Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


31 posts

Geek


Topic # 31387 16-Mar-2009 14:49
Send private message

Quite often we go on websites (other than trademe) and purchase say hotel accommodation, airline tickets etc, both in NZ and overseas. We understand traffic to and from these sites are encrypted, and generally regarded as safe.

For our coming trip we have recently booked hotels. WE emailed one about their special deal, and we received an email from one of them advising us to give our credit card details. We told them we are not comfortable with this, and they told us to fax the credit card details. We faxed them the number, and gave the expiry date via email. That was all they needed to hold the booking for us (similar to taking an "imprint" of your credit card when you check in). Another hotel we booked via their website, and we gave the credit card details there, and the correct sum was deducted.

Another time we went to book air tickets for local flight in China using a local site, they claim they were having lots of problems with overseas credit cards, and they demand a long list of verifications such as photo copy of front and back of credit cards, and of passport etcs. We promptly switch to another website, and successfully did our booking without all the "authentification" of our cerdit card.

We know of friends and family who refuse to use credit card on the web, or do online banking. We have been doing online banking, and purchases on the web, for quite a while, and, touch wood, have had very little problems. HOWEVER, we do wonder how SAFE is it, to hand over your cerdit card details (number and expiry, and sometimes signature), either by phone, fax, email, filled form etc?


Create new topic
Professional yak shaver
1599 posts

Uber Geek
+1 received by user: 8

Trusted
BitSignal
Lifetime subscriber

  Reply # 201424 16-Mar-2009 15:08
Send private message

Most credit card issuers nowadays have web fraud insurance because of the amount of online transactions being done daily, and I believe that works quite well.

However, I think sending credit card details by email is probably the biggest threat of all, seeing as emails can be easily sniffed through the net.

I like your approach of faxing the card details partially and then complementing with an email.

When it comes to websites, I think it's fair to say that you should always look for SSL certificates that match, Thawte or VeriSign badges and the likes.




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

I iz your trusted friend
5802 posts

Uber Geek
+1 received by user: 140

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 201429 16-Mar-2009 15:20
Send private message

alternatively, use prepaid credit card to cut down the chances of a fraud. Like Prezzy Card or Loaded (both by NZPost)




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 


6328 posts

Uber Geek
+1 received by user: 391

Moderator
Trusted
Lifetime subscriber

  Reply # 201477 16-Mar-2009 19:27
Send private message

magu: When it comes to websites, I think it's fair to say that you should always look for SSL certificates that match, Thawte or VeriSign badges and the likes.


Agreed to a level.  I could setup a website with SSL, take your order and credit card details, and then email them to myself for processing.  While the first step is encrypted, your cc details would pass unencrypted and be stored encrypted in my inbox.

I think a good rule is stick with well-known, reputable companies and you shouldn't go wrong.  I'd also keep an eye on your credit card statements if you aren't feeling too confident.

BDFL - Memuneh
61313 posts

Uber Geek
+1 received by user: 12053

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 201479 16-Mar-2009 19:38
Send private message

nate:
magu: When it comes to websites, I think it's fair to say that you should always look for SSL certificates that match, Thawte or VeriSign badges and the likes.


Agreed to a level.  I could setup a website with SSL, take your order and credit card details, and then email them to myself for processing.  While the first step is encrypted, your cc details would pass unencrypted and be stored encrypted in my inbox.

I think a good rule is stick with well-known, reputable companies and you shouldn't go wrong.  I'd also keep an eye on your credit card statements if you aren't feeling too confident.


Yep. While the communications between your browser and their servers is encrypted, what guarantees you have they don't have the data on a database with a blank administrator password? Or that your credit card details is not visibile to everyone in their internal network? Or that their database server is on a separate box from their webserver with proper firewall between then to prevent buffer overflow exploits? Or that their credit card validation system is not manual and people can see and copy your details?

SSL alone doesn't mean anything at the end of the day...




Professional yak shaver
1599 posts

Uber Geek
+1 received by user: 8

Trusted
BitSignal
Lifetime subscriber

  Reply # 201480 16-Mar-2009 19:43
Send private message

freitasm:
nate:
magu: When it comes to websites, I think it's fair to say that you should always look for SSL certificates that match, Thawte or VeriSign badges and the likes.


Agreed to a level.? I could setup a website with SSL, take your order and credit card details, and then email them to myself for processing.? While the first step is encrypted, your cc details would pass unencrypted and be stored encrypted in my inbox.

I think a good rule is stick with well-known, reputable companies and you shouldn't go wrong.? I'd also keep an eye on your credit card statements if you aren't feeling too confident.


Yep. While the communications between your browser and their servers is encrypted, what guarantees you have they don't have the data on a database with a blank administrator password? Or that your credit card details is not visibile to everyone in their internal network? Or that their database server is on a separate box from their webserver with proper firewall between then to prevent buffer overflow exploits? Or that their credit card validation system is not manual and people can see and copy your details?

SSL alone doesn't mean anything at the end of the day...


Hence why I didn't say 'just use sites that have SSL'. Proper Thawte and VeriSign validation helps a lot, but there's always the 'other side' element. Don't just take my word for it.




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

1780 posts

Uber Geek
+1 received by user: 35

Trusted

  Reply # 201486 16-Mar-2009 20:39
Send private message

chiefie: alternatively, use prepaid credit card to cut down the chances of a fraud. Like Prezzy Card or Loaded (both by NZPost)


+1 with loaded, I use this for every online transaction I make. I  never keep than what's required on there :)

BDFL - Memuneh
61313 posts

Uber Geek
+1 received by user: 12053

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 201489 16-Mar-2009 20:42
Send private message

It would be much better if Visa and Mastercard offered those one-use credit card numbers generated just for your account. I needed to buy a couple of things and could only use an American card number - pinged a friend on MSN, transferred money to his account and he generated two virtual credit card numbers.

These are really safe because have all the original owner's details but can only be used once and online only.





I iz your trusted friend
5802 posts

Uber Geek
+1 received by user: 140

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 201513 16-Mar-2009 22:12
Send private message

freitasm:

It would be much better if Visa and Mastercard offered those one-use credit card numbers generated just for your account. I needed to buy a couple of things and could only use an American card number - pinged a friend on MSN, transferred money to his account and he generated two virtual credit card numbers.

These are really safe because have all the original owner's details but can only be used once and online only.



That sound super awesome.. truly if-only!




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 


21459 posts

Uber Geek
+1 received by user: 4362

Trusted
Subscriber

  Reply # 201633 17-Mar-2009 15:14
Send private message

chiefie: alternatively, use prepaid credit card to cut down the chances of a fraud. Like Prezzy Card or Loaded (both by NZPost)


No way, a bank will not charge you to deal with customer service to start a chargeback, a bank will care because its their money that is at risk since you dont have to pay for charges you didnt authorize and the bank has an interest in keeping you happy as an ongoing customer.

The prepaid card companies couldnt give a toss about you, so make it as hard as possible to even query a charge on the card. They are for no hopers that cant get credit, or have no self control over their spending. Stick with a bank and you are treated like someone with a clue and respect.




Richard rich.ms

BDFL - Memuneh
61313 posts

Uber Geek
+1 received by user: 12053

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 201637 17-Mar-2009 15:17
Send private message

richms: Stick with a bank and you are treated like someone with a clue and respect.


Until you need them... "A bank is a place where they lend you an umbrella in fair weather and ask for it back when it begins to rain" (Robert Frost).




2584 posts

Uber Geek
+1 received by user: 5

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 201647 17-Mar-2009 15:49
Send private message

As someone who has been the victim of credit card fraud I can say that at least with ASB they were very onto it. They contacted me to tell me that a transaction had been made that looked suspicious long before it appeared on my credit card account.

What’s more they cancelled my card as soon as I confirmed that I had in fact not brought airline tickets from some airport in the middle east and got a replacement card on the way straight way (arrived a couple of days later). As soon as the charge appeared on my card they sent me the documentation to say it was not mine and it was gone again the next day.

I have also had to get a charge reversed for a company that turned out to be very dodgy (something I did not find until things started looking suspicious). This took a bit longer but still at no point was I out of pocket as such.

I would say that if you are using a online store that you are not sure about do a google for complaints about the store first. If I had done so I would not have purchased of the store that I had to then reverse charges on.

However the case where airline tickets were purchased I believe was from a popular and trusted NZ online shop.


 







Media centre PC - Case Silverstone LC16M with 2 X 80mm AcoustiFan DustPROOF, MOBO Gigabyte MA785GT-UD3H, CPU AMD X2 240 under volted, RAM 4 Gig DDR3 1033, HDD 120Gig System/512Gig data, Tuners 2 X Hauppauge HVR-3000, 1 X HVR-2200, Video Palit GT 220, Sound Realtek 886A HD (onboard), Optical LiteOn DH-401S Blue-ray using TotalMedia Theatre Power Corsair VX Series, 450W ATX PSU OS Windows 7 x64



31 posts

Geek


Reply # 201668 17-Mar-2009 16:59
Send private message

Hi, Thanks everyone for your comments. Agree that Prepaid Cards would not be my choice.

MasterCard does offer a Side Card, which is in addition to your main card, which has a daily limit, say one thousand dollars. This way the fraudster cannot get away with all your credit limit. HOWEVER I have been caught out myself when trying to pay for something online, then exceeded the daily limit, and the transcation was then "denied"!

It is obvious from all the feedback that it is very easy for credit card fraud to be committed, especailly online. The banks seems to be unable or unwilling to be proactive about dealing with these. At least with the major banks they do promise you are not out of pocket if you are found to be the victim, and you are quick to let them know. Interesting about the ASB keeping an eye out on transactions.

Thanks again.

21459 posts

Uber Geek
+1 received by user: 4362

Trusted
Subscriber

  Reply # 201669 17-Mar-2009 17:06
Send private message

One big gotcha is that if its your only card, they will not give you the CVV before the card arrives, so you are effectivly off the air as far as purchases online till the physical card arrives. For that reason multiple cards is a must. I had to let a friend use my loaded card when his card needed replacement and he was in the UK - and those currency fees on the loaded are outragous..




Richard rich.ms

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.