Is this website secured ?

Options
RanRan
RanRan
Community Member
in Lounge

Is the credit card info secured at this website ?
If I start at http://superamerica.com/SuperwashLogin and start a new account, put some dummy info and when you get to credit card info box it says its secured but I can't tell if it actually is.

I can also log in both https://superamerica.com/SuperwashLogin but it says it has an invalid certificate and http://superamerica.com/SuperwashLogin.

It looks like this website was not constructed correctly
Thanks in advance for your help

1Password Version: 6.6.4
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @RanRan: I don't have an account so I can't say for certain, but I'm not seeing that it's using a secure connection at all. Maybe it is just for the checkout process, or even specifically for the credit card details, but you're right to question that. There just isn't any reason to not use a fully secured connection at all times nowadays, and that and an invalid certificate are signs that security is not a high priority. :(

  • RanRan
    RanRan
    Community Member
    Options

    Brenty, after filling in the details of car, address, etc, there is a separate popup screen for credit card info which says its secured but I could not tell if it was or not. I've contacted the vendor and that assured me that the credit card input screen is secured but I could not see that as a fact myself- maybe you could try yourself by putting some dummy info for name, car, etc and see what you think when you get to the credit card screen. You do not need to put some actual info of yourself in the new account data. Thanks for your input.

    Ran

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @RanRan: Thanks for clarifying! If the browser isn't able to tell us that the page is secure, it's safest to assume it is not. Also, with modern browsers, they will typically warn us about "mixed" security (i.e. some content delivered over HTTPS and some not) within the same page. If you're not seeing this either, that's also a red flag to me. I feel strongly that vendors who want us to give them sensitive information like payment details have the burden of proof on them to reassure us that they're doing all that they can to protect us. Of course, many companies collect our data securely yet store it insecurely (and later get hacked...), so it's a crazy world out there. But if it's any consolation, most credit card companies are great about fraud management, so I'd check with the bank to see if you're protected if someone uses it fraudulently. Stay safe out there!

This discussion has been closed.