Why is the Dominos Pizza Website not Secure?

[kyphysics]

Your connection is not private

Attackers might be trying to steal your information from www.dominos.com (for example, passwords, messages, or credit cards). Link RemovedNET::ERR_CERT_INVALID

I literally ordered from them two days ago. I Googled "Dominos" and clicked the first link, which when hovering over IS an https:// site. . . yet, today when I click that link, Google Chrome shows me the above message with the https:// portion in my URL bar all in red and cross out with a slash.

How is this NOT secure, when the literal URL has https://?

 

[Vanadium 50]

When you Googled the error, what part of the explanation did you not understand?

 

[FactChecker]

After Googling, there seems to be a few things that could be going on. This looks like a good reference.

PS. I do not get an error for the Dominos web site using the Firefox browser

 

[russ_watters]

I get an error like this when connecting to a 3rd party wifi when the login screen fails to load. Where were you when you got this and who's connection were you using?

 

[Algr]

When you Googled the error, what part of the explanation did you not understand?

Google isn't going to be able to tell you why a major corporation doesn't have it's act together on customer facing technology.

 

[FactChecker]

Google isn't going to be able to tell you why a major corporation doesn't have it's act together on customer facing technology.

I do not get that error, so I suspect that it has something to do with his browser, his network, or a temporary problem at Dominos.

 

[anorlunda]

I think that I have seen that error from many sites (even PF) at times when there are network problems or slowdowns. Any of us with flaky Internet communications see many more errors than those with reliable Internet.

 

[StevieTNZ]

Google isn't going to be able to tell you why a major corporation doesn't have it's act together on customer facing technology.

Who even said that was the case? The error is 'NET::ERR_CERT_INVALID'.

 

[kyphysics]

When you Googled the error, what part of the explanation did you not understand?

Do you talk to your wife (if you have one) consistently this way? Your consistent forum rudeness and total disrespect towards me [inappropriate content deleted by moderator]...

As for your question, I don't understand what you're asking, as I never Googled the error.

 

[kyphysics]

I get an error like this when connecting to a 3rd party wifi when the login screen fails to load. Where were you when you got this and who's connection were you using?

I think that I have seen that error from many sites (even PF) at times when there are network problems or slowdowns. Any of us with flaky Internet communications see many more errors than those with reliable Internet.

You both may be onto something.
I did have internet connection problems that same night, but not at that exact moment I tried to order from Dominos. I was still able to surf the web elsewhere without that happening (at the time, it was JUST Dominos' website). Albeit, I remember getting a "no connection" message for everything shortly afterwards, I think (like maybe within 15-20 minutes).

I did have an "outage" of internet for about 2 hours. I was using a home laptop with Verizon internet connection. Everything is fine now.

 

[Vanadium 50]

And yet, the question remains unanswered.

 

[russ_watters]

When you Googled the error, what part of the explanation did you not understand?

Do you talk to your wife (if you have one) consistently this way? Your consistent forum rudeness and total disrespect towards me...

As for your question, I don't understand what you're asking, as I never Googled the error.

And yet, the question remains unanswered.

It's an implied two-part question and kyphysics did in fact answer the first one: Question: Did you google it? Answer: No. Follow-up: do it. And report what you find. And google it first next time too. The fact that you (kyphsics) didn't get that is kind of eye-popping.

I suspect if I were married to V50 and we had kids we would have conflict regarding parenting styles. But on a rudeness scale of 1-10 I rate this about a 3, and as always, the message is exactly on point. @kyphysics I've noticed some improvement, but you have a long way to go in terms of basic adulting. PF does not have a parenting style policy, and teaching adulting is not really part of our mission. It's kind of an unsupported feature, with haphazard implementation. That's why this little conflict hasn't had any sort of resolution.

 

[pasmith]

At least they're not passing your order to their server using GET, as one site I dealt with in the mid-2000s did, before advanced concepts like "If you need a storefront, licence an existing application instead of trying to create your own without a full understanding of the technology" were widely understood.

 

[harborsparrow]

I would never give my credit card directly to Dominos. Or similar companies. Average companies do not have the budget nor the expertise, in many cases, to know all security best practices, nor will in many cases the contractor doing their website have it. I try to limit giving my credit card to companies with a large enough incentive to get it right. Mostly, I will only pay an average company these days using one of the big three micropayment services: Paypal, Google Pay or Amazon Pay. Those companies have a fighting chance of having up to date security practices, and they have an incentive to make security a priority. But there are no guarantees; this is just my recommendation for how to minimize the likelihood of getting my credit card stolen.

 

[anorlunda]

I would never give my credit card directly to Dominos. Or similar companies.

I think you make good points. But in the US, credit cards have the advantage of limiting your liability for fraud to $50. The online payers have no such legal burden.

 

[russ_watters]

FYI, I was able to capture the phenomena I was describing. It's caused by connecting to a wifi network with a login page (McDonalds) that doesn't load properly.

 

[harborsparrow]

It seems the letter h is missing from the beginning of the URL. Is that a bad link you can simply report to the webmaster?

 

[rbelli1]

Average companies do not have the budget nor the expertise, in many cases, to know all security best practices

Slightly above average size companies have the habit of failing at this too.

limiting your liability for fraud to $50

Most (all?) will cover the $50 too.

BoB

 

[russ_watters]

It seems the letter h is missing from the beginning of the URL. Is that a bad link you can simply report to the webmaster?

It's CNN. I don't know why the link doesn't show up right in the error page, but it doesn't matter. Every link gives the same error.

If it were just a bad link it would give a page not found error, not a security error.

 

[WWGD]

I would never give my credit card directly to Dominos. Or similar companies. Average companies do not have the budget nor the expertise, in many cases, to know all security best practices, nor will in many cases the contractor doing their website have it. I try to limit giving my credit card to companies with a large enough incentive to get it right. Mostly, I will only pay an average company these days using one of the big three micropayment services: Paypal, Google Pay or Amazon Pay. Those companies have a fighting chance of having up to date security practices, and they have an incentive to make security a priority. But there are no guarantees; this is just my recommendation for how to minimize the likelihood of getting my credit card stolen.

Well, I doubt they will, given they haven't done it by now, despite several companies having had egg in their faces after their sites were hacked and several credit cards were obtained from them.
Could it be someone spoofing the address and for that reason the certificate was not legit?

 

[StevieTNZ]

Could it be someone spoofing the address and for that reason the certificate was not legit?

I don't think it has anything to do with the security certificate, moreso the wireless connection being used at the time.

Whenever I'm out and about with my laptop, I create a mobile hotspot with my phone and use the 4G network. I don't tend to connect to open wireless connections (I believe there is a setting within Windows 10/11 that gets the machine to connect to any it finds - I disabled that setting). If I were to connect to a open wireless connection, I would use a VPN.

 

[WWGD]

Well, there's too, the Google(it) paradox that searches will only help you if you know enough about it to sift through the 85,000, 000 hits, to filter through the majority garbage results.

 

[WWGD]

FYI, I was able to capture the phenomena I was describing. It's caused by connecting to a wifi network with a login page (McDonalds) that doesn't load properly.

View attachment 318126

I did get a similar message while at Citibank, a couple of years ago. Twice in around 2 weeks.

 

[harborsparrow]

I think you make good points. But in the US, credit cards have the advantage of limiting your liability for fraud to $50. The online payers have no such legal burden.

Most pizza orders are gonna be in the range of $50, so liability limitation probably doesn't come into play in this specific case. Yes, if you're ordering something worth $3000, maybe. I do know that Paypal has liability control; if you're defrauded, they investigate the case and if it goes your way, you get a full refund. I have had this happen. I had to wait a few weeks for the investigation, but I got $300 back from a fraudulent software sale.

 

[harborsparrow]

Another reason to use Paypal, Google Pay or Amazon Pay is, that I'm pretty sure all three provide AI-based fraud detection. I don't know what-all that does but it's very good at spotting fraudulent activity by companies early and nipping it in the bud.

 

[russ_watters]

Most pizza orders are gonna be in the range of $50, so liability limitation probably doesn't come into play in this specific case.

It's not the $50 pizza order that'll get you, it's the $2,000 laptop the disgruntled employee bought using your credit card info.

Yes, if you're ordering something worth $3000, maybe. I do know that Paypal has liability control; if you're defrauded, they investigate the case and if it goes your way, you get a full refund. I have had this happen. I had to wait a few weeks for the investigation, but I got $300 back from a fraudulent software sale.

Another reason to use Paypal, Google Pay or Amazon Pay is, that I'm pretty sure all three provide AI-based fraud detection. I don't know what-all that does but it's very good at spotting fraudulent activity by companies early and nipping it in the bud.

I'll have to look into whether PayPal/google/Apple actually offer anything credit cards don't. I think I've had my credit card/number stolen maybe half a dozen times, but I don't think I've ever been left holding the bag. Not even for $50. Credit card companies are very good at detecting fraud and flagging/halting transactions.

 

[Vanadium 50]

Yeah, Google did not invent fraud detection.

When your card has a charge from a place you've never shopped having the merchandise shipped somewhere you've never been, it doesn't take a sophisticated AI to suggest someone give this a closer look.

 

[harborsparrow]

The point is, that Domino's is going to STORE your card info and the possibility of it getting stolen from a company like Domino's is, in my estimation, astronomically higher than that it would be stolen from Google. So just use a payment service if you can and your CC info won't be scattered all around the world.

 

[russ_watters]

The point is, that Domino's is going to STORE your card info and the possibility of it getting stolen from a company like Domino's is, in my estimation, astronomically higher than that it would be stolen from Google. So just use a payment service if you can and your CC info won't be scattered all around the world.

It depends on the info I think. They aren't allowed to store the CVV number, so if that is used it would help security.

I see at least Paypal and Credit cards separately, dealing with different types of transactions. My understanding is PayPal transactions are effectively cash transactions, so once the transaction is complete your money is gone. Your redress is after-the-fact, to get the money back. With credit cards the money doesn't change hands until later, so the risk in the transaction is lower....which is why credit cards can't be used for riskier transactions but PayPal can.

PayPal is useful for peer-to-peer transactions where you can't use credit cards, as a substitute for cash that provides some protection in what are inherently much, much higher risk transactions. Yes, there is risk of a credit card being stolen from Target, but there's a much, much higher risk that the guy you're buying a bike from in the Target parking lot could be ripping you off via PayPal. And he won't even take Visa.

 

[harborsparrow]

Paypal's purchase protection information is HERE; I will repeat, Paypal REFUNDED ME $300 when a software seller sent a product that could not be unlocked. It doesn't get much better than that.

https://www.paypal.com/us/webapps/mpp/paypal-safety-and-security

 

[russ_watters]

I will repeat, Paypal REFUNDED ME $300 when a software seller sent a product that could not be unlocked. It doesn't get much better than that.

To me it is significantly better for the money to never leave my checking account in the first place.

How long did it take to get the money back?

 

[vela]

The point is, that Domino's is going to STORE your card info and the possibility of it getting stolen from a company like Domino's is, in my estimation, astronomically higher than that it would be stolen from Google. So just use a payment service if you can and your CC info won't be scattered all around the world.

After the initial transaction confirms that a credit card is good, the company stores a token issued by the bank which they can then use to authorize future charges to that account. They no longer need your original CC info to do so.

Companies generally don't store your CC info precisely because doing so is a security risk. A hacker that breaks into Domino's system isn't going to get your full credit card number, expiration date, and CVV number. They might get the expiration date and the last four digits of the account number.