Steeda is not a Secure online Site

[nivek]

I Just wanted to let everyone know who may purchase products from Steeda.

I went out to Steeda.com yesterday to make a purchase (first time) and found that they offered no CC secure transaction, which means if you purchase something from them your credit card number is transfered across the interent using clear text encryption. This means anyone can crack the encryption an get your CC number. I would recommend to only purchase products via phone.

I did contact Steeda to confirm this which they did. I am not sure why they would not offer secure transactions, it's not that difficult to do.

 

[ChicagoMike]

Yeah, they are crazy for that. I noticed it before placing my order, so I phoned it in instead. People that order online may order from someone else if they can easily purchase it online.

 

[AtomHeart]

That's ok. Every time ya order a pizza with a credit card from Dominos, the pizza delivery guy can call his friends on his cell phone while driving your pizza to you, and give them all your credit card number, and expiration date. I'm not sure if the other pizza places do, but Domino's prints your entire card number and expiration date, right on the reciept.

Just noticed this last night, and decided that was my last pizza from Domino's.

 

[CobraBob]

There are so many ways your credit card information can be stolen that one website like Steeda is hardly a ripple. Regardless, any site not offering secure ordering contributes to the overall problem of identity and fraud on the Internet. I just sent them an email. I'll post their response when I get it.

 

[byevette]

Originally posted by AtomHeart

Just noticed this last night, and decided that was my last pizza from Domino's.

Maybe you should pay with cash:shrug:

No matter how safe you think you are with your cc, you just never know. I had some unauthorized charges on my cc a few years ago and then I bought a shredder for all of my paper receipts. Wouldn't you know, 2 weeks ago, I got a call from one of my cc companies and somehow, someone ran up two (2) $5,000 charges from Dell's online website.

:beer:

 

[FuryShift]

Their tune sucks too.

 

[AtomHeart]

Originally posted by byevette
Maybe you should pay with cash:shrug:

Nice idea, but I dont carry cash. I currently live my life in the world of paperless money. I've had my credit card numbers stolen before. It happens. Some jackasses bought 200 bedroom sets on my credit card. That's the kind of charge that doesn't exactly go unnoticed by the credit card company, thankfully, so they had locked my account before I even knew anything had happened.

 

[99svtlightning]

Maybe the credit card information is written to a local database on the server upon transmission. I've seen sites that don't have the official "lock" because the data never leaves the server and is stored in an encypted table on a local server. Just a thought.

 

[CobraBob]

Originally posted by 99svtlightning
Maybe the credit card information is written to a local database on the server upon transmission. I've seen sites that don't have the official "lock" because the data never leaves the server and is stored in an encypted table on a local server. Just a thought.

It is my understanding that unless you see 'https://' it isn't a secure site. ??

 

[Vaelin]

Form submits can be SSL encrypted.

I haven't checked Steeda's site, since I usually just look at their online catalog and phone in my order... but yeah, you can still get SSL encryption via form submit.

 

[Young_Stallion]

For secure ordering of steeda products, check out www.steeda.ca

 

[99svtlightning]

HTTPS is a way for web developers to write web pages without taking security into consideration. All of the security is done through certificates and layers on the webserver. Security is also possible without HTTPS(SSL) if the programmer implements it within the pages. The downside is, end users won't know how secure the site is.

I'm not sure how Steeda wrote their ecommerce applications, but it could possibly be secure. I'd recommend a phone call to them, unless security is outlined on their site.

 

[CaptNemo]

Originally posted by AtomHeart


Just noticed this last night, and decided that was my last pizza from Domino's.

Their pizza sucks anway, no big loss.:xpl:

 

[Juiced-03]

Originally posted by CaptNemo
Their pizza sucks anway, no big loss.:xpl:

Ya for sure lol :lol:

 

[99cobraclone]

Originally posted by CaptNemo
Their pizza sucks anway, no big loss.:xpl:

yeah but its better then papa john's :xpl:

 

[Lthl Venom 03]

Originally posted by AtomHeart
Nice idea, but I dont carry cash. I currently live my life in the world of paperless money. I've had my credit card numbers stolen before. It happens. Some jackasses bought 200 bedroom sets on my credit card. That's the kind of charge that doesn't exactly go unnoticed by the credit card company, thankfully, so they had locked my account before I even knew anything had happened.

and you still haven't learned your lesson...?:rollseyes

 

[CobraBob]

Okay, I got a reply from Steeda. Their ordering IS secure.

Our Website ordering system does go through a Secure Server, however due to our Present Website Layout, (It uses Frames, which loads content into segmented areas) it appears as though you are not being processed through a secure server.

I have double checked this, and when checking out through our present system, it does redirect you through a Secured Server.
If you care to check on this yourself, please follow the directions below:

1- Go to Steeda.com
1a- Browse our Product listings and select a product that you are considering buying.

2- Once you see your Shopping Cart, please Select your payment method type, and click on check out.
2a- Once on the Order Processing page (you will have an online form to fill out), Please:
Right Mouse click on that page.
You will be given a small context menu.
Please Select "Properties"

You will see that the shopping cart is indeed secured and using 128-bit Encryption.

We are currently under development of our new Website, which will make Secure Ordering more visible, and easier to use.

 

[nivek]

I did verify what Steeda stated is correct. I also did one other thing that did verify the server has the SSL module installed and the certificate is applied and anyone else can test this.

Browse to https://steeda.com what you will find is a pop up box security alert about the certificate. The certificate does have a problem with the name match.

I still have my concerns and would call in the order until they get the frames to use ssl on all content instead of just the form.

The site steeda.com is running Apache/1.3.29 (Unix) PHP/4.3.4 FrontPage/5.0.2.2510 on Linux.

 

[CobraBob]

I understand your concern but my point still is that there are far greater and less secure ways you can order and have your credit card info stolen. Did you ever consider that when you phone in an order that the person taking the order has the exact same CC information and can steal it just as easily? Just over a month ago this very thing happened to me and someone charged almost $2,500. worth of goods and services to my card. I didn't pay a dime, of course, but it was an eye-opener. So phoning in an order is by no means a "secure" ordering system.

 

[nivek]

Damn, I agree giving out my cc number to anyone scares the me. Glad to see it did'nt cost you anything.