Following the Web Shopping risk context and the way the Web Shopping threats should be addressed, this post describes an example on how this has been done.


Scenario description

The user in this case is myself. I wanted to buy Kindle ebook reader, which was not being sold in Denmark at that moment. A few searches on Google led me to http://www.ebookreaderdenmark.com but it didn't take me long to decide that I need an alternative.

Web shop pages referenced

Note - I am not affiliated with the web shop or the owner in any way. The example is real and information presented is publicly available online. The post is not intended to bring "bad publicity" to the owner, but to showcase a real example of how I decided not to use the web shop.

1. Verify if web shop is legitimate and trustworthy

  • Physical owner and/or company information - there is no reference on an entity or person that owns the web shop. This is only mentioned as "Ebook Reader Denmark webstore (www.ebookreaderdenmark.com)"

  • Domain information - the domain registration date corresponds with the year mentioned on the web shop. The registrant details seem very generic and do not point out to any real identity.

suspicious whois entry

The location "Hong Kong" is however mentioned on the web shop, on the "Delivery" and "Terms of use" pages.

  • Customer and 3rd party reviews - The Facebook page seems outdated and not maintained.

outdated and not maintained social media page

  • Secure connection - there is no Secure connection while browsing the web shop, creating an account or logging in.

no https

  • Text - there are clear spelling and formulation mistakes that does not recommend the web shop as professional

grammar issues

It is 2017, but the year mentioned on the web shop seems a bit outdated.

old copyright

Some more ambiguous formulation that left me a bit blank.

 unclear terms of usage

2. Verify if payment options are legitimate and mentioned upfront

The "Privacy notice" page does state how the payment is being done.

 payment processing notice

As well as the image on the web shop

 payment processing notice

However, there is some very unclear formulation regarding additional costs on the "Delivery" page.

 payment processing notice

"Not likely" and "10% chance" to be taxed doesn't really assure me as a buyer that I will not end up paying more than expected.

3. Understand how your information is being processed

The web shop does inform about the information collected and the purpose, on the "Privacy notice" page.

 data handling notice

 data handling notice

What they do not inform about is :

  • how is this data is being protected ?
  • how is this data is being shared with other entities ?

Conclusion

1. Is this web shop legitimate and trustworthy ?

It does not look legitimate enough to be backed by real company and clearly does not look trustworthy, professional or even maintained. It might be a good example of a 1-man business that doesn't bother with the "small details".

2. Is the payment process clear, legitimate and trustworthy ?

The process is handled by a trusted 3rd party (PayPal), but the extra costs are not explained clearly enough.

3. Is my information handled properly ?

The web shop does inform of what information it is processed and why, but does not inform about how is it protected and who is it shared with.

Bottom line - clearly not a place to shop online for ebook readers.