A Taste of Insecurity / by Paulo Fierro

This weekend marks the 25th Taste of Cayman — a food and wine festival put on by the Cayman Islands Tourism Association (CITA).

This year you can buy the tickets online on their site built by Netclues. However, the purchase process is entirely insecure. Taking customers' credit card details in this manner is both irresponsible and unprofessional and it also violates the Payment Card Industry's (PCI) Data Security Standard requirements to protect cardholder data (point #4). I'm no lawyer but I believe if the card details were to fall into the wrong hands they would also be financially liable.

I tweeted at CITA and Netclues but they didn't reply.

When we help clients build anything, be it a site or an app it falls on us as the designers and developers to educate and inform them about issues like this. I am appalled that the people in charge of developing this site would roll out a payment solution without something as basic as an SSL certificate in place — trying to visit the tickets page over HTTPS results in a 404 error (page not found).

If a relatively inexpensive SSL certificate is not installed then I do wonder how much care and attention has been put in place behind the scenes to store credit card details in a safe and secure manner. 

Its 2013 — we should know better. We should expect better.

In any case, we are looking forward to attending the event but purchased our tickets the old-fashioned way.

In person.