I happen to have a fairly generic Hotmail address as a 'spare' e-mail account, and routinely get e-mails from companies where someone has signed up to a website using my address.
The best behaved include an 'activation link' before the account can be used, verifying that the e-mail address really does belong to that person before allowing them to use the site. (Bonus points for including a 'deactivation link' in the e-mail straight away, that makes my life a lot easier.) Sadly, a great number of websites decide to take everything on trust and happily send out a welcome e-mail without doing any verification.
OK... so no big deal. The initial e-mail usually includes a username and password so I can log on, close whatever stupid account has been opened, and move on. In the rare and annoying cases where no 'Delete my account' is available I can always change the e-mail address (no verification, remember?) and password, ensuring it becomes a dead account that no-one has access to. Good. Shame on you for abusing my e-mail address in the first place.
Today, however, this happened with Juno Records. Not only did they happily let someone sign up to this site, they also allowed them to buy products on it, all without checking the e-mail address was genuine! It gets worse. Here's a screenshot from the site:
Oh lovely! So you're giving me... everything about them, plus their credit card details. Super. To be fair, the full credit card number was not printed (everything else was, though), so I couldn't have gone off on a shopping spree on any site - but I could have changed the address and ordered away? Do you really think the holder of the account, as stupid as they might have been to sign up with my address, would be happy with that?
This is sloppy design that puts people at risk.
The best behaved include an 'activation link' before the account can be used, verifying that the e-mail address really does belong to that person before allowing them to use the site. (Bonus points for including a 'deactivation link' in the e-mail straight away, that makes my life a lot easier.) Sadly, a great number of websites decide to take everything on trust and happily send out a welcome e-mail without doing any verification.
OK... so no big deal. The initial e-mail usually includes a username and password so I can log on, close whatever stupid account has been opened, and move on. In the rare and annoying cases where no 'Delete my account' is available I can always change the e-mail address (no verification, remember?) and password, ensuring it becomes a dead account that no-one has access to. Good. Shame on you for abusing my e-mail address in the first place.
Today, however, this happened with Juno Records. Not only did they happily let someone sign up to this site, they also allowed them to buy products on it, all without checking the e-mail address was genuine! It gets worse. Here's a screenshot from the site:
Juno Account
This is sloppy design that puts people at risk.
Comments
21:15:08 - 24/06/06
Well yes, I agree. But good software should try and help even the stupidest of users, not lead them astray. 
21:18:04 - 24/06/06
This is good to use in that assignment Dom! I can include the end user aspect as it asks for general issues as well! Thanks...
21:25:01 - 24/06/06
If you were someone else in a simmilar situation you could have logged onto the username and effectivley ordered something if the credit card details were stored.
Some of these companies need to spend a little time thinking!
Some of these companies need to spend a little time thinking!
22:18:17 - 24/06/06
Aaron
haha, one word. WOW
02:35:42 - 24/03/07
Add a Comment
Emoticons
Links are converted automatically.
By posting you accept the terms of comments.
By posting you accept the terms of comments.
I know an email address and credit card are 2 completely different things but I would never use someone else's email address for anything!