For a while I was unemployed and living off of credit cards. While unemployed, I racked up some credit card debt (surprise, surprise). Today, I was most pleased to pay off one of my cards. I paid online and that, I think, was a big mistake. I was rather concerned because their Web site was poorly designed. It was slow, it wasn't clear how to navigate and had graphics worthy of a third-grade HTML page. I ignored that but frankly, that should should have been a tip-off. If they couldn't spend the money to make it look professional, why should they care about professional code on those areas where you can't see it?
After paying my bill, I started thinking about that and figured I would check out what they set for my cookie. I like reviewing cookies from time to time because they can be rather informative. If I had access to your computer and you used this site to pay off your credit card, here's what I could learn just by glancing at your cookie:
- What company (if any) the card was issued to.
- Your login name on the site.
- Your first and last name (as it appears on the card).
- What email address you used to register with the site.
- The last date you logged into the site on.
- Your credit card number.
- Your PIN number.
Gosh, at least they weren't foolish enough to list the expiration date! Then we might have a security problem.
Oh, and the cookie doesn't expire for a year.