Why Ruin A Good Brand With Poor Security?

That little yellow padlock icon at the bottom of your Internet browser window may be giving us a false sense of security.

I made an online purchase today via a customer update form on a secure Web page. The URL included “https” and the little yellow padlock icon was definitely there, at the bottom right of my Flock browser.

Imagine my dismay when I discovered that this “secure” form transmitted all of my sensitive data via form mail. My full name, address, phone number, credit card information … the whole works, traveled from a secure web page via a non-encrypted email to the corporate inbox.

How did I learn of this? The thank you page linked back to a free Form Mail script archive. Oh yes, I’m feeling like a valued customer now!

Not only did it make the trip once, but an employee who received my form was also kind enough to answer a question, and replied to me with all of my form data in the body of her email. There were no x’s replacing credit card numbers or expiration date. Nope, it was all there for any reasonably proficient identity thief to see.

Why would any company that offers a good product and otherwise excellent customer service, fail so miserably on basic Internet security? The employee apologized for her error, but this isn’t a little “oops, I screwed up” type of mistake. Because the company didn’t take the time or effort to consider how their foolish shortcut could harm their customers and didn’t bother engaging in the most basic Internet security training, they’ve lost my trust. In my mind, their brand has gone from “quality product, excellent service” to wondering what other shortcuts they’ve taken.

Small Business Takeaway – If you collect ANY sensitive customer data, make sure you either know how to collect and transmit that data securely or hire someone who knows what they’re doing.