How might we help customers get back on track from a connection timeout message

I’m designing ‘sad path’ scenarios for checkout and I’m trying to design for helping customers when a connection timeout occurs when the checkout hangs trying to connect to our 3rd party credit card payment form.

When this happens the credit payment form could not get loaded in our checkout environment.

A simple solution is to reload the page.

The UX/UI solution I’m putting forward is an alert message that appears on the page and asks the customer to reload the page.

This is my attempt at making the error message more ‘user-friendly’:


A connection error occurred

An error occurred when we were trying to connect to the system.

Please reload the page to try connecting again.

[ Reload page ] <— button


How do people feel about the above message? Any other solutions you can think of?

Thanks.

Enable CORS for multiple customers

We use .htaccess file for controlling access:

Currently, we have the following code to allow CORS to our developer APIs:

<If "%{REQUEST_URI} =~ m#^/api/v1/#">             Header always add Access-Control-Allow-Origin "*"             Header always add Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"             Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" </If> 

Now, we don’t want iframes or other 3rd parties to be able to call our APIs.

How can we maintain the whitelisted origins to be allowed for CORS. Maintaining manually .htaccess file by adding removing origins for every new customer sounds complicated. What would be the recommended way to maintain list of whitelisted origins.

How should I use the target’s customers in penetration tests? [on hold]

This question concerns both physical and non-physical pentests.


Should I used customers’ accounts to pwn? (Assuming I’m not given an account by the employer/target for the engagement)

I may somehow manage to grab credentials of a customer of the target. The customer may not be mentioned in the scope. Using their account/credentials may negatively affect them personally so I think it should be avoided. However, I believe adversaries usually would directly target the customers to either just steal the customers’ credentials and assets or (somehow) use a customer account to get more information on the target or as an attack vector (a customer may be a VIP with extra functions).


In a physical pentest, we may come in contact with the employer/target’s customer (i.e. normal people in a company building, people touring the place, shoppers in a mall). Should we attempt to extract information from them or even social engineer them to use them as a help (get some people to swarm in front of a door) without them knowing?


This, I believe, mainly depends on ethics (we probably shouldn’t use patients in hospitals) and collateral damage (people having their data touched even just from us logging in as them).

(Please simple don’t say “it depends on the scope”. That’s always a big element but I’d like to learn about pentesting in general – rules that can apply to most engagements, or at least specified details on how the scope may greatly change this aspect of a pentest)

Should I separate current users and potential customers?

My company is a B2B Software as a Service. We have a web with 2 main functions:

  1. Log in for my current users (hundred of thousands)
  2. a marketing web for my potential new customers, (portfolio, blog, contact us, etc.), about hundred leads.

It is recommended to put a first landing page to asking if who is in the browser is a current user or a lead, and depending on it, redirect to different webs?

I think it can improve the web optimization for each audience, and help keeping separated metrics (Analytics), but can be hard for who is browsing to give an additional click for accessing the page.

How to prompt existing customers to change their email

I’m looking for some UX examples to how other companies have handled this situation:

Scenario: Devs are using an old password encrypting method (sha1) I believe and need to change it to a more secure encryption.

What they did: When users logged in they just encrypted their password with the new encryption and the users didn’t know a thing.

The only problem is we have a number of users who aren’t frequent users who will only login periodically.

Devs want to clear all the passwords and require users to reset their passwords.

Problem: We don’t want to alert them to the fact that there are security issues as we hold alot of important data in their accounts of users customers.

When that happens users would attempt to login and just get hit with a message saying there login details are incorrect.

The initial approach was….users will eventually just click on forgotten password after being told ‘invalid credentials’

However, this just feels wrong and we’ve tried to think of various flows but due to dev contraints we have to stick with them having to click on the forgotten password. (not the best solution but need to make the most out of this)

My question is… what message would make sense in asking them to reset their password that doesn’t alert to security issues?

Additionally are there any existing companies that have handled randomly asking users to reset their passwords?

Offer optional shipping insurance to customers with minimum order of $100

I found this question: Additional, optional fee on Woocommerce Checkout that may work for me except that I would need to use a 2.5% fee and not a flat $ rate. The 2.5% fee would be calculated for each minim order sub-total of $ 100.

Can this be done using a percentage fee and a minimum order amount?

3,000+ Visitors per day for your customers Website or Blog From Search Engine for $9

Only We are the provider that provides real Resseller traffic from search engine by searching your customers targeted keyword/websites WE Provide search engine Referral source Real Traffic from search engine for ranking your website faster. You can track the traffic with Google Analytical real time overview. We provide Adsense Safe Traffic via our network for ranking purpose. All you know that the Website SEO plan necessarily needed to include search engine traffic strategy. We created this amazing service to help you in this difficult SEO & ranking matter. Test after test has revealed that any website looking to rank needs to be good traffic from various sources specially from search engines —over and over and over again. If people are visiting your site referring from search engines, then it must be popular. And if it’s popular, Google will rank it better. How much traffic you can expect: We provide powerful & lightweight Traffic.up to 3,000+ daily visits to your website & total of 30,000+ visitorsGet 10 days constant visits to your website or bloginternal-page visitWorldwide visitors / Targeted country (what do you want)traffic started in one day.You will receive traffic from The following source: all of the popular search engine,Google, Yahoo, Bing, And other search engine where pepole search. Bonus sources: baidu, sogou, 1688, And all others are Bonus. What You need to get started: Your web site URLSite title or tag line1 keyword or more what you want. Reporting: Complete Lightweight Traffic Report Bitly live Traffic tracking analytic URL as live proof.Total clicks, Visitor country, Traffic Sourceand more Buy from Extra with this service:1.internal page views1 days$ 42.extra 20,000 total 50,000 in 16 days1 days$ 83.extra 40,000 total 700,000 in 25 days1 days$ 154.extra 60,000 total 90,000 in 31 days1 days$ 225.Reseller Pack/ unlimited traffic (14,000+ per day no limit) 31 days Pack1 days$ 356.1 country targeted (500+ per day)1 days$ 97.2 country targeted (1,000+ per day)1 days$ 168.extra 3 keyword1 days$ 7 Terms of service: We do not accept links related to: SEOClerk Gigs, Adf.ly, YouTube videos, Squeeze Pages, Links/ Websites with slow loading pages, Social Media, SoundCloud.We do Not guaranteed for : Ad Clicks and ConversionsRefunds will not be accepted if you make your page private or remove or Link changed after placing orderRecent Order That completed

by: mohidulislam
Created: —
Category: Traffic
Viewed: 235


What drawbacks customers are facing in airport parking facilities in United Kingdom and Ireland? Kindly suggest some improvements

Flypark Plus We are airport parking facility company in UK aimed to improve customer experience and services with new products launching under customized services as per customer desire. We need some suggestions for improvement for main marketing strategy pile up for the future.FlyPark Plus is the parent company