Metamoris is not securely processing your credit card transactions
Posted by Bret Gold on
About a month ago it was brought to our attention that Metamoris is not securely processing your credit card transactions. They since made a statement that they have fixed the problem. Some further checking has confirmed that the site is still not secure enough to process your credit card transactions.
They have bypassed all standard procedures a site like this should go through to design a secure website to process your credit card transactions. On top of that, they have given the illusion of safety by putting words like "Secure Server" and images of padlocks next to text boxes used to enter your CC info. Further, if you know a little bit more about secure transmissions on the internet, they're transmitting the page using https, or SSL. While the page is using SSL, it is not transmitting your personal, protected data in a secure fashion. A man in the middle attack would see everything you submit.
Initially, they said they "fixed" the issue and suddenly you were directed to an https:// page when entering your secure information. Yet, during our testing, it is clear that your CC info is still being transmitted to their servers in plain text. If you're thinking "could this get any worse?", it does. Not only are they not transmitting your should-be personal and protected data securely, they're STORING it that way in their database. That's right. Your credit card information is being stored, in plain-text, on Metamoris.com's database. They are storing your card number for processing later; a HUGE no-no in online commerce. How do we know this? They're not using real-time credit card verification. You can use sandboxed CC numbers, used for transaction processor testing, on their site in checkout. They've since added a work-around make it look like those numbers aren't working, and in essence, they aren't; as in: you can't pay for the stream with a sandboxed CC, but they're still not doing real-time CC verification. Tsk Tsk. Did they think we wouldn't notice?
In the light of all of the bad press Metamoris and Ralek Gracie has been getting lately, this is another huge black-eye for the organization. I, for one, will not be patronizing their service until they can prove that my information is secure.
Share this post
- 1 comment
- Tags: BJJ, brazilian jiu jitsu, fighting, jits, jiu jitsu, martial arts, Metamoris, Serious Problems
Was this the case previously also? I subscribed to the 3rd and 5th installments, skipped on the 4th. Regardless. I had unauthorized transactions (small amounts; 49.95$, 34.95$ and $45.95) deducted from my CC to a Paypal account which was later terminated due to abuse of Paypal TOS. It’s currently in queue waiting to be resolved with ato pin point route cause, havent been refunded my money but only noticed the irregularities on Monday