of the customers time.

so when you guys place an order all your information is able to be seen by sniffers.

placing your order with all your personal info is still too much risk to have stolen off the internet even if it doesn't contain your cc info. full name, address, phone, email, do you really want that stolen?

i was about to place a big order when i saw the url "http://" did not change to "https://" all through the check out process.

guys be wary, i work as an intern at a law firm and i see cases like this come through every day because some small company is being sued by customers because their data was stolen.

strano, an ssl certificate costs no more than 200 bucks a year. if you really cared about us, you'd get one instead creating the hassle of us ordering online in a safe environment, then calling us for our credit card info and slowing the process of getting our order out slower.

01-03-2012, 10:26 AM
I see your point but does it really hurt being called for the payment? There is so much CC theft nowadays and small company's getting screwed with charge backs all the time.

Not a big deal to have allitle interaction with people.

Sam Strano
01-17-2012, 12:08 PM
Well, you didn't do you homework..... it really is that simple.

I DON'T TAKE CREDIT CARDS ON THE WEBSITE. Because I don't, there is no need to secure it in that way. In fact I go to lengths both here and on the site to explain that because of fraud and even major companies getting hacked, I decided to be a little old-fashioned. While you can compile and submit an "order" of parts, there is no place to enter payment.... I CALL YOU BACK FOR YOUR CREDIT CARD INFORMATION, IT IS NEVER ONLINE THAT WAY, NOBODY CAN HACK IT. DO YOU UNDERSTAND?????

As for your address and such. Addresses appear in phone books, on your door, on your mail, and even on the boxes the parts you wanted are shipped in. The information I ask for (assuming you want to do it that way, you could just phone in the order... how's that for a radical idea????) does not contain your SSN #, your DOB, anything like that. For that matter you could just give me a name and a phone number and put a note on the form that you don't want to give the other stuff online (though I think that's pretty silly).

In closing, I find it simply *AMAZING* that you took the time to write all that, but never to ask me about any of it.

I would hope you realize that your posting that my website is not safe wasn't cool, and not in any way a danger to anyone. But now this headline is here for folks to see, and then they will assume you must be right. Hopefully you will do the right thing and get this taken down, and realize you were off-base.

Have a nice day.

01-18-2012, 06:49 AM
I run my website the same way Sam does. There is no reason for me to take the risk of fraud and I prefer to talk to the customers.