I don’t know about you, but my online ordering has recently had an uptick. I’m waiting for my groceries to be delivered as I type. It’s something I have never done before. It’s really quite amazing to realize how easily we used to run to the store for small items. Can you believe I ran out of pony tail holders? I mean, who does that? And my good, solid one is stuck in Massachusetts waiting for my return.

It’s a pet peeve of mine to have my hair in my face as I sleep so I needed a remedy. I ordered new ones online and found out there was an app for tracking the delivery so I downloaded it. To my horror, while logging into the app, I read the fine print:

Do you see that? They wanted access to my emails!!! Now I don’t know about you, but a lot of sensitive data goes to my emails. Airline confirmations, notes from family and friends, etc.

I deleted the app immediately

without setting up the account.

That very same day, a friend shared a screenshot of a communication online. I got permission to share it here:

If you can’t read that, it is a conversation where someone commented to a food provider:

Just a friendly heads-up, you shouldn’t be collecting credit card numbers this way. It’s not secure, people’s accounts could easily be compromised and you could have your own merchant accounts revoked.

The food provider responded with:

Hi. The form has to be downloaded to a computer and filled in. It is not an online fillable form.

The initial person ended with:

asking people to email it back to you is not secure. Credit card numbers should never be emailed, in any way. I work in tech. 🙂

As I read that, I realized that a lot of people are ordering online now. And not all of them work in tech support. How does one know what one does not know?

Clearly this shop owner thought they were doing the right thing for their customers. But what if they had installed the same app I almost installed? And what if they blindly accepted all the terms and conditions without really reading?

That would mean the app had access to emails, and now all customers are sending credit card information by email. Let me tell you this, my friends. It’s best to never send super-secure information by email.

Instead, when you shop online, look for sites with order forms on the site. When you do so, make sure a site is secure. There are two items to look for on that. In the web address bar, make sure there is a lock showing and that the web address starts with https — emphasis on the s there.

As Wikipedia describes it:

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet.[1][2] In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS,[3] or HTTP over SSL.

https://en.wikipedia.org/wiki/HTTPS

Please be careful as you create orders, my friends. Just as we want to stay safe with our health, we also want to take steps to make sure our assets are as safe as possible.

If you are selling anything yourself, make sure you use ssl. If you have a site with WordPress.com, you have nothing to worry about. All WordPress.com sites have ssl by default.

Feel free to add other tips, tricks, and observations in the comments.