This link has been bookmarked by 17 people . It was first bookmarked on 02 Jul 2006, by Leon Bambrick.
-
18 May 08
-
13 May 08
Paul BarryYou have to tip your hat to someone who is willing to invest this much effort raising awareness for something this small but annoying. He' right though.
-
12 May 08
-
11 May 08
-
-
Though I have a tolerably good handle on e-commerce software, I've not written much of it myself. In this respect, I'm not one to know what's going on under the hood at any given site: maybe there is a reason why something works the odd way it does.
But I've observed one technique that has been nearly universal: the practice of refusing to allow spaces or dashes in credit card number entry fields (this example from The Teaching Company):
Credit card numbers are always printed and read aloud in groups of (usually) four digits, and when verifying a number after entry (which involves looking back and forth between the card and the web form) one uses the spacing to resynchronize.
If there were some security or integrity reason for disallowing these characters, I guess I'd buy it, but I've not found a single good reason for it. The consensus among those that I've spoken to is that it's nothing but lazy, sloppy programming. I completely agree.
It turns out that sometimes one can clean up the spaces and dashes in the same amount of code as the instruction not to (this example in perl):
$ccnum =~ s/[-\s]//g; # (No dashes or spaces)
Credit card validation should never be done exclusively on the client side, and since the server does it anyway, I just can't find any good reason for this sloppy practice. Those who believe otherwise are very much encouraged to contact me with the reasoning.
Some sites cleverly avoid the "no spaces or dashes" shame by limiting the credit card entry to 16 characters: this has the same effect. It's just lame.
-
-
21 Mar 08
-
02 Jul 06
Page Comments
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.