These might be and probably are dumb questions but, how safe really is it to use your credit card online these days? How are credit cards #s retrieved through the internet? Is there a safer way to use them on the internet?
Printable View
These might be and probably are dumb questions but, how safe really is it to use your credit card online these days? How are credit cards #s retrieved through the internet? Is there a safer way to use them on the internet?
It is somewhat safe, but not preferred. Thing's such as keylogger's which record your every keystroke and trojans which basically hand your PC on a plate to a person are some of the danger's of using your credit card online.
Well, when you use your credit card, like amazon.com they can see your number, and since you give them permission to take the amount of money you purchased something for, they can take out more if you don't notice it. People also do hack websites and retrieve creadit card numbers (read Identity Theft: http://www.usdoj.gov/criminal/fraud/idtheft.html ). Usually websites with encryption (bank sites etc, are more secure the regular sites when you use your credit card number), i wouldn't trust anybody with my number online since no system is secure enough and everything can be hacked into. But sites like amazon, or other "trusted" sites, i would trust with my number, my friend ordered over 4,000$ of goods over e-bay and nothing wrong has happened yet with his account.
I buy stuff online without any problems I just buy stuff from sites that I know are legitimate and all well known web sites have a S in the Http:// after the P to show you that it is secure and what information you are sending is encrypted along with a lock in the bottom right hand corner.
There will always be a risk when you use your credit card ANYwhere. But when it comes to the internet, a few things you need to think about-
1. Who are you giving it to?
Make sure you aren't giving it to a phishing scam, or a untrustworthy company. Common sense is valuable here.
2. Where are you sending it from?
Who's computer are you using and do you trust it's integrity? Do you trust that it isn't infected with any keylogger or backdoor/virus that could steal your information?
3. Where will it go before it gets there?
Are you behind a proxy server? Do you trust your admins not to sniff the traffic for credit card numbers? People with access and privledge can view your actions on the internet if they can get in the line of traffic.
4. How will it get there?
Is your data encrypted? If you were wiretapped, would they be able to retrieve a plaintext CC number, or even know which packet contains it?
Words of advice, don't shop at internet cafe's, look for HTTPS:// in the url at a reputable site when you make your purchase, and keep your computer clean with antivirus and antispyware.
Another safety measure you can use, is to get a credit card to be only used for online purhases. One with a very low credit limit.
You also need to watch the activity of this card very closely, and to be ready to notify the card company of any discripticies.
credit cards are fine as long as the site is security certified. Ive been ordering stuff on the net for over a year on an almost weekly basis and haven't had a problem. Just make sure the place you are ordering from isn't www.randomcompanysellingrandomproducts.com
You're only liable for the first 50 bucks in case of CC theft. The folks at my bank pretty well know my spending habits and call if they spot anything weird (it pays to know folks on the inside), plus they WILL NOT authorize any purchases that are not shipped to MY shipping addy unless I authorize it in writing. All in all a pretty safe system for me personally.
A variety of academic papers have been published detailing attacks that defeat SSL and demolish many of the claims made for its capabilities have been published. These include:
www.cs.princeton.edu/sip/pub/spoofing.html
www.bau2.uibk.ac.at/matic/spoofing.htm
www.cs.dartmouth.edu/~pkilab/demos/spoofing/
Why would you take the risk using on-line banking and credit card transactions?
o.k. if you are security wise and know how it all works, but many people have had
large amounts of $ stolen from their accounts due to putting faith into sometimes
false security. What's wrong with the old money order by post, or better still a debit
card account that you deposit only that amount you need to purchase.
Credit card #s over the internet LOL, NOT ME.....
I am so registering that domain name.
If you are TRULY paranoid and think you have a keylogger then do the following:
Type in a random number in the text space then highlight it with your mouse and right click delete (don't press the delete key or backspace)
Then..click Start>Program Files>Accessories>Accessablilty>On-Screen Keyboard and click on them with the On-Screen Keyboard :p
correct me if i am wroing..... my understanding is https will secure the data on the wire, so that the data cannot be sniffed....but wht bout the end point.... i mean how can we be sure of the security in place at the server where the numbers are stored....?
Thats what i meant by my post. No digital information will ever be secure.Quote:
i mean how can we be sure of the security in place at the server where the numbers are stored....?
Well that is the point I think that they were trying to make. It is reasonable secure in transit and then it sits on someones server. If that persons server gets hacked, then the card info might get taken. Its happened before, and it will happen again. Just order from reputable sites like amazon.com or buy.com and you can feel reasonably safe about making a purchase. (Because there should be a bunch of security people keeping your information safe)Quote:
Originally posted here by oxygen
correct me if i am wroing..... my understanding is https will secure the data on the wire, so that the data cannot be sniffed....but wht bout the end point.... i mean how can we be sure of the security in place at the server where the numbers are stored....?
there's a new product thats coming out, called a Chameleon Card. Supposebly it can make online purchases MUCH more secure because it stores the information on the unit itself, instead of being saved over the net or on your PC which can be retreived. It also implements biometric security measures and only works with your thumbprint. Defenitely something i'm getting as soon as it comes out :D already told my gf waht I want for valentines :D
Quote:
Chameleon Networks has a plan for both reducing all that clutter in your wallet and making it a lot more difficult to steal your credit cards:
The Chameleon Card’s black strip covers a programmable transducer that mimics the information on the magnetic strips of the cards it is replacing. A new handheld device from Chameleon, the Pocket Vault, programs the Chameleon Card to take the place of any credit card the consumer chooses for a transaction. Shoppers will be able to swipe their Chameleon Cards through the same magnetic readers used in stores and banks today. And instead of reading bar codes off the back of customer-loyalty cards, retail bar-code readers will scan the bar code displayed on the Pocket Vault itself.
We’re not sure that carrying around a mini-vault is any easier than just carrying around a few credit cards, and besides which, a company called Privasys already had this idea years ago, and it wasn’t as complicated or expensive as the Chameleon. Instead of the Pocket Vault you got one really thin card with a keypad, an LED display, and a reprogrammable magenetic strip that stored all of your credit card numbers (and could generate disposable ones). You just entered your PIN, selected the card you wanted, and you were set. Not sure whatever happened to this, but the prototypes we saw definitely worked.
Quote:
Your next wallet may be 8 mm thick and contain the only card you'll ever need.
Chameleon Network, in Concord, Massachusetts, plans to replace the stacks of credit, bank and customer-loyalty cards burdening modern consumers with a single, rewritable Chameleon Card, which works just like an ordinary card with a magnetic strip.
. The Chameleon Card's black strip covers a programmable transducer that mimics the information on the magnetic strips of the cards it is replacing. A new handheld device from Chameleon, the Pocket Vault, programs the Chameleon Card to take the place of any credit card the consumer chooses for a transaction.
Shoppers will be able to swipe their Chameleon Cards through the same magnetic readers used in stores and banks today. And instead of reading bar codes off the back of customer-loyalty cards, retail bar-code readers will scan the bar code displayed on the Pocket Vault itself.
The Pocket Vault has a slot for the Chameleon Card, but has no buttons or stylus. The device, which will be about half the size of an iPaq pocket PC, will be on sale in stores such as Best Buy and Circuit City as early as January 2005, according to Chameleon CEO Todd Burger.
First-time users of the Pocket Vault will read their old credit cards with the device, which stores their information internally and backs it up to an online or local database in case the Pocket Vault is lost or stolen. Each credit card stored on the Pocket Vault is then represented by an icon on the device's touch-screen display.
The Pocket Vault also prompts its owners to place their fingerprints on the device's reader pad to create a biometric profile.
To use the Chameleon Card for a credit card transaction, a shopper taps the logo on the Pocket Vault's display representing the credit card account he wants to use. Seconds later, the Pocket Vault spits out the shopper's Chameleon Card, with the selected credit card account number, expiration date and logo imprinted on its flexible display, and its transducer reconfigured to work in the store's or bank's magnetic card reader.
The Pocket Vault, which Burger expects to sell for less than $200, will also replace ExxonMobil's Speedpass and similar radio-frequency identification applications with its own, built-in RFID chips.
But the Pocket Vault promises to do more than prevent slipped discs caused by overstuffed wallets. Its security features should also help safeguard shoppers from the devastation of credit card fraud and identity theft, said Burger.
The Pocket Vault will only power up when it detects its owner's fingerprint. And unlike an ordinary credit card, the information stored on a Chameleon Card becomes unreadable (and the transducer inoperable) within 10 minutes.
The Pocket Vault also switches off shortly after ejecting a Chameleon Card.
That's plenty of time for a shopper to swipe his Chameleon Card through a magnetic reader at the grocery store, but hardly enough for a thief to do much damage to the shopper's credit.
"Your worst possible exposure," said Burger, "is that a thief may be able to get in one illegal purchase in the 10 minutes after the card is ejected from the (Pocket Vault)."
Chameleon Network may be just weeks away from signing an agreement with major credit card associations and other financial institutions.
Chameleon has built most of the components of the Pocket Vault system, and it has successfully tested its replacement for the Speedpass.
But an analyst warned that, although the Pocket Vault and Chameleon Card may be easy to use, consumers are typically reluctant to change their buying behaviors.
They may also balk at the Pocket Vault's strongest security feature, its use of fingerprint authentication.
"Consumers still associate biometrics with an invasion of their privacy," said Forrester Research analyst Penny Gillespie. "For better or worse, they see it as intrusive."
A PIC:
http://a1112.g.akamai.net/7/1112/492...card-out_f.jpg
Sources:
http://www.wired.com/news/business/0...w=wn_tophead_6
I really like this part of the cards securitythat should decrease the number of credit card fraud and identity theft cases but there is still a scary side to this is that someone will figure out how to get it to work without the owners "Pocket Vault" or copy the information on a portable magnetic reader after it has been activated in places such as in a restaurant Etc.Quote:
The Pocket Vault will only power up when it detects its owner's fingerprint. And unlike an ordinary credit card, the information stored on a Chameleon Card becomes unreadable (and the transducer inoperable) within 10 minutes.
I'm inclined to agree with Tidal. I actually have yet to even get a credit card. Of course, my reason was because until recently, I was a college student, and you know what kind of combination a college student and credit card makes, so I avoided it all together. ;)
However, not using a credit card online, though desirable, isn't practical unfortunately. Most things purchasable online require a credit card, so you're kinda screwed without one, which sucks in my humble opinion.
Online web sites such amazon and bestbuy etc, will make modifications to their site to accommodate this new technology if they don't then they are losing money because people would have to drive to the store to make the purchase.
Hrmm, with all information considered I think the main lesson here is to be very careful and only trust site's that are well-recognized and aren't out to scam you. If you want to be even more secure and you have doubt's, than don't use your credit card online. I never do as it COULD cause problem's down the road. And like many will tell you, "You can never be too safe". :)
I was wondering if Paypal, or similar companies, woul be a good alternative. Much similar to the debit card explained earlier.
Jus any thoughts on pay pal in this instance?
Using your credit card on the internet is as safe as you make it. You need to do your due dilligence to ensure you are dealing with responsible companies and conducting your transactions in a safe manner.
You need to ensure that:
1) your information is transported to the appropriate parties (check the ssl certificate used by the other person to make sure it is them and that you indeed trust them)
2) that they do not hold your credit card data in their database or someplace worse...if they do it needs to be encrypted
3) that they never display sensitive data back to you on a web page
4) that they have implemented the appropriate access controls and authentication methods on the website and with their customer service department. Using information such as birthdays, social security numbers, etc is bad for identification. Canned security questions and answers for password retrieval and so on are also bad.
5) you should also check that they work with the major card providers in their anti-fraud efforts. Logo's such as 'verified by visa' are the top ones to stick with.....those companies must maintain acceptible fraud levels (usually 1% or so) which is quite good.
6) that any sensitive data sent to them is done with the appropriate encryption and encryption level.
Many companies dodge paypal like the plague due to their high fraud levels and their business take on handling fraud.
An interesting experiment is to go to google and do the following:
1) google for "paypal fraud"
a) Check the hit count you get and look through a few pages of links to see what was returned.
2) google for "visa fraud"
a) Check the hit count you get and look through a few pages of links to see what was returned.
My own experience was that paypal was primarily complaints of fraud or paypal screwing people. Visa however was primarily the steps they take to prevent or catch fraud and their system for handling it.
Anyone who tells you simply 'yes it is' or 'no it isn't' probably doesn't have enough experience or knowledge to give you an informed opinion.
[It seems that my post has been deleted - or I am blind]
An extra security measure you could take when purchasing off the www is to boot from a live CD linux distro. No, I'm not going to say it's foolproof, but it does increase security up a notch. This way you properly take care of any local holes that might compromise your purchase, such as software keyloggers, trojans and malware/spyware etc. With Knoppix for example, you only need to worry about hardware keyloggers [which I assume that, if you are at home, wouldn't be using :)] and the server side transaction.
All the relevant points have been already made about the latter. Encryption, knowledge of the site, known issues with the site [google for that]. For the most if anything happens your credit card company will take care of it, eventually investigate the problem too.
There's nothing wrong about buying online, provided you do it from a reputable company (e.g. amazon.com) and your transaction is handled by a secure server. Most credit card companies cover you for online fraud committed without your knowledge anyway.
Don't believe the horror stories the press keep feeding you - they merely exaggerate things to make a story out of nothing. I've bought stuff online plenty of times and never had any problems. In fact it's often a darn sight cheaper (I saved £25 on a DVD collection recently) and you don't have to speak to any uppitty checkout staff, plus it's all automated.
I use my credit card online, and take the security part seriously enough; check for the padlock symbol, and / or the https in the URL, as the absolute minimal check.
As for Paypal, I have an account. It works by you giving them your details ONCE, then when you buy, if the site does use paypal, click the link and follow the directions. Paypal will make the transfer, and then debit your card, not sure how much / if any commission is charged, or whether the business absorbs the cost.
I use Paypal, mainly to send donations for the S/W I D/L, [ I can't be the ONLY person who pays ?] but I use it if it is the first time on a site.
And; remember, if in doubt: DON'T..........
they can only get your details if you send them.........
my personal advice: Use a debit card instead of a Credit card. Debit cards take money directly out of your checking or statement savings account. If you leave a statement savings account with only 100 dollars in it...and use it only for online purchases then it limits your damages to 100 dollars. Same goes for a checking account. Never keep too much money in your checking account anyways...Always leave enough to pay the bills and whatever u might need...no need for $10k in a checking account.
Another good thing to do is get those credit cards you have to put money on before they can be used (Visa check cards I think, CitiBank has one too) and then anytime you want to buy something online, put some money on it, and use it. Then if someone does get the number, they won't be able to buy anything cuz it will be out.
If you really want to be safe just go to the store if they have one close to you and pay for the item with cash, then there is no need to worry about it after that.
Erm, isn't that a contradiction in terms? The whole concept of a credit card is that you are given credit to use and you only have to pay it back later.Quote:
Originally posted here by The Grunt
Another good thing to do is get those credit cards you have to put money on before they can be used
Really though, I don't know why people are so paranoid about shopping on the internet. Like I said, if you buy from a reputable dealer with a valid SSL certificate there shouldn't be any problems. If somehow someone gets hold of your details (extremely likely even if they manage to sniff the connection since it will be encrypted) you will still be covered by your bank/card issuer so long as you haven't been negligent.
Another thing that should be done is to read everything on the credit card's web site or brochure and see if they do offer fraud protection and how much you will be liable for if any amount and what steps they take if a very large purchase is being made.
This is from American express
MastercardQuote:
We use secure encryption technology to keep your information confidential. And if someone uses your Card without your consent, you'll never pay any part of the fraudulent charges—not even the first $50.
If any unauthorized charge appears on your statement, simply notify us at the 800 number of the back of your Card, or access your account at americanexpress.com and notify us by e-mail. In most cases, a temporary credit is given immediately.
Our Fraud Detection system watches your account for uncharacteristic or unusually high charges. If your identity is not verified, the purchase is stopped.
Quote:
Zero Liability
Have peace of mind knowing you won't be responsible for unauthorized purchases.
Receive the benefit of not being liable in the event of the unauthorized use of your U.S.-issued MasterCard. As a MasterCard cardholder, coverage extends to purchases made in a store, over the telephone, or on the Web.
Zero Liability is provided under the following conditions:
Your account is in good standing.
You have exercised reasonable care in safeguarding your card.
You have not reported two or more unauthorized events in the past 12 months.
Using a credit card on-line is as safe as using it in a small buisness (both are risky), but in most fraud cases you are only responsible for the first $50. Just the same I try not to use credit cards at all.