back to article Shuttle bus firm Terravision belatedly adopts https for credit card sales

The pro-privacy 'https everywhere' campaign is gaining traction, but one e-commerce site is only just adopting the long-established technology in order to keep credit card details safe. Airport shuttle bus firm Terravision has just moved to https for online sales following a El Reg reader complaint. Tom W complained to both …

  1. Anonymous Coward
    Anonymous Coward

    It's bad enough we have to suffer El Reg with 10 foot tall graphics filling the screen....

    ....it's worse when they bear no relation to the problem mentioned in the article.

    And my irony meter broke given El Reg have no SSL encryption for username and passwords supplied to it's site.

    1. Your alien overlord - fear me

      Re: It's bad enough we have to suffer El Reg with 10 foot tall graphics filling the screen....

      Ironic that you think ticking the Anonymous box will hide you from the el Reg ironic police.

      1. Ambivalous Crowboard
        Facepalm

        Re: Ironic that you think ticking the Anonymous box will hide you from the el Reg ironic police.

        It isn't about that. It's about submitting any credential pair to anything should be done via SSL now, lest you find out someone's written an article on an IT news website about your lax security.

        Unless you *are* the news website, that is.

    2. Ambivalous Crowboard

      Re: ...it's worse when they bear no relation to the problem mentioned in the article.

      Agreed. I wondered what the story had to do with instragram.

      Ed: You know we can't publish it without an image, John.

      John: But how do you represent something that isn't there?

      Ed: Well, it's about SSL in general, isn't it? Didn't we do a piece on instragram having a leak, or something, a few years ago? Just use whatever was on there.

      John: Uh, are you sure?

      Ed: Yeah. The coding on the site won't allow us to run a story without a pic any more, just use one of your pet dog or something. Nobody even looks at them, let alone expects them to correlate to the actual article.

  2. mark 120

    Excellent. You've fixed the HTTPS issue, now can you publish your PCI Attestation Of Compliance please? I'm sure you have one, being a merchant taking a large number of card transactions ...

  3. Voland's right hand Silver badge

    Call in an airstrike

    Call a PCI DSS audit. Or even better - write to Visa and Mastercard directly.

  4. Chris Griffin
    Pint

    Can't blame them

    They've been obsessed with Tequila since the mid 90s.

    1. Karl Austin

      Re: Can't blame them

      They certainly know how to make friends and influence people.

  5. Your alien overlord - fear me

    I think I should start up a coach service, all I need are members of the public with their own coaches and a website to take peoples money. I think I'll call it UKer, because it's in the UK and , er.

  6. knarf

    F%£££$£ Hell

    All customer data input should be done under https or it is considered to be breach and I mean anything personal about the customer.

    So if you log in and say plan a journey then that journey is considered to be personal data.

  7. Phil Endecott

    My favourite example of this was a site where card details were "encrypted" by a chunk of JavaScript and then transmitted over plain http. Except that if you had JavaScript disabled, as I did, that code didn't run and the unmodified card number was sent. Very frustrating that visa and MasterCard don't have any obvious way for the cluefull to report things like this.

  8. Dr Paul Taylor

    Not too harsh please

    Terravision at least provides some competition to National Express on airport routes.

  9. Anonymous Coward
    Anonymous Coward

    With an oversight like that

    I still wouldn't give them my credit card number, because they've probably got gaping holes in their internal network where it isn't so visible to the casual observer.

    1. Karl Austin

      Re: With an oversight like that

      That's the thing, if they can't be bothered to accept the details over HTTPS, then what are they doing with them once they've got them? Just sticking them plain text in a MySQL DB? Printing them out and leaving them lying around? etc. etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like