Was going through the checkin process at 9289 and found that the credit card details page was not encrypted, rather it was over plain HTTP. I can't believe an online shop can get away with it these days…
9289.com.au no encryption of CC details?
LTechie on 28/06/2009 - 10:11
Related Stores
Comments
Still, as a respectable online merchant you really should have SSL and encrypted pages for all payment pages. In fact, having a merchant account from the bank stipulates that SSL and encrypted pages is 100% necessary and viewable to the consumer.
That would be possible if they used an AJAX style request that would encrypt the CC details, etc. But I checked the page and no, there was nothing like that.
I actually got a response from 9289 acknowledging the problem. They suggested I use bank transfer instead.
Just because the actual page is not encrypted does not mean the credit card submission process isnt.
I would assume that the form you type your details into is submitted to a secure php script which will deal with the credit card details. Thus still providing a secure submission of the credit card details while minimising the load on the server as it does not need to handle https web page serving.