Monday, August 6, 2012

Website Security

I went through HBT's vendor list and was surprised to see how many vendors apparently do not give half a shit about internet security.  Lots of vendors have pretty sites.  Northern Brewer, for example, has a really sharp site.  The design is good, the navigation is easy and the images are all nice high resolutions... but no security.  Sure it has an SSL, but so what?  No seals at the bottom for PCI or any other programs to identify they are keeping information secure.

Lots of people on HBT forums point to several popular sites:

Austin Homebrew
MoreBeer!
Stainless Brewing at the time of this writing is running a promotion, listed under the "vendor showcase" forum @ HBT...

I wouldn't trust giving any of these sites my credit card info.  Not until they show me they have some kind of PCI level, or some attestation from a reputable merchant vendor like Authorize.net or Trustwave etc...  In fact, as of right now - I'm only ordering from 2 places: Amazon, and Midwest Supplies

Midwest Supplies is the only HBS site I have found that actually has some kind of certificate other than just "hey we have an SSL!". 

Note to people running a HBS website: Having an SSL doesn't mean my data is secure once you have it.

I worked for the internet for too long, and have spoken to too many business owners whose databases I had to personally shut down, because they were storing plain text credit card numbers in there.  Sure the SSL makes it so no one can intercept my HTTPS submission of that data and grab my CC info out of thin air - it doesn't do shit to protect my data once the vendor has it.  I am not giving my personal information, nor credit card to any website that doesn't have some kind of certification that tells me the way they store their data is secure.  I don't care who's kid designed your site for you, or how much money you paid for your stupid shopping cart, if it doesn't have a fancy badge somewhere on the site, I'm not buying from you.

UPDATE: It looks like BrewGadgets also should work out.  These guys don't have a PCI badge on their site, but they also aren't processing payments themselves - they let you checkout with Google, Paypal, or Amazon.
Posted by at
Labels: ,

No comments:

Post a Comment

Leave a comment! Try not to be a dick!

Subscribe to: Post Comments (Atom)