GSC came back to me after I wrote to them on the issue and I was not surprised on the polite but “I tak kisah lah” (I don’t give a damn) type of answer that I got:-
Thank you for your patience in waiting for our reply regarding your concern. Let us explain to you that it is normal practice for personal information of financial and security nature to have the security layer you were referring to, but not for non-financially related personal profile information, e.g. GSC’s website member registration.
This can be seen for all cases of web based mails (my note: ya, right! see here for one wrong example) and membership systems, as it impacts on usage performance. You may be interested to know that for our online ticket purchase (E-payment) segment , the entire flow is on a separate SSL (HTTPS) based server as sensitive financial information like credit card numbers are keyed in.
Ok, perhaps someone did not understand my point. So, I elaborated further:-
Thank you very much for your quick response.
I am aware that it is non-financial related information and it may impact the server’s performance but it will not impact much (and hardware can always be upgraded). My reason for concern is that personal information is often used for ID Theft cases. Web based mail and membership system may require personal information to be submitted over unsecured line but most do not require very detailed information.
You may refer your website consultant to the following URLs for further information on ID Theft here and here.
Making your webpages (especially those requesting for NRIC) more secure will assist your organisation in better management of your member’s database security. I am sorry but I am not convinced on the level of security for me to indulge detailed personal information over unsecured line. Thank you again for your quick response and I hope to see a better webpage security in the future.
I though all hope was lost until I stumbled on this webpage over at Reader’s Digest. Yes, it asked for personal information but it was not too detailed to have everything under the sun and the best part, it was in a secured page. Now, here is someone who knows what is going on out there.
Perhaps some amateur webmasters need to go back to school. Their ignorance baffles me!No tags for this post.