June 15th, 2008, 09:24 AM
Preventing Online Credit Card Theft - Revisited
Online Credit Card Theft is a very old and frequently discussed topic. And yet, a lot of people in the world are still victims to credit card theft. So, in a brief morning post, here are several simple pointers to minimize the risk of online theft.
- NEVER respond to e-mails claiming to be from your bank and requesting ANY account or personal information.
- NEVER give out information when receiving a telephone calls from someone claiming to be from your bank, and asking account or personal information.
- Alert your bank of all attempts described above
edit by admin: you may not use this forum to promote your site.
June 15th, 2008, 10:51 AM
Something I would add is always check your statements promptly, even if you haven't made a purchase in the billing period. You would be surprised at how many people don't do that
As for debit cards, I don't use one for online or telephone purchases, I use a credit card (dedicated). It is guaranteed against fraudulent use and any items I purchase with it are insured against loss, theft and accidental damage for three months. I guess it depends on where you live and who you bank with?
Get the credit card for the minimum amount. They should let you have two if you need them, so long as your total credit line doesn't exceed your personal limit. Finance houses are aware of the volume of e-commerce these days and want a share of the action.
June 17th, 2008, 07:21 AM
The modern internet landscape has proven that the dimension of personal responsibility is less valuable in defending one's self online.
For instance, no level of "responsibility" will help you when a vendor is compromised. "Reputable sources" or reputation has become a bullshit topic point in any flavor of security or safety. There is no checkpoint for "have a good reputation" in any security policy, anywhere. Just because some ******* launches a marketing campaign, doesn't mean it's safe to throw your credit cards at them. Read up: TJ Maxx
In the same territory, the concept of "visiting reputable websites" is now bullshit... the list of highly reputable websites (including security vendors) serving malware has exploded in the past year. No amount of responsibility will help you if you've got a keylogger on your machine anyway.
Vigilant computing is now bullshit, defensive computing is important. Here's more proactive checklist points for your list:
1. Use your operating system with a user account for daily stuff
2. Turn on automatic updates for your browser
3. Use OpenDNS.com
4. Look into virtual credit cards or services like shopsafe at bank of america, or paypal's virtual credit card.
June 17th, 2008, 11:35 AM
There are two distinct angles here, as I see it. This is my own terminology so you may like to describe them differently.
1. Retail Security
By this I mean the safe purchase of items remotely (i.e. "unseen"). The same principles apply to telephone ordering and mail order, so I choose to distinguish it from a purely IT/Internet scenario.
Here, it is certainly the buyer's responsibility that they are dealing with a reputable source.
It is the old scam. Advertise something too good to be true, collect the suckers' money, then vanish.............
2. Do they declare proprietorship?
3. Do they have a "real" address?
4. Does their telephone get answered?
5. Do their e-mails get answered?
6. What is their returns policy?
7. What does a Google search throw up about them?
8. Do you know anyone else who has dealt with them?
9. Do they offer the full range of goods/services that you would expect?
10. Do they accept all major credit/debit cards and use a secure connection for payment details?
2. IT Security
As Soda~ has observed, no site can be considered "safe" these days.
I would add:
1. Don't use IE unless you really understand it.
2. Turn off scripting, or set it to "prompt" at the very least.
3. Set browser to clear cookies on shutdown.
4. Don't permanently store your account details and password on your HDD. Use external media and copy & paste instead, or just keep it written down in a safe place.
5. Turn off and reboot your PC before and after conducting financial transactions.
6. Never use a public AP or computing facilities for financial transactions.
Remember that your typical fraudster is a percentage player, and will go for the "low hanging fruit"
In the case of incidents like TK Max, there is nothing you can do except possibly sue them. Schools, Universities and government have also leaked information.............. that is their security not yours. And a lot of the people compromised had been nowhere near the internet.
Last edited by nihil; June 17th, 2008 at 11:38 AM.
February 28th, 2013, 06:23 AM
Yup good point, i agree completely, but also its our responsbility to be careful while purchasing online too... Its must to see the security of the particular website what we are gonna buy it.
By 11001001 in forum Miscellaneous Security Discussions
Last Post: June 30th, 2005, 11:10 AM
By moxnix in forum AntiOnline's General Chit Chat
Last Post: May 26th, 2004, 10:41 PM
By w0lverine in forum The Security Tutorials Forum
Last Post: February 23rd, 2004, 03:37 PM
By Noble Hamlet in forum AntiOnline's General Chit Chat
Last Post: March 17th, 2002, 09:38 AM
By KapperDog in forum Security Archives
Last Post: September 5th, 2001, 07:34 AM