Team-BHP > Shifting gears


Reply
  Search this Thread
2,220,640 views
Old 20th October 2020, 21:24   #6646
BHPian
 
Join Date: Nov 2004
Location: World
Posts: 123
Thanked: 175 Times
Re: The Online Shopping Thread

Hello friends,

Have any of you guys ever shopped from the Wonderchef online store? Are they reliable? The reason I'm asking is that the thing I'm planning to buy is not available elsewhere. Thanks for any help.
.
meerkat is offline  
Old 20th October 2020, 21:32   #6647
BHPian
 
RavSam's Avatar
 
Join Date: Oct 2014
Location: Somewhere in MH
Posts: 679
Thanked: 2,784 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by Jaguar View Post
Of late, I am seeing that for many products, Amazon doesn't have a free return option, just a free replacement (with the same product). Maybe a post-covid change.
Lot of well to do people have ordered clothing on Amazon, used it for functions and returned it before the return period.

Although they should not completely eliminate the return policy but can atleast reduce the number of days.
RavSam is offline  
Old 21st October 2020, 10:51   #6648
BHPian
 
Prowler's Avatar
 
Join Date: Jul 2008
Location: Madras
Posts: 770
Thanked: 1,301 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by binand View Post
You don't need to reduce the level of trust just because a site uses a cert issued by Let's Encrypt. That is a canard spread by for-$$$ certificate issuers because LE was eating into their profits.
I beg to disagree. If you are collecting sensitive information in your site you will need to fork out money to obtain EV certificate from proper authority. I will quote the checks they will perform before they issue your SSL certificate:

1. Make sure you’re a legal entity, registered officially e.g. LLC (US), Ltd. (UK), Pty. Ltd. (AUS), GmbH (Germany).
2. Verify you have a legitimate place of business which will be included in your EV Certificate i.e. your listed physical address is not a mail drop, P.O. box or third party address.
3. Call you using your publicly listed phone number to make sure it’s active. And the person who signs the SSL contract must be a full-time employee.
4. Verify your operational existence, meaning a check into official records confirming your business is financially and commercially active.


The first step any potential buyer will look for is credibility. The EV Green lock establishes that you are what you claim you are. I wouldn't trust a free SSL when I am asked to pay for a product or service from that site. Let's Encrypt was basically intended for all non commercial sites - never for ecommerce sites.

Let's encrypt issues a SSL certificate to any site requesting for it. There is no checking about the ownership or address verification.
Prowler is offline   (3) Thanks
Old 21st October 2020, 11:15   #6649
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 3,530
Thanked: 5,476 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by Prowler View Post
I beg to disagree. If you are collecting sensitive information in your site you will need to fork out money to obtain EV certificate from proper authority.
All that EV certificates "from proper authorities" achieve is a lighter bank balance. Which is why pretty much all important players (Google, Mozilla, Apple - to name a few) have chosen to ignore them. Here is a screenshot from my computer. Tell me, which of these 4 sites are using EV certificates? Where is the green lock you talk about? This is state of affairs in the browser that has 70% market share.

The Online Shopping Thread-screenshot-20201021-11.02.34.png

It is not just me; it is industry observers with a lot more credibility that say this.

All the much-vaunted EV verification can be bypassed. It is all trivial. The whole EV concept was simply a money-grab exercise to which browser & policy makers got wise soon enough.

Here's Troy Hunt saying essentially the same thing, a year+ back:

https://www.troyhunt.com/extended-va...y-really-dead/

Edit: In the screenshot above, HDFC Bank's site is using an EV certificate. None of the others are.

Last edited by binand : 21st October 2020 at 11:19.
binand is online now  
Old 21st October 2020, 12:09   #6650
BHPian
 
Prowler's Avatar
 
Join Date: Jul 2008
Location: Madras
Posts: 770
Thanked: 1,301 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by binand View Post

All the much-vaunted EV verification can be bypassed. It is all trivial.

In the screenshot above, HDFC Bank's site is using an EV certificate. None of the others are.
I don't understand why we need to have this argument. The accepted best industry practices expect an ecommerce/financial companies of repute to buy an EV SSL certificate. If I start an ecommerce site, somebody of industrial standing has to say something positive about my company to establish some basic credibility. We don't run companies like Google, Apple or Microsoft.

EV verification process is not trivial. It took me nearly 2 months to get one for a client. The EV certificate's Green lock with the company name has been relegated to the Information box from the address bar. And the ICICI bank site you show is the first screen. When you select the option of Corporate/Personal Login part, it will take you to the primary banking section protected by the EV SSL as shown here:
Attached Thumbnails
The Online Shopping Thread-icic.jpg  

Prowler is offline   (1) Thanks
Old 21st October 2020, 12:35   #6651
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 3,530
Thanked: 5,476 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by Prowler View Post
The accepted best industry practices expect an ecommerce/financial companies of repute to buy an EV SSL certificate.
The whole point is, a few years back what you are saying was indeed considered a best practice (say, till 2016 or so), but it is no longer the case.

No EV examples (quick check):

* Ecommerce: Flipkart.com, Amazon.in, Swiggy.com.

* Finance: Hdfcsec.com, LicIndia.in, Paytm.com, incometaxindiaefiling.gov.in

* Other important sites: uidai.gov.in, digilocker.gov.in, pmcares.gov.in (this is on Let's Encrypt)

Quote:
Originally Posted by Prowler View Post
When you select the option of Corporate/Personal Login part, it will take you to the primary banking section protected by the EV SSL as shown here:
Not enough people do all those steps to verify the EV-ness of the certificate rendering the whole thing meaningless. Hence the obsolescence. EV as it is currently defined is dead.

From the site owner perspective there is no ROI is spending that much extra and going through those additional hoops to get an EV cert. So as and when existing EV certs expire they will get replaced with non-EV equivalents.

From the end user perspective, most of us didn't bother with whether the site was on EV or not, so it is an irrelevant detail.

From the issuer perspective - yes, there is a loss of revenue and for good reason. You can't fool all the people all the time.

That's all to it.
binand is online now   (1) Thanks
Old 21st October 2020, 18:49   #6652
BHPian
 
dmplog's Avatar
 
Join Date: Oct 2007
Location: Pune
Posts: 309
Thanked: 375 Times
Re: The Online Shopping Thread

Ordered ASUS Laptop (ASUS VivoBook 14 M409DA-EK147T) which was needed for general usage (no gaming or heavy graphics work involved). It was ordered on 17th through Amazon.

* Delivery Date initially was 20-Oct on the date of ordering
* It got changed to 20 to 24 Oct on the next day
* Today, it's 21-Oct and still it's in "Preparing for Dispatch" status

I never had this experience from Amazon. Their initial delivery estimates were always on the dot.

Is anyone else experiencing similar slippages in deliver timelines?
dmplog is online now   (1) Thanks
Old 21st October 2020, 19:23   #6653
PPS
Senior - BHPian
 
PPS's Avatar
 
Join Date: Dec 2010
Location: mumbai
Posts: 2,465
Thanked: 3,700 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by dmplog View Post
* Delivery Date initially was 20-Oct on the date of ordering
* It got changed to 20 to 24 Oct on the next day
* Today, it's 21-Oct and still it's in "Preparing for Dispatch" status
When I booked my iPhone 11 on 16th , the delivery date was shown as 24th October, but it arrived much ahead of schedule on 18th! While on the other hand, 32gb pen drive which was booked on 18th is yet to be dispatched.
PPS is online now  
Old 23rd October 2020, 19:27   #6654
BHPian
 
anoop.u's Avatar
 
Join Date: Dec 2017
Location: KL07-MH04-OD02
Posts: 48
Thanked: 140 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by Prowler View Post
I don't understand why we need to have this argument.
At the risk of going OT, a few points I wanted to add:

1. All vallid SSL certificates (EV,DV,OV) offer the same industry-standard encryption strength. You do not get more protection from EV than DV—it’s exactly the same.

2. The only differentiating factor is that in the case of EV you can be certain that the URL (website) opened by you is being served by the intended provider protecting you from phishing provided you make sure to check the SSL certificate of each and every website you visit.

3. An EV certificate does not guarantee that the company you are dealing with isnt shady. An EV SSL valid for 3m/6m/1 year will continue to show the so called green bar, even if the physical company goes under the bus for whatever reason after the certificate was issued.

4. Regular SSL certificates should be enough as long as the eCommerce website does not accept card payemnts directly on its website. Usually all such payments are routed to a 3rd party payment gateway provider where the actual transaction takes place and the transaction details are then passed on to the ecommerce website. (This might not apply for the bigger players like amazon, flipkart etc)

5. A few references:
https://www.flipkart.com : Uses DV
https://www.amazon.in : Uses DV
https://www.onlinesbi.com : Uses EV
https://www.icicibank.com : Uses DV
https://infinity.icicibank.com : Uses OV


NOTE:
EV: Extended Validated (green bar, business name)
OV: Oraganization Validated (no green bar, only business name)
DV: Domain Validated (no green bar, no business name)

No disrespect meant to any of the views mentioned above, I just wanted to share what I know. Do let me know if I have got anything wrong above, i'm no expert either.

Regards,
Anoop
anoop.u is offline   (5) Thanks
Old 23rd October 2020, 21:28   #6655
Senior - BHPian
 
msdivy's Avatar
 
Join Date: Aug 2006
Location: Bangalore
Posts: 1,815
Thanked: 2,825 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by Prowler View Post
EV verification process is not trivial. It took me nearly 2 months to get one for a client.
Quote:
Originally Posted by binand View Post
Which is why pretty much all important players (Google, Mozilla, Apple - to name a few) have chosen to ignore them.
Security-wise EV doesn't offer anything extra than DV.
DV + red-tape = EV.
msdivy is offline   (1) Thanks
Old 23rd October 2020, 22:37   #6656
Senior - BHPian
 
Sebring's Avatar
 
Join Date: Apr 2011
Location: Dubai/Bengaluru
Posts: 3,552
Thanked: 11,035 Times
Re: The Online Shopping Thread

Amazon delivered an empty bottle of Arielmatic liquid detergent (Ordered during the Sale). I got so offended (Felt like a fool, opening the big carton and seeing the singular empty bottle inside). Gave them a piece of my mind over the phone and got my money back
Sebring is online now   (2) Thanks
Old 23rd October 2020, 23:38   #6657
BHPian
 
SS80's Avatar
 
Join Date: Apr 2019
Location: Bangalore
Posts: 234
Thanked: 902 Times
Re: The Online Shopping Thread

Recently I ordered a exide UPS 1050va and a 42amp smf battery. The UPS came with broken warranty seal and battery was cracked with positive terminal bent (probably due to a fall). For the UPS they accepted the return, but for the battery they are investigating the matter and would give a resolution by tomorrow.
Attached Thumbnails
The Online Shopping Thread-img_20201022_225808.jpg  

The Online Shopping Thread-img_20201020_141043.jpg  

SS80 is offline   (2) Thanks
Old 24th October 2020, 07:30   #6658
BHPian
 
Join Date: Nov 2004
Location: World
Posts: 123
Thanked: 175 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by Sebring View Post
Amazon delivered an empty bottle of Arielmatic liquid detergent (Ordered during the Sale). I got so offended (Felt like a fool, opening the big carton and seeing the singular empty bottle inside). Gave them a piece of my mind over the phone and got my money back
Was it a "Fulfilled by Amazon" order? Who was the seller in any case, if I may ask?

I almost exclusively place only "Fulfilled by Amazon" orders, and even so, mostly from Cloudtail or Appario, -- or only if the seller is a highly rated big name one. Similar policy for Flipkart purchases too ("fAssured"). Thankfully, so far haven't faced anything like what you have above!


Quote:
Originally Posted by SS80 View Post
Recently I ordered a exide UPS 1050va and a 42amp smf battery. The UPS came with broken warranty seal and battery was cracked with positive terminal bent (probably due to a fall). For the UPS they accepted the return, but for the battery they are investigating the matter and would give a resolution by tomorrow.
Which e-commerce site did you order from?


Quote:
Originally Posted by nagr22 View Post
I ordered a Blaupunkt car stereo during the big billion day sale from Flipkart .....
.
.
The invoice mentioned 'B5' as the serial number but the product has 'BPxxxxx075'. Basically they just entered the first and last digit of the serial number on the invoice instead of the 14 digits which the actual serial number had. Now I had to raise another complaint for this serial number mismatch and they have escalated this issue with the seller and told me that "if" the seller agrees that it's a mistake then he will update the invoice and then I can raise a return. Now I am at the mercy of the seller. ...
How can the seller deny a clear mistake when the "serial number" on the invoice was not even a legitimate one (only 2 characters instead of the expected 14) ?! -- Again, was it an "fAssured" order?
.
meerkat is offline  
Old 24th October 2020, 09:04   #6659
Senior - BHPian
 
Sebring's Avatar
 
Join Date: Apr 2011
Location: Dubai/Bengaluru
Posts: 3,552
Thanked: 11,035 Times
Re: The Online Shopping Thread

Sold by Cloudtail and fulfilled by Amazon, unfortunately
Quote:
Originally Posted by meerkat View Post
Was it a "Fulfilled by Amazon" order? Who was the seller in any case, if I may ask?I almost exclusively place only "Fulfilled by Amazon" orders, and even so, mostly from Cloudtail or Appario, -- or only if the seller is a highly rated big name one
Sebring is online now   (3) Thanks
Old 24th October 2020, 09:19   #6660
Senior - BHPian
 
balenoed_'s Avatar
 
Join Date: Jul 2016
Location: KL14 <> KA01
Posts: 1,784
Thanked: 5,338 Times
Re: The Online Shopping Thread

I am not sure if this is a new scam, but it happened yesterday.

My wife have ordered some lip balms through Amazon few days back. Yesterday she received a call from a courier guy saying he is in front of the house to deliver and it is in COD mode. Wife could not suddenly recall whether she made the online payment earlier or by COD, because in the hurry to pick it up, she did not realize and then paid and collected it.

After opening it up, she realized it is not from Amazon not the lip balm what she ordered. She also verified that her actual Amazon order was already paid and is in process. And this new parcel came from some Sonali in Delhi. No address, no nothing and the product was some cheap lip balms.

Looks like we are fooled. So does this mean that our data from Amazon has been leaked to some third party like this.

Ridiculous!
balenoed_ is offline   (6) Thanks
Reply

Most Viewed
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Copyright ©2000 - 2024, Team-BHP.com
Proudly powered by E2E Networks