VPost needs more attention to security details
I'm using vPost, a service by Singapore's postal service to ship stuff I oder online. vPost provides me with an US, European and Japanese shipping address, so I can take advantage of free "local" shipping or get stuff from vendors that don't ship overseas. After a few teething problems the service works reasonable well, I can recommend it in general. You have to compare shipping rates from the vendor since vPost might not always be the cheapest option. However vPost needs to pay more attention to security. They have the basics right and use https on all their site, so that's OK. They also leverage on " Verified by Visa" that uses one-time tokens via SMS to secure transactions. The improvements needed are after you enter your credit card details and hit next:
- The credit card number is displayed in full (other sites only show a few digits). So someone peeking over the shoulder can note it (same applies to the expiry date)
- The security code is displayed. It shouldn't be shown AT ALL.
- Being security concious (and not liking tracking cookies) I don't allow cookies from other websites. VPost requires me to lower my security standards. I'm sure that could be avoided
Posted by Stephan H Wissel on 26 September 2010 | Comments (0) | categories: Business Singapore Software