YBW on line shop

howardclark

Active member
Joined
16 Sep 2001
Messages
359
Location
S. Wales
Visit site
Anyone tried it out yet? If so don't bother, the site is dysfunctional and could cause you to throw your computer out of the window. Don't these people test things out before they let them loose?
 

kimhollamby

Active member
Joined
16 May 2001
Messages
3,917
Location
Berkshire, Somerset, Hampshire
www.kimhollamby.com
Which shop? The marine store?

If so it is hosted by Compass and built by them but with some input from our end. It was tested. Can you please let us know which parts you find dysfunctional as we would be interested to hear your more detailed views, either here or by sending an e-mail to matthew_harvey@ipcmedia.com

Associate Publisher ybw.com websites kim_hollamby@ipcmedia.com
 

howardclark

Active member
Joined
16 Sep 2001
Messages
359
Location
S. Wales
Visit site
1. The search facility worked only once in many attempts.
2. No matter how many things I put in my basket, my basket was still empty!!!!
3. It is mandatory to fill in a village name when giving your name and address even if you have given a street, town and region. I don't live in a village but the website couldn't get it's head around that one.
4. The website refers to things like 'click on "order on-line"', but there's no such place to click!
5. The split screen is just annoying, cramming all the details into one small part of the screen - but I accept that is just my preference.
I could go on & on. I am browsing with Internet Explorer through NTL and do not have problems generally. I rebooted and tried several attempts - it's hopeless
 

rogerroger

New member
Joined
11 Jul 2001
Messages
863
Location
West Sussex
www.myboatdetails.com
I've not looked at the site - but on a visit to the compass web site a few months ago I noticed that not only were your credit card details not sent over an encrypted link but were actually sent to an email address using a "form to mail" script.

In other words - no security at all.

However, I'm sure YBW would not have commissioned them if this was still the case...

Roger Holden
www.first-magnitude.co.uk
 

JeremyF

New member
Joined
13 Jul 2001
Messages
782
Location
Solent
Visit site
NO SECUIRITY ON COMPASS SITE

Kim,

I think Rogerroger is right. The ordering page is a regular web page. Theres no https and padlock on the page when you enter credit card details.

I suggest that you take the link down immediately before it causes IPC trouble.
 

rogerroger

New member
Joined
11 Jul 2001
Messages
863
Location
West Sussex
www.myboatdetails.com
Re: YBW on line shop - it\'s OK

I've now had a surf round it - I actually quite like it - what browser are you using ? as I don't seem to have experienced the same problems and usually most sites don't bother testing on Macs at all and it seems OK.

The visual design is nice and the use of text nav keeps the page weight down and it loads quite quickly.

However - I would say that the site has probably been "system tested" rather than "usability" tested.

Your point about "village" is a good one, although rather quaint I thought - if you're British then you MUST live in a village! - the yanks would love it !

The search facility though is a bit of a mystery and I think the results have something in common with a certain draw every Saturday and Wednesday by Camelot.

I entered "log" and got...

Oilies, GPS receivers, masthead / deck light, reading lights, binoculars, deck shoes, fleeces etc!!!

There were some speed / log instruments in the list to be fair.

Interesting to see "T&C" on the site - I'm familiar with the abbreviation but wonder how many other people know this means "Terms and Conditions"? - could be an interesting legal point if someone said they could not find "Terms and Conditions" on the site.

All in all I'd said it's already the best online chandlers - compare it to some and it's head and shoulders above. One thing that annoyed me though - was in product lists the image was not hyperlinked to further details although it is in the search results.

After a few more glasses of red tonight I'll probably place an order!!

Roger Holden
www.first-magnitude.co.uk
 

bedouin

Well-known member
Joined
16 May 2001
Messages
32,241
Visit site
Re: Not that bad

I actually quite like the site - the design is clean and works well; although the taxonomy has not been particularly well thought out. I also found that searching seemed to work well, as did the shopping basket.

It is certainly a vast improvement over the old compass website if you ever tried that one!

The point about requiring 'Village' is a good one - that should be rectified, even county is not really required these days.

As for security - in spite of the scare postings in this thread, the order form IS secure - it does use 128 bit SSL encryption and https. I agree they should make this more obvious, it looks as though their use of Frames is preventing the browser from realising that the forms part of the frameset is in an https session.
 

JeremyF

New member
Joined
13 Jul 2001
Messages
782
Location
Solent
Visit site
Re: Not that bad

I bow to your superior knowledge, Bedouin.

I always see https and the padlock whenever I visit an e-commerce and banking site, and their absence on the Compass one concerned me. If I am not unique, they should try and replicate these features to put minds at rest
 

kimhollamby

Active member
Joined
16 May 2001
Messages
3,917
Location
Berkshire, Somerset, Hampshire
www.kimhollamby.com
SECURITY

Extract from the Compass security terms displayed on every page of the site:

Secure data transmission

To transmit your order information, we use a THAWTE 128-bit secure data encryption system. This ensures that your payment details are securely encrypted for transmission via the Internet.

128-bit encryption is a relatively recent innovation in Europe, and is therefore only supported by browser versions from Internet Explorer 5.01 and Netscape Communicator 4.7 onwards. All previous versions work with 40-bit encryption.

Associate Publisher ybw.com websites kim_hollamby@ipcmedia.com
 

kimhollamby

Active member
Joined
16 May 2001
Messages
3,917
Location
Berkshire, Somerset, Hampshire
www.kimhollamby.com
"on a visit to the compass web site a few months ago I noticed that not only were your credit card details not sent over an encrypted link but were actually sent to an email address using a "form to mail" script."

As you have guessed, we don't solicit standard form-mail transmission of credit card details anywhere on the ybw.com network.

Associate Publisher ybw.com websites kim_hollamby@ipcmedia.com
 

rogerroger

New member
Joined
11 Jul 2001
Messages
863
Location
West Sussex
www.myboatdetails.com
Re: Not that bad

The site might be as secure as Fort Knox - but it's people's perceptions that count - as you write, if you did not see https or the padlock then you're likely simply not to trust it.

The site apparently uses 128 bit encryption but only works on browsers higher than IE5 and Netscape 4.7. Although version 3 browsers are pretty much ancient history now, there are still many using IE4 for example.

And what about browsers by Opera? iCab? OmniWeb? AOL ?

Personally I think there's a lot of rubbish talked about security on the Net - I'd rather use my card on the web than give it to someone at a petrol station for example.

My card number was used fraudulently once and I was interviewed by the police who reckoned someone in a Nigerian crime gang had got hold of my number at Earls Court !! ... now why would I have been there I wonder!!



Roger Holden
www.first-magnitude.co.uk
 

rogerroger

New member
Joined
11 Jul 2001
Messages
863
Location
West Sussex
www.myboatdetails.com
Re: SECURITY - hmm, you\'re right

"Browser Compatibility
Thawte's SuperCerts are recognized by IE 5.01, Netscape Communicator 4.7 and later browsers. Older browsers will still create a secure SSL connection at 40, 56 or 128 bits depending on the precise browser version."


Extract from http://www.compila.com/thawte/supercert.htm

Looks like it's about as secure as it can get !! Perhaps it's worth highlighting this on the page where you enter your credit card details rather than hiding it away under the "security" link at the top.

Roger Holden
www.first-magnitude.co.uk
 

bedouin

Well-known member
Joined
16 May 2001
Messages
32,241
Visit site
Re: Agreed

But if fairness to Compass, it is IE that shows those symbols rather than the webpage; if you use a Netscape browser then it does correctly identify the page as being secure - please direct complaints to Bill Gates. Okay - that is not a particularly good excuse, but they do go out of their way to stress that the site is 128 bit secure...

The definitive way of discovering what security is being used in IE is to right click IN THE FORM (not in the nav areas around it) and select the 'Properties' menu item. That gives you the details of the encryption and certificates being used.

As to security in general - in spite of wide-spread concern about sending CC details over the web there is very little (?no?) evidence of fraud related to details being captured that way - and even there were fraud you would not be in any way liable.

For those of you who are not already aware, this year will see the start of a major change in the way security for on-line credit-card payments. These will become MUCH more secure, but also potentially must less convenient for us to use.
 

kimhollamby

Active member
Joined
16 May 2001
Messages
3,917
Location
Berkshire, Somerset, Hampshire
www.kimhollamby.com
Re: Not that bad

Accept what you say about browsers but for the record, these days we test to IE5 and Netscape 4.7, on PC and Mac, assuming an 800 x 600 screen. That provides enough headaches as it is. A small bug with AOL7 on the www.mby.com site was flagged up last week and that may be the next browser to get added to the test list, for some obvious reasons!

Associate Publisher ybw.com websites kim_hollamby@ipcmedia.com
 

webcraft

Well-known member
Joined
8 Jul 2001
Messages
39,942
Location
Cyberspace
www.bluemoment.com
Web security

Would you rather give your card to a foreign waiter who disappears into the kitchen with it for five minutes? Or give the card details over the phone when anyone could be listening - especially if it's a mobile.

People are paranoid if they don't see a padlock, but https is not the only way - java encryption systems (such as that used by Actinic) can be more secure; traditional secure server systems often leave card details on a web page which can be accessed by a simple password and user name.

Kim's right - I'd rather give card details over the web, fraud is very limited.
 
Top