Hi iVapers,
Based on some of the recommendations around the forum I visited your site the other day and placed my first order. During the process I noticed a couple of things that you really need to take a look at as an online business.
1) When I finished my shopping and proceeded to checkout, I was not automatically directed to a secure (https://) link. As a matter of habit, whenever I'm about to enter payment info, I double-check that the page is secure - and yours was not. I was able to simply change the address in the browser to https://[blah] and pick up where I left off, but all of your "Checkout" links should do that for me - otherwise you're placing your less security-conscious customers at risk (their credit card info - name, card no., exp. and CVE - would be sent across the internet completely unencoded).
2) Your site shows "members online" and shows their username. Most people now use their full e-mail address as their username, and so you are inadvertently sharing your customer list on your webpage by listing the online user's names. To fix that, you should (a) disallow '@' characters in your new-customer username field, (b) only display the part of the username up to the '@' character in the "who's online" widget, or (c) remove the "who's online" widget altogether.
Other than that, a pleasant shopping experience - but please understand these two issues are more than a peeve. In fact one of them is in direct violation of the PCI (Payment Card Industry) web security standards. And they both have the potential to expose your customers in ways I'm sure you'd rather avoid.
If you lack the technical savvy to implement these suggestions, feel free to PM me and I'd be happy to help you out. The changes are pretty simple and I'd gladly do it for an extra bottle of juice or something.
Based on some of the recommendations around the forum I visited your site the other day and placed my first order. During the process I noticed a couple of things that you really need to take a look at as an online business.
1) When I finished my shopping and proceeded to checkout, I was not automatically directed to a secure (https://) link. As a matter of habit, whenever I'm about to enter payment info, I double-check that the page is secure - and yours was not. I was able to simply change the address in the browser to https://[blah] and pick up where I left off, but all of your "Checkout" links should do that for me - otherwise you're placing your less security-conscious customers at risk (their credit card info - name, card no., exp. and CVE - would be sent across the internet completely unencoded).
2) Your site shows "members online" and shows their username. Most people now use their full e-mail address as their username, and so you are inadvertently sharing your customer list on your webpage by listing the online user's names. To fix that, you should (a) disallow '@' characters in your new-customer username field, (b) only display the part of the username up to the '@' character in the "who's online" widget, or (c) remove the "who's online" widget altogether.
Other than that, a pleasant shopping experience - but please understand these two issues are more than a peeve. In fact one of them is in direct violation of the PCI (Payment Card Industry) web security standards. And they both have the potential to expose your customers in ways I'm sure you'd rather avoid.
If you lack the technical savvy to implement these suggestions, feel free to PM me and I'd be happy to help you out. The changes are pretty simple and I'd gladly do it for an extra bottle of juice or something.
