Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: buckworks
The page is hosted by a third party (Get Active or ga0). There is one GET (not POST) variable attached to the URL with about 50 characters, so it would probably be hard to guess someone's variable.
If I want to change my credit card info, the site takes me to a SSL page.
My question: Is this insecure? Or am I being paranoid?
Displaying the last 4 digits of a card number shouldn't be a problem because credit card companies permit the last 4 digits of a card number to be transmitted in email and printed on customer receipts. However, the card expiration date is confidential and by storing or displaying it they are violating the card processing agreements and opening themselves up for fines.