« Ancestry.co.uk to be a Sponsor for "Who Do You Think You Are? LIVE" | Main | Geni.com Launches to Create the World's Family Tree »

January 16, 2007

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Infinite Ancestors

While SSL secures a transaction with encryption, it does nothing to secure the use of the information once it reaches its destination. Using a credit card on a web site you do not know or trust is much like using it in a restaurant you do not know or trust (an unscrupulous web site employee, just like an unscrupulous restaurant employee, could copy and use your information. All that said, I do use credit cards online, but only with reputable businesses. It's not that I worry about my financial liability (I'm not, as the card companies take the liability as mandated by law). It's just to reduce the risk of having to deal with the consequences of fraudulent use or identity theft (which, by the way, could also result from sending it to a web site whose computers are compromised with malware). And certainly you must be alert to phishing and other credit card scams. There are a million ways your credit card information could be stolen, but using a credit card in a secure SSL transaction with a reputable business is probably among the least of your worries.

Infinite Ancestors

Here are some protection tips from the FTC (along with the legal requirements, which most credit card companies take further):

http://www.ftc.gov/bcp/conline/pubs/credit/atmcard.htm

Be a little more careful with ATM / debit cards. There are exceptions that could be important (and you certainly don't want your PIN compromised)...

Visa:
"*Covers U.S. issued cards only. Visa’s Zero Liability Policy does not apply to commercial credit card, or ATM transactions, or PIN transactions not processed by Visa. Notify your financial institution immediately of any fraudulent use."

MasterCard:
"* Zero Liability does not apply to MasterCard-branded cards issued
to an entity other than a natural person or primarily for business, commercial, or agricultural purposes, except the following card programs for small businesses:
Debit MasterCard BusinessCard® Card
MasterCard BusinessCard® Card
MasterCard Executive BusinessCard® Card
MasterCard® Professional Card
MasterCard® Small Business Multi Card
outside of the U.S. region, or
if a PIN is used as the cardholder verification method for the unauthorized transaction(s)."

Jude

I had an online client who refused to purchase a book from amazon.com "I'm *not* going to open myself up to identity theft!" he said. Now I have an article to refer the next person to. Thanks.

Past Homes Ltd

There can be a problem if the company you're dealing with uses their own systems to take your credit card details - then passes them on to the credit card company for payment. In this case, there are no such guarantees that your details are being stored securely on the vendor's systems. However, if the vendor is a large company that you've heard of before, with a good reputation to uphold, you're probably safe since they should have the resources to ensure that the security of their systems is never compromised.

If you want to purchase something over the web from a smaller vendor, or from one that you've never heard of before, the best approach is to ensure that they use one of the specialist online credit-card payment sites such as WorldPay or PayPal to take your credit card details on their behalf.
The vendor's site should redirect you to the secure payment site - the vendor only gets confirmation from the payment site that the payment has been authorised - allowing the vendor to dispatch the goods ordered without dealing with any credit card details or money at all. The payment site will generally settle up with the vendor after a number of weeks.

As a customer, this approach also means that you have the security of a reputable third-party to contact if, in the unlikely event, you need to query a payment. They can refund you your money directly and even stop the vendor from taking further payments if they appear to be acting fraudulently.

David

One important note: it can be quite easy to steal credit card info from your PC BEFORE it gets to the internet. I agree with everything you've said, but with the caveat that the user also needs an up-to-date version of Norton, McAfee, or other virus scanning software. A Trojan can record keystrokes before any information is encrypted and sent on its way.

Pete Fear

One time we heard our neighbor talking on their cordless phone thru our baby monitor. If you have a cordless phone, even if you are not using it, your conversation can be intercepted (yes some phones do encrypt the signal.) This is probably less secure than sending it over the internet.

Also, if you use the internet to send info, your wireless network should be secure. Of course if your wireless network is not secure, you might as well leave your doors wide open.

acrawfordiii

Credit card numbers are much more likely to be stolen by somebody to whom you have handed your card (or to whom you have read the number over the telephone) than when used online. This being said, keep in mind all of the caveats about dealing with reputable merchants and keeping your own PC malware-free.

securitydept

Your article is dripping with characteristic, mean-spirited and unkind condescension. Since when is it a crime to fail to understand the details of modern technology? Get off your high horse and put yourself in grandma's shoes - at least do her the favor of explaining how to tell when her web browser IS using a secure, encrypted connection.

soccermom

Didn't think you were condescending at all, Dick.

Good article. I use my credit (not debit) card for everything, for the reasons mentioned by you and the other posters, and also because if there is a dispute, the credit card company will support you. I am a big internet shopper and have never had a problem.

The only time I've ever had my credit card used fraudulently was in Madrid when I handed my card to a flower vendor and he went into the back room to process our order. He ran the card several times. The credit card company gave me a tip: Always watch the vendor run your card, particularly when traveling abroad.

Checks: My daughter had checks stolen and lost about $200 (a lot for a struggling college student) which her bank refused to reimburse her for.

Tim

"dripping with characteristic, mean-spirited and unkind condescension"? I'm not sure how you got that out of it, but it is unlikely that there is anyone who has not been told by someone at some time that using a credit card online is safe.

Here you go: if there is a closed lock symbol in one of the browser window corners you have a secure connection. There will also often be a logo from Verisign or other SSL provider.

Funny how in your rant about grandma, you didn't say how to tell if your connection is secure either.

It should be pointed out that most phone calls, regardless of whether it is a cell phone, cordless phone, or otherwise, is transmitted. Even if your cordless phone encrypts the signal from the handset to the base, it will be transmitted later without encryption. The larger the city you live in, the more likely that even local calls are transmitted. Voice telephone is one of the least secure methods of doing anything; never give any personal information over the phone.

Lorin Lund

A few months ago, in a 'news-magazine' type show John Stassel (sp?) cited information about on-line sales and reported that the credit card companies reported on-line purchases as the market segment with the least fraud. I don't recall how many other segments were named but it was of interest to me because this is a point of difference between me and me ex-wife. We both work with computers. I pay everything on-line except church donations. She will use any means available to avoid an on-line debit/credit card transaction.

While it is theoretically possible to break any encryption if you have enough samples there is still a cost to doing it and the cost to break your average citizen's card number security is just not worth it.

jenniferw

To the person using the pseudonym of securitydept: I think you are being very hard on Mr. Eastman. I read the article twice, the second time after reading your comments. I do not find the article to be the least bit condescending.

I also object to your derogatory use of the word "grandma." I am a grandmother. I also was a software developer for over thirty years. I also shop online a lot and I investigated the security of online transactions long before this article was written. Everything that Mr. Eastman wrote agrees with what I have read elsewhere, including information found on the web sites of the credit card companies.

I'd suggest that everyone, grandmothers and all others alike, should be encouraged to read this article.

Marilyn

I just had my Mastercard cc number stolen and now have to be issued a new card. The only purchases I have made in the past two months were with Amazon and my automatic deduction from AOL. Hmmmmmm

In October my Visa card number was stolen by a low-paid hotel employee and $1100 of Tracphones were purchased with it. I had to get a new card for that one too. The thing that sucks about this is that you lose internet access to these accounts as soon as they close them. You have to call (and remember the old numbers) to get any reprints of statements.

Quote Catcher Credit Card Processing

That is very funny, I do the same thing to clients that don't 'trust' the online form. Open the same browser they would and enter the order.

I hear also that there are some options to purchase pre-paid credit cards to help alleviate fraud. It gives you a bit of control over how much is available to steal.

Dick Eastman

One option is very simple but not many people think of it: use PayPal. When you pay online with PayPal, you never enter a credit card number. Therefore, nobody can steal the number from that transaction.

Details are available at https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/buy/Privacy-outside

I am always amazed that a lot of people do not like PayPal and yet it has excellent security, better than most credit cards.

- Dick Eastman

Web Designing Quotes

I have been using credit cards and a avid online shopper. In case of a wrong doing or fraud the credit card companies do help and they can be your best bet in case of someone wanting to steal your hard earned money.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Receive FREE daily newsletter updates by email

  • Enter your email address


    Click here to see a typical e-mail message you will receive.

    I promise that:

    1. I will never sell, rent, or give away your address to any outside party, ever;
    2. I will never send you any unrequested e-mail, besides newsletter updates; and
    3. All unsubscribe requests are honored immediately, period.

My Photo

Search This Site for Past Articles

Meet Dick Eastman in Person

November 2009

Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          

Amazon Kindle

Offers

Blog powered by TypePad

Amazon Picks

Receive daily newsletter updates by email

  • Enter your Email


    Preview

    (Don't worry, I hate spam as much as you do and you will be able to UNSUBSCRIBE within seconds at any time!)