Sunday, February 17, 2008

Worst B2C Website Award Goes To....


Have you ever tried using their website for billing? It's outrageously horrendous.

But let's start with the non-billing site. Comcast's main site could be one of the worst ASP.NET sites deployed. It takes about 5-10 seconds just to get the front page loaded. Then, get this... they recently added a little form in the upper right so you can "quickly" log in with your username and password. Except the password part of the form is a standard, not password, input. OOOPS. (Although I just loaded the page again and it was a password input this time, maybe they just fixed it as I typed this).

Then, once you enter your plainly visible password, you get redirected to some third party site that apparently every cable company in America has decided to use for online billing. This is a Java site (at least it uses the "do" extension, so I assume it's Struts). I click on "View My Bill", and seriously, 90 seconds later it tells me what I owe.

What is this "ConvergentCare" or "Convergent Care" website they use for billing anyway? They have no main website, but if you google them, they have subdomains for tons of cable companies (Time Warner and Comcast being the two majors).

1 comment:

alienbinary said...

I have to say, I'm not a huge fan of this company either. Well, I'm not a huge fan of comcast, but I really don't much care for CC. I found this blog post in an effort to make sure that I wasn't sending my credit card information to some random script kiddie with an xss vulnerability. I wanted to make sure that convergent care was legit, sure enough, just as you said, they have no front page. This is not the least bit reassuring and it's bad practice. Comcast should realize as an ISP that they're handling extremely sensitive information, and just like the time honored "no one from [isp] will ever solicit you for your password", they should also go by the standard of "be wary of email links that take you to any page but" There's no warning that they use a third party server and from security standpoint, this is insane.