The use of SSL certs does not indicate secured merchant services. SSL is used to encrypt information between a server and a client for a given purpose. You can look at the certificate (easiest way is to click on the pad lock icon in your browser) to ensure that the site using the certificate is the same as the site that was issued the certificate, although your browser should show an error if this is not the case-it will by default). Now obviously you want your communication secured if you are passing any confidential information (CCs, passwords, private info, etc). However, someone can easily bring up a shady site and use ssl to encrypt communications. I'm afraid there is no magic there, as anyone with a site and a dedicated IP address can buy a SSL.
I agree. In fact, I think the need for SSL is highly overated. Stemmed from the black helicopter hype early on. People equated it to someone climbing a telephone pole to clip a headset on the wire and evesdroping on your phone conversation. The government may have some capacity to do this (like Lawful Intercept for voip) but it's impractical and not effective for thieves. SSL is for encryption over the wire. Relatively insignificant compared to your connecting to somewhere other than where you think you're connecting to or data being compromised after it gets there.
It sounds like a few people in the thread are looking for the silver bullet that they can use to make 100% sure that a site they are dealing with is safe. There are a lot of aspects to Internet security-way more than can be covered in this thread-in fact, there are IT career certifications in it (cissp for one).
Well yes . But at least people can get some understanding of what is behind the scenes and what to look for to feel more secure or at least reduce the risk. Maybe something like "shopping cart powered by XXX" gives you some assurance that the service is a commonly used reputable service and known to be fairly secure. Or at least put some effort into security measures/processes/standards.
As I stated in an earlier response, the best advice is to use reputable companies, and trust your instincts. If a site looks shady, get away. If there isn't SSL encryption, get away. If 1/2 the words are misspelled, things don't look professional, the prices seem to good to be true, and you just don't have a good feeling about using that company, get away.
That's going to eliminate all the Chinese sites isn't it?
This conversation could easily delve into many aspects of online security, and common advice stands here too: don't share your passwords, don't use the same password on multiple sites, protect your information, etc, etc, etc. One other thing you might consider is checking with your bank or CC company. Many of them offer 1 time use card numbers for online purchases. I wish more banks still offered this the way they did several years ago, but there are still quite a few who do.
There are a number of other threads on this subject already. I'd like to keep it more specific to our e-cig online supplier sites. Appears there is a good bit of commonality in the merchant service providers chosen, etc. A lot of people weren't aware of that. I think many just assume most suppliers download the store website template from Microsoft, fill in the titles and pictures and start taking orders. maybe some do.
Last edited: