By Sally Watson, 16 December 2001 09:00
NEWS Grocery giant Tesco.com has flouted government guidelines by launching a series of online warehouses which appear not to have any security measures in place. Despite the fanfare surrounding the publication of the DTI's safe online shopping tips two weeks ago, security procedures on the supermarket chain's new web warehouses - which sell books, CDs, furniture and wine - are conspicuous by their absence. Confused shoppers contacted silicon.com fearing their credit card details had been compromised when they realised there was no padlock or key symbol displayed on their browser, or 'https' in the web address, to indicate the presence of encryption technology. An enquiry to Tesco.com's customer services brought assurances that despite its appearance the site is based on SSL (Secure Sockets Layer) technology and credit card details are being encrypted in transit. But Leigh Shepherd, customer service manager, admitted it was difficult for shoppers to tell. "We are currently working on the security of the site you have mentioned as we do recognise that when the details are being typed in, that the site is not in https access," he wrote. "I would like to assure you, however, that although the https is not current when inputting the details, when the card information is sent, this is done securely. Our IT department is working on a fix to this which will be released in the early part of 2002." Neil Hare-Brown, director of QCC Information Security, confirmed that the credit card pages were unsecured. "They don't think about security when they are putting these sites up," Hare-Brown said. "It literally is just a web designer taking the time to enter a little bit of code." The DTI's secure online shopping campaign, fronted by Birds of a Feather actress Linda Robson, urges users to check sites are secure. The government's consumer gateway tells users to "look for a closed padlock sign at the bottom of the screen. It shows that your details are protected when being sent."
Comments
There is 1 comment. Join the discussion
1. Sean Burns
Could somebody important please investiage orange (mobile telephones) website. When entering credit card details or account numbers and passwords, there is no padlock in IE6? I phoned them and an operator told me straight away that the site is secure - i'm surprised she didn't have to check with the Web development department!! Somebody please work this one out for me.