Dr. Bott Stinks (Somewhat)
posted on july 14, 2004, tag: random
Update: Eric Prentice, CEO of Dr. Bott, LLC has responded to this entry to clarify that the site does indeed have a secure checkout option and has apologized for the incorrect response the CSR gave over the phone. This entry will remain intact for posterity.
I had an interesting experience with Dr. Bott today. They sell computer parts (mostly Mac stuff), and they had a firewire hub I'd been looking for, and for $10 cheaper than anyone else. Happy with my find, I added the product to my cart, registered as a new customer and clicked to check out.
I was just starting to enter my credit card information when I happened to glance down at Mozilla's lock icon and noticed it wasn't, in fact, locked. Thinking I had missed a link to a secure checkout, I back-tracked. Nope, insecure. I looked around for a few more minutes, then I gave up and called them.
Me: "Is there a secure checkout area of your website that I am not finding?"
CSR: "No, we don't have a secure section."
Me: "Um, why not? You're taking credit cards."
CSR: "We have lots of customers, there haven't been any problems. We don't have any problems."
Me: "Okay, but that's not your security stance, I would assume—that because you've never had a problem you don't provide your customers with proper security?"
CSR: "I get a lot of calls. I deal with big clients, lots of clients actually [laughs]. They all don't mind. They make purchases all the time."
Me: "That's great, but that's not a reason to be insecure. You're telling me that because you've never had a problem, you don't care your site is insecure."
CSR: "I can take your order over the phone. But I have a lot of big clients, and they use the site."
Me: "That's beyond ridiculous, to tell me that is your reasoning. Are you saying my apartment shouldn't have a fire alarm because I've never had a fire?"
CSR: "No, no, but we just don't have any problems. You want me to take your name?"
Me: "No thanks, I won't be buying from you."
I will never buy from a website that does not provide security when I'm sending my credit card information. Ever. No matter who they are. You shouldn't either.
On a side note, Shawn and I have just finished shooting our second short. Look for it soon.
Comments
There are 10 comments, comments are closed
Joshua Zika on 07/14/2004:
I don't understand how that stops you from ordering over the phone. By the product from a different website, or send them an e-mail about how easy it is to take credit cards securely.. The Apple site sells Dr. Bott stuff..
Tomas on 07/14/2004:
Joshua: For one thing, it says something about their stance on security. Perhaps they are as lax about security in all aspects of their business?
Secondly, regardless of wether there are other ways of obtaining their products, this is a good reason to choose another vendor. This is the only power consumers have available.
Frank on 07/14/2004:
I don't blame you, Garrett. I used to work for Visa/MasterCard, and you wouldn't believe the number of people that were selling online without using secure methods. It's not only an sure-fire way to turn away security-conscious clients, but it's against Visa/MasterCard policy. These guys could lose their merchant accounts for taking numbers online without secure means.
Garrett on 07/14/2004:
I should have noted that the product I was looking to buy wasn't actually a Dr. Bott product, it was Belkin—they just carried it.
And yes—this is about sending Dr. Bott a message that it is not acceptable to be careless with their customers. It's all too easy these days to have your identity or your credit card numbers or both stolen on the Internet, and any company that doesn't care enough to protect its customers from this is not worth doing business with.
Garrett on 07/14/2004:
I swear it wasn't yesterday. And I looked around, too. And why would the woman say all that to me if it was secure?
At the same time, is it possible they made it secure within the last 24 hours? I guess it is, but it seems unlikely. This is all very strange.
David July on 07/15/2004:
The certificate itself is valid from Friday, 24 January 2003 to Sunday, 23 January 2005, so the reason they were not using it when you were attempting to make your purchase is elusive. A reasonable theory would be that someone whilst performing site maintenance botched things up a bit and inadvertently removed references to the certificate.
However, based on the conversation you had with this company it seems a good idea to me to simply take your business elsewhere, SSL or not.
Eric Prentice on 07/28/2004:
Hi, someone just pointed me to your blog post. I have to really apologize for this situation. I'll certainly check with our sales manager and try to find out what happened here. It sounds to me like the person you got on the phone didn't understand your question and "punted" instead of finding out what the real situation was. I really apologize for this. This isn't the kind of experience we want our customers to have.
As far as the security of our site, our cart is indeed secure and there have been no changes to our setup in the last 6 months so I'm not sure exactly what happened in your case. We do take security seriously.
Again, please accept my apologies for your experience.
Eric Prentice
CEO, Dr. Bott LLC
Garrett on 08/05/2004:
Thanks very much for responding to this, Eric. I've updated the entry appropriately, and I appreciate you taking the time to clarify.