Avalon Coach Tranfer (Sita) breach basic internet security

Status
Not open for further replies.

mh75

Newbie
Joined
Jun 15, 2010
Messages
4
Points
0
Just to be different, I am flying out of Avalon this weekend, as it was half the price of getting a flight from Tullamarine. Looking at the Sita Website for the Avalon Coach Transfer, they recommend bookings from Southern Cross, to avoid turning up to a full bus ... Ok no issue, securred site all looks good.

I got an email back from sita this morning, to say bookings are not necessary from Southern Cross, only from Werribee or from City Hotels ... OK, conflicts with the website, but can handle that

What I can not handle, is the fact that the email contained my full contact and credit card details. A total breach of basic internet security, to provid a credit card number over an insecure connection.

When I noticed this email this morning, I emailed sita back, for a please explain. No response has been received.

Yes, my credit card is being cancelled, but be warned if booking an Avalon Transfer on the sita website, as your details are not secure!
 

reductionist

Active Member
Joined
Nov 18, 2010
Messages
676
Points
5
Not only that, the Sita order page (whilst utilising SSL) is actually hosted on another domain (pixeltech.com.au) which appears to belong to the developer of the Sita coaches web site.

This is an extra set of hands that can potentially get their hands on your personal details. Absolutely horrible stuff.
 

markis10

Veteran Member
Joined
Nov 25, 2004
Messages
30,449
Points
10
Its actually a breach of PCI DSS standards, specifically requirement 4:

"Encrypt transmission of cardholder data across open, public networks".

Until the payments industry and the government authorities get more serious about the requirements and start naming/penalising offenders who openly fail to protect your data, such instances are going to continue to occur.
 

reductionist

Active Member
Joined
Nov 18, 2010
Messages
676
Points
5
Until the payments industry and the government authorities get more serious about the requirements and start naming/penalising offenders who openly fail to protect your data, such instances are going to continue to occur.
Exactly this.

I wish there was a process for complaining to the cert provider too.

Oh wait, their cert provider is a joke of a company.
 

straitman

Enthusiast
Moderator
Joined
Apr 27, 2003
Messages
17,871
Points
855
Qantas
LT Gold
Virgin
Gold
Exactly this.

I wish there was a process for complaining to the cert provider too.

Oh wait, their cert provider is a joke of a company.
Maybe the best answer is to put a post on notgoodenough.org and then send Sita an email showing the links to both that and this thread.


Sent from my iPhone using AFF Mobile
 
Easy to install and operate, this 10 in 1 lens kit can be used on your Smartphone.

The kit includes a 198 degree fisheye lens, 0.63x wide angle lens, 15x Macro lens, a super wide angle lens, 0.36X , 2x telephoto lens , Kaleidoscope Lens plus a circular polariser lens, star filter lens, flow filter lens.

AFF Supporters can remove this and all advertisements

thewinchester

Established Member
Joined
Oct 3, 2006
Messages
1,781
Solutions
1
Points
10
Maybe the best answer is to put a post on notgoodenough.org and then send Sita an email showing the links to both that and this thread.
The best action would be to identify who their merchant processor is (this information should be identified on your receipt). If this information is not on your receipt, a call to your Credit Card company will be able to secure this information.

Once you have that information (and specially if a big name bank), call their Fraud/Corporate Security unit and make an official complaint.

Pretty much every merchant agreement on the known universe that I've had the displeasure of reading requires compliance with PCI DSS rules for internet-originated transactions regardless if processed live or later via MOTO functionality.
 
Status
Not open for further replies.

Enhance your AFF viewing experience!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Community Statistics

Threads
87,707
Messages
2,161,277
Members
54,653
Latest member
Sodastream

Currently Active Users

Top