Hey everyone, Mike here…
The other day I tried to sign up for a subscription to our local newspaper, I’ve recently thought that local journalism is important so I thought I would support them, then this happened…
Question: Would you enter your bank details on this page?
Things that are wrong:
- This page should clearly be loaded over a *secure* connection as it’s asking for bank details. It should look more like the green “https” you see at the top of this page, (grey padlock in MS Edge)
- The title of the page says “Subscribe to KAYAK”. I’m trying to sign up to The Mail (Formally The North West Evening Mail), while not a security problem it just looks wrong.
- To get to this screen I had to enter a username and password and my billing address (again all over a *Not Secure* connection).
What did I do:
- I’ve emailed them the screenshot and my three points above (politely but firmly) saying they need to do better…
What have they done:
- It appears they have suspended taking online orders, for now, hopefully, they are on with fixing it! I’ll update this post as I find out more!
- They emailed me back thanking me. (also see updates below)
What should you do:
- If you see *Not Secure* in the address bar of your web browser or you don’t see a green (or grey) padlock when being asked for details about you (name, address, email, password etc…) you should stop and contact the company and ask them to explain why.
- You also can’t trust that the website is actually serving content from the place it claims to be from if it’s not *secure*
Updates:
- I tried to join via Credit Card rather than Direct Debit, this took me from a *not secure* connection to a *secure* connection, this isn’t ideal as someone could have redirected me from the *not secure* connection to anywhere they wanted. Paying by credit card failed and I got an error, but they did take money…
- They rang me back to say it had failed, they offered to cancel that transaction and gave me one of their offers (3 months for the price of 1!)
- They apologised for loading these screens over a not secure connection and said their IT team is working on it as it should be a secure connection, hopefully, they will fix all the problems in one go…
- I’ll report back as soon as I know more…
- 07 March 2018: I’ve checked the website again, it’s still not over a secure connection. 🙁
Stay Safe!
Mike 🙂