PSA: Watch out with bedbathandbeyond.com

[FP]

I just ordered something from Bed Bath and Beyond and noticed after I had submitted my CC info that it was sent over HTTP (ie they don't use SSL).

WTF???

What company doesn't use SSL for their online transactions these days? Especially one that big?

Should I call my CC company and tell them what happened or just watch for strange charges? I know someone would have to be looking for this information but it still makes me feel funny knowing my info is floating around teh intarweb.

I am hereby boycotting BB&B until this is resolved.

Carry on...

 

[So]

...k

I wouldn't buy stuff online there anyway.

 

[FP]

Originally posted by: So
...k

I wouldn't buy stuff online there anyway.

I normally wouldn't but a good friend is registered there for their wedding.

 

[Goosemaster]

ouch

 

[GeekDrew]

notify visa

 

[JDrake]

Originally posted by: GeekDrew
notify visa

Or w/e CC you use :Q

 

[FP]

Originally posted by: GeekDrew
notify visa

Just did (AMEX).

They said they can either replace the card or just note on the account that I called to inform them of the incident.

I opted for the latter because I pay many bills with my AMEX card and don't want to have to go through and change the CC number on all of the sites.

I think this is just an error on BB&B's part because their privacy policy indicates that they do use SSL.

 

[FP]

Ha, after 3 e-mails back and forth with them reassuring me that they use SSL, their site is back to using SSL for the checkout process.

No e-mail thanking me. I wonder how long it had been like that.

 

[AmigaMan]

it could be that the form submitted to a secure site while existing on a nonsecure site. The information that gets transmitted is encrypted. Some sites do this to alleviate load on their servers since SSL entails encryption which requires some extra processing power.

 

[FP]

Originally posted by: AmigaMan
it could be that the form submitted to a secure site while existing on a nonsecure site. The information that gets transmitted is encrypted. Some sites do this to alleviate load on their servers since SSL entails encryption which requires some extra processing power.

Nope. The form was submitting over http.

It has since been changed to be entirely over https once you start the checkout process.

 

[imthebadguy]

yo it is ssl, i just tried checking out, atleast the first part is ssl

 

[dartworth]

If you prefer not to disclose your credit card information online, you can always place your order by calling 1-800-GO BEYOND® (1-800-462-3966) or visiting one of our many stores. Click here to locate the store nearest you and to receive driving directions.

 

[FP]

Originally posted by: imthebadguy
yo it is ssl, i just tried checking out, atleast the first part is ssl

:roll:

Did you even read the entire thread?