INFOGRAPHIC: The Illusion of Personal Data Security in E-Commerce

Scary ...

• INFOGRAPHIC: The Illusion of Personal Data Security in E-Commerce
  https://www.dashlane.com/blog/2014/01/24/infographic-the-illusion-of-personal-data-security-in-ecomm...
  

I've stopped storing my credit cards at shopping sites until I play with their password reset mechanism.  Just a few days ago I reserved a room online with a website whose security was so bad I wrote them asking them to take my personal info off their system.  So far there has been no answer.

Here's the email I wrote, sanitized to protect the remote site until I talk to the manager when I'm at the motel in March.

============= Included Stuff Follows =============
To whom it may concern, 

Please remove my account from your website login as soon
as possible.  Your website system's security is terrible
and I don't want my email address or any other personal
information stored on your system.

In light of the Target breach, I am checking my logins
and passwords at many websites.  The fact that you
emailed me my password IN CLEAR TEXT means you are
storing passwords insecurely. 

Whoever built your website has a poor understanding of
Internet security "best practices".  I am VERY glad I did
not allow you to store my credit card number for future
use, but I worry about it being leaked since I'm sure
it's in your order system.

Not only that, when I tried to CHANGE my password, I get
the following error:

============= Included Stuff Follows =============
    Change Your Password
    https://reservations.XXXXXXXXX.com/V1WebControls/ProfileChangePassword.aspx

    User Setup Errors:

     * The email address is already registered with a
    user account.

============= Included Stuff Ends =============

See attached screen-capture for proof.  This means
whoever built your website has this part of the website
programmed wrong.   Who knows what else is wrong in this
broken system?

Again, please remove my account from your website login
as soon as possible.  Next time I make reservations, I
will do so as a new user and not save a login.

Thank you for your prompt attention to this matter.

Angus Scott-Fleming

PS here's the message I got when I requested my password:

------- Forwarded message follows -------
From:    "info@XXXXXX.com" <reservations@XXXXXX.com>
To:    "angus@geoapps.com" <angus@geoapps.com>
Subject:    Login Information
Date:    Tue, 21 Jan 2014 09:59:49 -0700

XXXXXX Lodge
P.O Box XXXX
Grand Canyon AZ 86023 USA
Phone: XXXXXXXXX Fax: XXXXXXXXX


As per your request for this information.

Your User ID is: angus@geoapps.com
Your User Password is: *****************

------- End of forwarded message -------

Attachments:
  C:\Users\Public\Documents\2014\Orders\XXXXXXX Lodge Change Your Password.png