Wednesday, July 15, 2009

Scripts and ShopSafe

My credit card, which gives me miles on my favorite airline, is managed by Bank of America.

The credit card's website has a nice feature nicknamed ShopSafe, where it will generate a "fake" credit card number to use once when doing a purchase online. Thus I do not risk spreading my credit card number around needlessly.

However, notice that the web page is part of www.mbnashopsafe.com, not bankofamerica.com. The javascript link to the ShopSafe page provides no indication that a change of domain name is about to happen.

I use the Firefox addon NoScript, and the first time I tried to use ShopSafe I became very confused. For some strange reason, not allowing scripts for www.mbnashopsafe.com sends the web browser to the "register for an online account" part of the Bank of America website when you try to do anything relating to ShopSafe. Since I had an online account and was actively using it, this puzzled me greatly.

I used ShopSafe for the first time to help a friend by paying her Cricket phone bill. Today I'm using it to renew the car's DMV registration. Enough government computers have been hacked lately that I definitely don't want to give the DMV website my real credit card number!

No comments: