Getting a ticket is frustrating enough, but when you go to pay it online only to get a browser warning about a potentially non secure site that frustration is guaranteed to intensity. Unfortunately, because of a careless coding error and an apparent lack of testing on some major browsers, this is exactly what happened to visitors looking to pay fines using the UK’s Central Accounting Office Electronic Information Services. I’ll let Sophos explain:

The payment page is using SSL, so what is the problem? Well, unfortunately, the certificate being used on secure.informcommunications.plc.uk has actually been issued for *.latestinfo.co.uk. …

This discrepancy is what causes the above browser warnings.

In this case the problem is not caused by any malicious activity. Instead human error appears to be the culprit. Both sites (latestinfo.co.uk and informcommunications.plc.uk) actually resolve to the same IP. The problem appears to be that the link to the payment page uses the incorrect domain name. …

Browser warnings like these are great – a really useful tool for users to be alerted to potentially malicious activity. Legitimate organisations really should test their systems more thoroughly to ensure good practice has been followed, and the user experience is seamless.

Read the full explanation – with accompanying images – at Sophos >>>

I’m sure some visitors will just ignore the warning a proceed anyway. But I’m also sure that the Central Accounting Office is getting some not very happy calls as a result of this issue. This is just another real-world reminder proving that it’s important to test your web applications on all major browsers – and a few different versions just to be safe. Taking a few minutes to test could save you hours of headaches and angry users.