optional checkout security = no sale

By Jason Sherrill
Posted on Jun 6, 2007

Comments (0)

Mildew Stain Away is a fantastic mildew stain remover that also prevents mildew from returning. I used to buy it at Damman Hardware, but they've gone out of business. Last night, I discovered that Amazon Products, the manufacturer, sells the product directly on their website. But due to a major mistake on their website, I'm willing to bet that they're not selling nearly as much as they could.

I had added a 32 oz container of Mildew Stain Away to my cart and then proceeded to the checkout. They use a one-page checkout (awesome, I love one page checkouts!) that collects your billing address, shipping address and credit card information on a single page. I started to fill out my billing information, but then I noticed a problem - the page was in standard HTTP mode (i.e., the page was not SSL encrypted). No SSL means that if I submit my credit card information through this page, it's sent through the internet in plain text, with no protection.

A checkout page with no SSL? Come on, that's e-commerce 101! I was even more surprised when I saw at the top of the page a link that said, "Click here for secure shopping".

Secure shopping should not be optional

My first thought was, "Uh, could there possibly be someone who would not want secure shopping?" Why is a non-secure checkout page even an option? At that point, I simply left the site.

So why didn't I use the secure checkout? My concern is that if security is such a low priority on their website, how will they handle my credit card information after I submit it? Will be it encrypted inside a database? Probably not. Will they send it in an unencrypted email? Possibly. Will they discard the data as soon as they're done with it? Who knows. I was not willing to take the risk, especially not for a $20.00 purchase, and not even for a product that I already know works well.

Why invest money into e-commerce, but not pay attention to the basics? I don't get it.