Card rejected/fraud detected by bank

deepinthewoods · 2020-08-04 08:30:10 UTC

I tried to order an axo last week and now my debit card is disabled I called the bank and they are sending me a new card. I couldn't really get many details about it, they just kept saying hackers might have been looking at my card details. Maybe it's something to do with https? the URL has 'not secure' next to it in chrome instead of the padlock icon. Anyway, thought you'd want to know...

ivofx · 2020-08-04 12:34:41 UTC

I successfully ordered and received units quite recently, I did notice that the shop url is not using https indeed. I believe I paid via Paypal however

Ersatzplanet · 2020-08-04 15:32:13 UTC

The "Not Secure" tag in front of the URL just means that the webpage has not paid money to obtain an SSL certificate and enable HTTPS on their site. It is an added expense that many sites just can't afford. Any webpage reached by "http://" instead of "https://" will show this. This forum for example.

jcgriggs · 2020-08-04 17:27:50 UTC

It means your info is being transmitted in the clear. I would not submit payment info in such a case.

Regards,
John

SmashedTransistors · 2020-08-10 12:13:47 UTC

I've bought my axolotis with paypal and did not have any issue.

jcgriggs · 2020-08-10 12:36:26 UTC

And when you were handed off to the PayPal site to actually pay, it was no doubt a secure HTTPS connection at that point (where you actually entered your sensitive financial info)...

Not trying to be argumentative or anything - just want to encourage people to be safe out there...

Regards,
John

SmashedTransistors · 2020-08-10 12:40:27 UTC

yes, sensitive data must be transmitted through a secured channel such as the one provided by paypal.

deepinthewoods · 2020-08-10 13:25:40 UTC

I've ordered one myself in the past successfully, this would have been my second. I think the banking laws have changed in the UK recently. It's a Nationwide building society visa debit card. I only posted on here so Johannes could know about a potential problem. It's actually worked out great for me, I didn't know the AKSO had been released so I'll just order one of those.

I believe SSL certificates can be had for free from letsencrypt.

Edit...I paid with paypal

Keeze101 · 2020-08-10 14:40:18 UTC

Sorry, but services like letsencrypt cost nothing. Even a payed certificate (like I use) cost me less than 50 euro/year. This may never be the argument not to use https, especialy on European websites that communicatie personal data. GDPR states that use of encrypted communication when dealing with personal data is mandatory. So, Johannes is in violation of GDPR atm.