I have to say that when I came across this blog post, I just sat there laughing. Then I stopped laughing when I realized what an issue this is, could you imagine if many sites started doing this and people believed that their transactions were “secured” by SSL. Everyone talks about compliance standards but maybe we need something a little more serious. A way of shutting down sites that do something like this, or at the very least, a fine that causes severe monetary impact to their business.
I realize that you can’t police the internet, but individual countries can police companies that operate within their borders, so let’s start there. We simply need someone to bring it up at the G8 meeting, after all this is much more important than all the discussions on the fictitious issue of global warming. If you require a business permit to operate in a business legally and have to pay taxes and abide by laws, subject the companies to additional regulations related to tricking the customer on the web, or not following best practices. It’s that simple.
I’m sure people will argue that it’s impossible to police the internet, which is why you stick to this per country basis. There will always be malicious sites that dupe the user… that’s unavoidable but in the countries that can do something… do it. Punish these businesses for malicious actions. Take the example that started this post, slap aferry.co.uk with a $10,000 fine. See if they bypass buying that $10 SSL cert again.
