[thelist] Flash e-commerce security question

Tara Cleveland tara at taracleveland.com
Thu Mar 27 12:26:56 CST 2003

Hey all,

I have a small client who is a musician who wants to sell CDs on his web
site (that I'm designing). His CD production company is trying to sell him
an e-commerce system. It's "free" for him (ie they only make a commission
when a CD is sold) and they take care of all the shipping/warehousing etc.
They sent me an email with lots of **Sales information*** ***Telling me what
a GREAT service this was*** but without an awful lot of real information
(this made me suspicious right off). But it had a URL for me to check out
the service


I noticed a whole whack of things that concern me: restricted to IE, Flash
required, improper form validation, the fact that I could put in *any* price
for the CD into the order form (they *said* that they haven't had any charge
backs), etc. etc. I also noticed that the security certificate was invalid
and that the page was could be seen in transit by others.

As I went through the ordering process, there was never a little lock and
key in the bottom left corner of my browser - even after I put in the credit
card info - of course I didn't go through the entire process - I stopped
short of confirming the order. But is it normal for a flash e-commerce
system? Aren't most users taught to not put in CC info unless there is a
little lock on the browser? Is this a problem?

I'm also curious to see if others who have more experience with e-commerce
and shopping carts have any observations about the whole system. I'm going
to have to advise my client on this, and I'd like to be able to have as much
(good and bad) to tell him.


More information about the thelist mailing list