Do you really thing O2 would allow your details to be insecurely passed from pillow to post and still be allowed to do business? |
Erm...yes! They already have!
Usage/data tracking issue aside, they are expecting their users to enter their credit card details into an unsecured form on a domain that has no relation whatsoever to O2. It is astounding that O2 have done this. Where is the PCI-DSS compliance to protect online consumer transactions? Do they even know how to protect us in this regard because by expecting us to use this form to remove the restriction they have shown they either don't care about our security or have no idea how to protect our security.
I am a web developer and I would never expect anyone using any of my sites to enter their credit card details into a form that was unsecured on a domain that the user wasn't expecting.
What if they unwittingly subscribe to premium rate services charging you £5.00 per message and running up a nice phone bill? |
What if my unencrypted credit card data was intercepted in wireless transmission or across the Internet and fraudsters ran up a nice credit card bill? Or does that not concern you?
How a company the size of O2 can get this so wrong is outrageous!
It is no wonder that a lot of people who have encountered this issue and posted here, had the first reaction that the site they were accessing had been hacked. This has been so poorly implemented that it looks like a phishing attack. In fact I've seen more convincing phishing attacks than this supposed 'offical' O2 procedure!
Doesn't anybody at O2 have a clue about online security? I assume O2 just told Bango to get on with it and implement the system, but judging by Bango's online presence and their inability to secure a simple transaction form, I wouldn't trust them to secure the newspaper I read yesterday let alone my online data. And then O2 expects me to believe that Bango will not share the data they are collecting about me because O2 says so?
It is an outrage that a company the size of O2 can think this is a sensible way of going about this. I don't think anybody resents O2 for trying to protect minors, but when they screw up the implmentation of that protection in such a massive way, they have to expect a backlash.
They could have:
- Issued a warning about this implementation by post, text or on their website explaining why it was necessary and to give users a heads up rather than the rude awakening we all got.
- Implemented this fully into their own website/domain, using an O2 SSL cert to remove any doubt as to the authenticity of the online transaction form and removing any reference to bingobangobongo.
- Ensured all online age protection removal tools (on O2 site, over automated phone) worked right from the start
- Not expect people to part with money to prove their age. That just made the whole procedure sound like an instant con. Potentially offer it as one way to do it online via the handset but offer plenty of alternative methods not involving cash transactions or going to the O2 store.
- Allowed people to remove age protection over the phone (202) right from the start
- Checked BingoBangoBongo's work before comitting live and inflicting their shoddy work on O2's customers.
- Ensured that the wording of any holding pages/info pages emphasised that this would be a ONE OFF procedure rather than a reapeated procedure that would cost a pound each time a user wanted to visit an affected website. Otherwise this comes across as no more than charging unfairly for free content to make a buck.
- Ensured that websites that were flagged as adult content, really contained adult content otherwise when put in the context of the previous point, it comes across as though O2 can charge a pound for access to any website no matter what the content and we have to pay extra despite already paying for online access.
- Walked before they ran! Prove O2 can protect customer's online presence properly before trying to holler from the hills that you are trying to protect our kids! If you can't do the basics how do you expect us to trust you on the other stuff?
O2, you have completely shot yourself in the foot with this one!
If you need assistance/consultancy regarding online practice, O2, you can contact me by my registered email address! I have a decent hourly rate!