When is a website secure? Check this one

  georgemac 18:21 19 Nov 2004

I opened my credit card bill today - the company I use is goldfish, and they have a reward points scheme and in this months flyer have a joint promotion with argos, where you get a discount off certain argos items if you redeem some reward points.

the printed brochure points you to this site click here www. argosb2b-goldfish .co.uk

I went there and selected one of the items I wanted, checked out, entered my mailing/postal details and was then taken to the page requesting my credit card details. I was just about to enter these when I noticed the padlcok was unlocked in the browser and the site began with http://? instead of the normal https://?

I immediately stopped and have emailed goldfish customer services why a credit card company and a major retailer would be asking for such details on a non-secure web page? I also emailed argos and this is the reply I got

"No lock appears because the secure payment page is set within a frame. Your credit card details are secure from the point at which you submit the details and this can be verified by right clicking with your mouse and selecting properties on the resulting page. The Connection type will display as: SSL 3.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange showing a secure connection"

Now I had already completed the purchase as due to another thread I was sure the site was genuine (if you change the http to https it closes the padlock). I went through the process again, and did the above and it never came up with the above on the page where I would have had to put in my details, it may have came up after submission but I do not know.

If this is simply because the web page is designed using frames, this is surely extremely poor web design - we are all told continually it is only safe to divulge credit card details on a secure site with the closed padlock?

I would appreciate a view from the FE or some other web designers on this.

Or have I missed something simple? Using avant browser

  Sir Radfordin 19:22 19 Nov 2004

Is this not the same as you posted here click here ??

Even if you load the shopping basket up out of the framset it doesn't point to a https/secure server. I think it is more likely a badly configured redirection/server than poor web design.

The website has been designed and created by Vantage Technical Services Ltd click here so the source code says, so why not contact them to see what they say?

  georgemac 20:05 19 Nov 2004

it's the same - someone suggested I post it in here to see if anyone could shed some light on it

I have taken their word it is secure - this information was supplied by an Argos employee.

I never got a reply from Goldfish so will wait until Monday to see if they have anything to say about this.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5T review: Hands-on

Illustrator Andrés Lozano on his improv line work, brazen use of colours & hand sketching

iPhone X review

Comment envoyer gratuitement des gros fichiers ?