Monthly Archive for July, 2007

Yummy

Published by Francois Jordaan on July 20, 2007 in Misc. 1 Comment

Just came across L’enclume’s delectable little website. HTML pretending to be Flash, with all the advantages of HTML. Search-engine friendly, bookmarkable, readable, accessible.

Made by Fudge, whose own site is very well built on similar principles. Look at a page like this, for example, with and without CSS or JavaScript. Graceful degradation in action.

Back to food, I found l’enclume via this mouth-watering post. Anyone for “Cold foie gras slices, with foie gras ice cream on a pistachio and nori wafer”?

Thanks for the link, winjer!

Ebuyer / Bank of Scotland adopts Verified by Visa

Published by Francois Jordaan on July 3, 2007 in User experience. 4 Comments

The scourge of Verified by Visa continues. A 2-page step is tacked on at the end of a normal checkout process: see screenshots 1, 2. (You may find this useful if you’re forced to implement it yourself in future.) Yes, it sits inside an iframe in the page. Two things (security code and expiry date) you’ve already provided earlier in the process and are forced to provide again.

If you click “How will it be used” next to the email address, it opens a popup window with an explanation.
On the next step, if you click Help, it opens Help in the previous popup window (in the background, so you may well not notice anything had happened), which has no scrollbars, fixed-width layout wider than the window, and cannot be resized, so the only way to view all text is to select-drag.

The Help page actually mentions accessibility, but merely provides useless lip service. What good does it do to link to the WCAG, or to screen readers? And how much can you trust it if it claims “Support for No Java Script” (sic), while the popup window wouldn’t have opened without JavaScript? Or even, god help us, when in-page anchor links look like this: <a href="javascript:moveToInerLink('#DDA');"> (sic).

After purchase completion, you receive a lengthy “Welcome to Bank of Scotland Secure” email message urging you to personalise it with a new login name and “personal message”. Any novice online shoppers who’ve made it this far is likely to throw their hands up in confusion.

This is supposedly all for our security, but already, phishing scams mimicking Verified by Visa abound. How long before phishers start mimicking the Verified by Visa Iframes? Using an Iframe you can’t even see the domain name, the https or little padlock. The pages in the Iframe are served from https://www.securesuite.co.uk/hbos/, itself not exactly a reassuring household name (note that the scam above is served from http://usa.consumers.datasecurities.net)

Visa’s response is this complacent, self-serving attitude: “The interesting thing about these Verified by Visa phishing attacks is that they further the argument to sign up for Verified by Visa, which is designed to thwart fraudulent payment transactions,” And if that doesn’t give you the horrors, “Visa is looking into a system under which a card issuer could require a cardholder to register for the program before completing an online checkout process” (my emphasis).