More details have emerged of an e-commerce software flaw linked to the theft of credit card information from numerous websites. A security flaw in osCommerce, an open source e-commerce package, created a means for criminals to compromise 90,000 web pages with redirection scripts that ultimately directed surfers towards a site …
This is what pisses me off about a LOT of online transactions
The fact that many such online ordering wish to include cack from a number of different sites (the payment handler, maybe your own bank if it has "added security", sometimes resources from two or three domains for card verification scripts, logos, and security images) coupled with the fact that the system is, generally, unable to cope with a refresh. This makes it extremely difficult to use NoScript for such order processing, which would help reduce problems. No, I am not going to "grant permissions for everything" for the period of the order transaction, as - as this article shows - that's the time when you want to know that everything is under control.
Only the other week, I placed an order, went to the payment handler, gave it permission, it reloaded and the next thing I know I'm back in the company I was ordering from with my basket having been cleared! Checking my order history, none. I considered if I really needed the thing I was ordering, and decided that - no, I didn't. [and later got it cheaper from Amazon ;) ]