PDA

View Full Version : Discontinuednamebrandyarn.com....secure website? >>


boo1
02-19-2008, 11:51 AM
I don't see anything on the site, including the checkout page that says that it is secure. I'm very leery about putting financial info on a site that doesn't have more protection.

Anyone?

knittingymnast
02-19-2008, 11:53 AM
i believe that it is secure, but remember, if there is a phone number, call them and start interrogating.

suzeeq
02-19-2008, 12:13 PM
Or call and place your order over the phone...

knittingymnast
02-19-2008, 12:15 PM
good idea Suzeeq!

Ellieblue
02-19-2008, 01:59 PM
I've ordered from the "yarn girls" several times and never had any 'puter problems that I know of. The only thing that holds me back is there high s/h charges.

boo1
02-19-2008, 02:09 PM
i believe that it is secure, but remember, if there is a phone number, call them and start interrogating.

Secure websites indicate that they are, usually very clearly on the checkout page.
What makes you believe that it is secure?

Banrion
02-19-2008, 02:41 PM
It is a secured checkout. When in the cart page, the address begins with HTTPS:\\ that extra S stands for Secure. Also at the bottom of your screen there should be a padlock icon that when you hover over it tells you the site has 128-bit encryption. Of course, if you are still unsure, it is always best to go with your gut.

boo1
02-19-2008, 02:42 PM
It is a secured checkout. When in the cart page, the address begins with HTTPS:\\ that extra S stands for Secure. Also at the bottom of your screen there should be a padlock icon that when you hover over it tells you the site has 128-bit encryption. Of course, if you are still unsure, it is always best to go with your gut.

Well, there is no padlock icon, but I had forgotten about the https deal. Thanks!

lelvsdgs
02-20-2008, 01:14 AM
It is a secured checkout. When in the cart page, the address begins with HTTPS:\\ that extra S stands for Secure. Also at the bottom of your screen there should be a padlock icon that when you hover over it tells you the site has 128-bit encryption. Of course, if you are still unsure, it is always best to go with your gut.
Thanks for this information! I didn't know any of this...

brittyknits
02-20-2008, 10:11 PM
I can't seem to get to the site-- I keep getting a no-domain response. Is it just me?. . .

Knitting_Guy
02-20-2008, 10:26 PM
Yep, the https:// should be the first thing you look for.

Lisa R.
02-21-2008, 12:45 AM
I can't seem to get to the site-- I keep getting a no-domain response. Is it just me?. . .

I couldn't get to it yesterday, either.

GinnyG
02-21-2008, 09:54 AM
I :heart: :heart: :heart: dbny. I order from them WAY MORE than I should and have never had any difficulty.

ArtLady1981
02-21-2008, 02:27 PM
I don't buy from any website when I can't visibly see that little gold padlock.

I've backed out of numerous purchases because the padlock was not visible.

Plantgoddess+
02-21-2008, 11:13 PM
http://www.discontinuedbrandnameyarn.com/ Try this link.

sheldon
02-22-2008, 12:57 AM
Not to make you any more paranoid, but the https security only encrypts the data sent between your computer and the server. It says nothing about how your credit card info is stored on their servers or what becomes of it after the order is processed. I have seen some sites that just take take the credit card info and send in plain unencrypted text as an email (bad). Others will store the credit cards unencrypted in a database (worse). I even came across a site that was storing the orders with the credit card info in a text file which any hacker person could discover by looking at the source code for the order form page (OMG!). Scary stuff! This last one was on a local community college web site that was offering web development classes :)

As a web developer, I know how hard it is to create a water tight security protocol. Big online stores and banks devote teams of people and throw a ton of money at this problem and still get cracked sometimes. So anytime I order from a site that isn't Amazon, or another reputable seller I pick up the phone and place my order. If a store uses Paypal, I'll use that as it puts the security burden on Paypal and the store never gets my credit card info.

For the KH Knit Shop, we just pass the information directly to the merchant processing gateway. We never come in contact with the credit card number. We let the bank's servers handle it.

I also work for a web hosting company and you'd be surprised at the number of fraudulent orders we receive from scammers using stolen credit cards. They are obviously getting these cards from somewhere, and most likely it's from sites with bad security practices.

So think twice, even when you see the https://. It's easier to pick up the phone and order than it is to deal with identity theft and all the problems that can occur if thieves get your info.

McKnitty
02-22-2008, 07:56 AM
Thanks, Sheldon! Good to hear from an expert. I've been accused of being overly cautious when it comes to online shopping. However, I work in a computer technology field so I know my concerns are justified. You can't be too careful when it comes to this.

GinnyG
02-22-2008, 08:56 AM
There are lots of ways to protect yourself when shopping "online". I use Paypal when ever possible as they have pretty tight security.

I also have a secure bank card I use only for web purchases. It guarantees I cannot be liable for any more than $50.0o in fraudulant charges. My credit union calls and verifies any purchases over $100.00 and I have a $300.00 daily limit on it. If I am making a large purchase I call them ahead of time and tell them how much and who.

brittyknits
02-22-2008, 09:21 AM
Oh, BRANDname, not name brand!:) . They actually do have a padlock symbol, but mine came up at the top of the page, instead of the bottom. But here's a question-- I wonder if there's more hacking of bigger companies (more loot) or smaller (easier to crack)? TJ Maxx got hit last year, but with all of their sister stores (Homegoods, etc.), that must have been extremely profitable. Would hackers bother with a small yarn shop? This is not my area of expertise in any way, shape or form, and I guess I don't think like a hacker:) , but it seems logical to me that they would go for the bigger stuff. Yes?. . .No?. . . Iwonder if there are any statistics out there on this.

boo1
02-22-2008, 10:52 AM
http://www.discontinuedbrandnameyarn.com/ Try this link.

I definitely made a mess of the name, eh? :)

Well, I ordered. Hopefully everything will be okay. If I had read Sheldon's post, I wouldn't have. I'll know next time to look for more than the 's'.

Thanks everyone!

sheldon
02-22-2008, 03:15 PM
But here's a question-- I wonder if there's more hacking of bigger companies (more loot) or smaller (easier to crack)? TJ Maxx got hit last year, but with all of their sister stores (Homegoods, etc.), that must have been extremely profitable. Would hackers bother with a small yarn shop?

Usually, when a hacker goes for a large company it's for extortion. They steal records and say they will go public with the info if the company doesn't fork over a bunch of money. But it takes real skill to pull it off.

Smaller sites are much easier targets and are a lot easier to crack into. They use software to hammer a site/server looking for loop holes they can use to exploit to grab a database, or cease control of the site/server.

Most store owners probably don't know when they've been exploited and the credit card holders don't realize they've been duped until their statement shows up or the bank calls them. There is a black market on the Internet for stolen credit cards. These are mainly credit cards and customer info which has been stolen from online stores with poor security policies. So you never can be too careful.

Working in this field and seeing how lax some programmers are about security concerns (not to mention the store owners themselves), I certainly don't put any trust in small independent online stores. It's always the phone or Paypal for me.

brittyknits
02-22-2008, 06:32 PM
As I said-- I guess I don't think like a hacker:) . Thanks, Sheldon! This is very helpful info.

Mulderknitter
02-22-2008, 08:23 PM
I am very thankful for the info! I am a somewhat naive person in that I am way too trusting and tend to believe what people say. I have never had a problem ordering from discounted yarn...blah dot com. except they tend to have slow shipping. I have had the same credit card for 12 years now, and only once was I called to make sure a charge was valid, I had been mugged at the age of 19 and they tried to use the card at a liquor store. Thankfully the store clerk called the card company and the muggers were unable to verify any of my info. the card company then called me to tell me that they had been alerted to the theft. In my contract with the card it says I am not liable for any purchases made that are not my own.
This also goes for car rental companies that try to sell you their extra insurance. If you have car insurance on your own car, it USUALLY covers rental cars and you don't have to pay extra.
Just check your contracts with your credit card company and your insurance companies. Don't pay for things you don't need, and don't be afraid to use the internet to buy things. Just know what you have:yay:

BethLaf
02-22-2008, 09:25 PM
I JUST got done with recovering from our card being "skimmed" is what the guy at the bank called it, we had over 1600.00 taken out of our account, if it wasn't for the fact that i have that money in our business account and not our personal , we would have been seriously hurt, i caught it the day it happened, but because of the way cc are proscessed , it took a week before everything hit the bank , and we had already canecelled the cards, so it was something else, my banker told me NEVER to buy online without a SOLID written SECURE policy on how the company stores your info.

check for padlocks and https, and if thats still not good enough for you, then set itup through a pre paid debit card type credit card, that way there is a low low limit to what can happen

oh , and BTW, the bank also said these people could have had our info for weeks or even months, just waiting to pounce on it .....
thats the part that shocked me .

bethany
02-29-2008, 12:49 AM
this was just posted as a new thread..."Buyer beware"
http://www.knittinghelp.com/forum/showthread.php?t=76470