- Use case - web shopping
- Addressing the threats - web shop legitimacy, payment process and information handling
- Scenario example - buying an ebook reader from a shady web shop - current post
The user in this case is myself. I wanted to buy Kindle ebook reader, which was not being sold in Denmark at that moment. A few searches on Google led me to http://www.ebookreaderdenmark.com but it didn't take me long to decide that I need an alternative.
Web shop pages referenced
- Privacy notice - http://www.ebookreaderdenmark.com/article.php?id=2
- Delivery - http://www.ebookreaderdenmark.com/article.php?id=7
- About us - http://www.ebookreaderdenmark.com/article.php?id=5
- Facebook page - https://www.facebook.com/Ebook-Reader-Denmark-605383322816437/
Note - I am not affiliated with the web shop or the owner in any way. The example is real and information presented is publicly available online. The post is not intended to bring "bad publicity" to the owner, but to showcase a real example of how I decided not to use the web shop.
1. Verify if web shop is legitimate and trustworthy
Physical owner and/or company information - there is no reference on an entity or person that owns the web shop. This is only mentioned as "Ebook Reader Denmark webstore (www.ebookreaderdenmark.com)"
Domain information - the domain registration date corresponds with the year mentioned on the web shop. The registrant details seem very generic and do not point out to any real identity.
- Customer and 3rd party reviews - The Facebook page seems outdated and not maintained.
- Secure connection - there is no Secure connection while browsing the web shop, creating an account or logging in.
- Text - there are clear spelling and formulation mistakes that does not recommend the web shop as professional
It is 2017, but the year mentioned on the web shop seems a bit outdated.
Some more ambiguous formulation that left me a bit blank.
2. Verify if payment options are legitimate and mentioned upfront
The "Privacy notice" page does state how the payment is being done.
As well as the image on the web shop
However, there is some very unclear formulation regarding additional costs on the "Delivery" page.
"Not likely" and "10% chance" to be taxed doesn't really assure me as a buyer that I will not end up paying more than expected.
3. Understand how your information is being processed
The web shop does inform about the information collected and the purpose, on the "Privacy notice" page.
What they do not inform about is :
- how is this data is being protected ?
- how is this data is being shared with other entities ?
1. Is this web shop legitimate and trustworthy ?
It does not look legitimate enough to be backed by real company and clearly does not look trustworthy, professional or even maintained. It might be a good example of a 1-man business that doesn't bother with the "small details".
2. Is the payment process clear, legitimate and trustworthy ?
The process is handled by a trusted 3rd party (PayPal), but the extra costs are not explained clearly enough.
3. Is my information handled properly ?
The web shop does inform of what information it is processed and why, but does not inform about how is it protected and who is it shared with.
Bottom line - clearly not a place to shop online for ebook readers.