Unconfigured Ad Widget

Collapse

Announcement

Collapse
No announcement yet.

Insecure payment page on Scotlandspeople?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Insecure payment page on Scotlandspeople?

    I was about to buy a credit top-up on Scotlandspeople. On reaching the page for entering my card details I got a pop up with the following message:

    You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party.
    I was using firefox and it didn't have the yellow bar signifying the page was secure, and when I tried IE, it did not have the usual padlock icon.

    I have e-mailed SP, but, as I am hot on a trail and anxious to confirm a possible breakthrough, I wondered if anyone knew of the problem, or a way around it in the meantime. I am very hesitant to enter my card details now.
    Gillian
    User page: http://www.familytreeforum.com/wiki/...ustGillian-117

  • #2
    JG

    My browser always offers me the option to show, or not show, non secure items. So far, so good!

    I hope those are not famous last words.

    OC

    Comment


    • #3
      You can send a cheque off for a voucher:

      Voucher Help - ScotlandsPeople

      I'm sure I've read something about a similar message which said it was o.k. because the insecure info wasn't payment but something else, but I wouldn't like to tell you that it is definitely safe! I'll see if I can find the thing I'm thinking of...
      KiteRunner

      Every five years or so I look back on my life and I have a good... laugh"
      (Indigo Girls, "Watershed")

      Comment


      • #4
        Had another idea. I use IE and going into Scotland's People's payment screen, it is a https URL and has the padlock. I get a popup message saying "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" If I choose "no" then I get the boxes to fill in with card number, security code, expiry date, and my name. If I choose "yes", I can't see what the difference is!
        KiteRunner

        Every five years or so I look back on my life and I have a good... laugh"
        (Indigo Girls, "Watershed")

        Comment


        • #5
          Just had a reply from SP

          Good morning

          There is no security issue with the site - it is functioning as normal.

          Online card transactions are probably more secure than those conducted in a
          shop or by phone or fax because information transmitted online is highly
          encrypted. All of our card transactions are processed through our payment
          gateway providers, namely ETS or The Royal Bank of Scotland's secure payment
          gateways (primarily Worldpay) and regular audits conducted by the banking
          authorities aim to ensure the maintenance of a secure transaction
          environment. Your card details are never stored on our servers.

          The message may have been raised by your own ISP / settings and / or changes
          in there.

          Regards
          That doesn't really tell me anything I hadn't already found for myself on their site.

          OC - I've a feeling I didn't see the secure yellow bar/padlock last time and just went ahead and "risked" it. But I'm wondering if I'm being foolhardy. I can't think of any other site which doesn't give me the secure signal on the page where I initially enter my card details.

          Kate - I was just about to explore the options so thanks for the information re cheques. I might have to do it that way instead but it would be frustratingly slow!
          Gillian
          User page: http://www.familytreeforum.com/wiki/...ustGillian-117

          Comment


          • #6
            Kate - thanks! I was typing while you posted your second message. I'll go and try IE again instead.
            Gillian
            User page: http://www.familytreeforum.com/wiki/...ustGillian-117

            Comment


            • #7
              Having used it both ways - showing and not showing - the only difference I can remember seeing was some blurb about SP.

              "Not showing" just produced the bare form to fill in on an otherwise almost blank page.

              As it happens, I am MORE concerned about the GRO pay page at the moment. I faffed around ordering two certs the other night - I had to reregister and get a new password.

              It was only after I had completed and closed the application that I realised that my name and addy were already showing on the order page....do the GRO keep this information somewhere, and how did they link it to my name, given that they had just given me a new password?

              Sorry to take the thread off topic!

              OC

              Comment


              • #8
                Kate - thanks. I got the option not to show insecure items on IE and the padlock was there, so I was able to purchase the credits ..... and discover that it wasn't the death I had hoped for :(. Think i'll stick to IE for future SP transactions as firefox doesn't seem to offer the option not to show insecure items.

                OC - I have no idea. It's ages since I have ordered an English cert via the GRO.

                Don't worry about taking the thread off topic - I'm always happy to glean any information re online payment security.
                Gillian
                User page: http://www.familytreeforum.com/wiki/...ustGillian-117

                Comment


                • #9
                  OC, I think the name and address details are stored on your own computer rather than the GRO one. I'm not sure how to check this other than by logging on to the GRO system on a different computer.
                  KiteRunner

                  Every five years or so I look back on my life and I have a good... laugh"
                  (Indigo Girls, "Watershed")

                  Comment


                  • #10
                    Thanks Kate, I will try to nip down to the library tomorrow and check this on their computer. I feel slightly uneasy that my bank details are stored anywhere on my computer.

                    OC

                    Comment


                    • #11
                      Originally posted by Olde Crone Holden View Post
                      Having used it both ways - showing and not showing - the only difference I can remember seeing was some blurb about SP.

                      "Not showing" just produced the bare form to fill in on an otherwise almost blank page.

                      As it happens, I am MORE concerned about the GRO pay page at the moment. I faffed around ordering two certs the other night - I had to reregister and get a new password.

                      It was only after I had completed and closed the application that I realised that my name and addy were already showing on the order page....do the GRO keep this information somewhere, and how did they link it to my name, given that they had just given me a new password?

                      Sorry to take the thread off topic!

                      OC
                      There's a tick box which you can use on your log-in / account page to say whether or not you want them to hold onto the information so that you don't have to fill it in every time you visit. I have it set to "remember" me, for just that ease of use.

                      If other stuff comes up easily as you enter it - i.e. you get offered values on the screen - then you've probably got the auto-complete option on in your browser. I find that useful, too, but it doesn't usually auto-complete passwords, I'm glad to say!

                      Christine
                      Researching: BENNETT (Leics/Birmingham-ish) - incl. Leonard BENNETT in Detroit & Florida ; WARR/WOR, STRATFORD & GARDNER/GARNAR (Oxon); CHRISTMAS, RUSSELL, PAFOOT/PAFFORD (Hants); BIGWOOD, HAYLER/HAILOR (Sussex); LANCASTER (Beds, Berks, Wilts) - plus - COCKS (Spitalfields, Liverpool, Plymouth); RUSE/ROWSE, TREMEER, WADLIN(G)/WADLETON (Devonport, E Cornwall); GOULD (S Devon); CHAPMAN, HALL/HOLE, HORN (N Devon); BARRON, SCANTLEBURY (Mevagissey)...

                      Comment


                      • #12
                        OC, Your name and address aren't your bank details, though, are they? Or did anything else get put in automatically too? As far as I know it's only my name and address that comes up automatically for me.
                        KiteRunner

                        Every five years or so I look back on my life and I have a good... laugh"
                        (Indigo Girls, "Watershed")

                        Comment


                        • #13
                          Kate

                          That's the bit I want to check, as it didn't dawn on me till afterwards that the form was partially completed without any input from me!

                          I suppose it might have remembered my details from a previous transaction, but if so, can't understand why I had to have a new password.

                          OC

                          Comment


                          • #14
                            I don't know if this is of any help but I often get the your entering an unsecured page while going to make payments. It's just the way my browser works it's just warns before it sends me to a page which secure, once on the page where I enter my bank details the lock is always there. SP sends you a receipt right away.

                            Good luck with your search

                            Jan

                            Comment


                            • #15
                              GRO site (off original topic, sorry!)

                              Oh yes, this is what it says about registering, on the GRO site:

                              If you are using the site for the first time you will need to complete the registration process. You will only need to go through this process the first time you use the system. Once registered your details will be stored for future reference and you will be asked to confirm the information is correct when making an application.


                              How do I change my email address and password? - see our Frequently asked questions


                              The FAQ section might explain about why you had to change your password. And it certainly does appear that your name, address and phone number are held on the GRO's computer. I thought before that it might be on your computer because those fields come up yellow on my computer so I thought it might be auto-complete or something. You can log onto your account on the GRO site and change your details, plus I think each time you order you can log on as a "guest" so that your details are not stored if you would rather do it that way.
                              KiteRunner

                              Every five years or so I look back on my life and I have a good... laugh"
                              (Indigo Girls, "Watershed")

                              Comment


                              • #16
                                Kate

                                I hadn't used GRO for a long time, but had previously registered with them.

                                When I tried to log in this week, it did not recognise my email addy and password and told me I needed to register, which I did, and they sent me one of those funny temporary passwords.

                                So what I am saying - GRO did not recognise that I was already registered with them. But when I entered the new temporary password it recognised me and filled in my name etc.

                                It doesn't really matter I suppose, but I did wonder afterwards how they knew my name and address etc, as they didn't recognise me with the old password.

                                I shall do a quick check at the library tomorrow just to put my mind at rest re the bank details though.

                                OC

                                Comment


                                • #17
                                  Originally posted by deletejb View Post
                                  I don't know if this is of any help but I often get the your entering an unsecured page while going to make payments. It's just the way my browser works it's just warns before it sends me to a page which secure, once on the page where I enter my bank details the lock is always there. SP sends you a receipt right away.

                                  Good luck with your search

                                  Jan
                                  Thanks Jan. It was the first time I'd had the unsecured page message during an online payment.
                                  I think I'll change to IE for future SP payments so that I can opt out of unsecured items.
                                  Gillian
                                  User page: http://www.familytreeforum.com/wiki/...ustGillian-117

                                  Comment


                                  • #18
                                    It's what somebody said earlier in this thread, can't remember who, its your computer cache/cookies that remember your details when you re-visit the site to save you putting it in again.

                                    I think you'll notice your card number and security code doesn't appear automatically just name, address, tel no etc.

                                    Its your preferences on passwords, form filling and accepting cookies can't remember the exact menu or what you have to change, I haven't got time to explain off to work, but it isn't a security issue in terms of other people accessing your details, its only on YOUR computer.

                                    The message to notfity you of insecure data on the page is about the images and text on the page your viewing because that will also be held on the computer cache. Its to protect people who use public computers ie library computers, internet cafes to use the internet for transactions because the next person on that computer can access the history and cache if they know how and then they CAN possibly see some personal data.

                                    I would always advise not to make transactions or access any sites that require personal details for transactions on PUBLIC computers. Or any sites that you don't wish anyone else in the General Public including Library personnel or Internet Cafe owners to know you are accessing.

                                    OC whatever you do don't put in any personal detail when you use that Library computer! You can test it and it won't bring up anything but the form to fill in DON'T fill it in.

                                    Maggie
                                    Last edited by Guest; 20-02-08, 08:21.

                                    Comment

                                    Working...
                                    X