Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




31 posts

Geek


# 31387 16-Mar-2009 14:49
Send private message

Quite often we go on websites (other than trademe) and purchase say hotel accommodation, airline tickets etc, both in NZ and overseas. We understand traffic to and from these sites are encrypted, and generally regarded as safe.

For our coming trip we have recently booked hotels. WE emailed one about their special deal, and we received an email from one of them advising us to give our credit card details. We told them we are not comfortable with this, and they told us to fax the credit card details. We faxed them the number, and gave the expiry date via email. That was all they needed to hold the booking for us (similar to taking an "imprint" of your credit card when you check in). Another hotel we booked via their website, and we gave the credit card details there, and the correct sum was deducted.

Another time we went to book air tickets for local flight in China using a local site, they claim they were having lots of problems with overseas credit cards, and they demand a long list of verifications such as photo copy of front and back of credit cards, and of passport etcs. We promptly switch to another website, and successfully did our booking without all the "authentification" of our cerdit card.

We know of friends and family who refuse to use credit card on the web, or do online banking. We have been doing online banking, and purchases on the web, for quite a while, and, touch wood, have had very little problems. HOWEVER, we do wonder how SAFE is it, to hand over your cerdit card details (number and expiry, and sometimes signature), either by phone, fax, email, filled form etc?


Create new topic
Professional yak shaver
1599 posts

Uber Geek

Trusted
BitSignal
Lifetime subscriber

  # 201424 16-Mar-2009 15:08
Send private message

Most credit card issuers nowadays have web fraud insurance because of the amount of online transactions being done daily, and I believe that works quite well.

However, I think sending credit card details by email is probably the biggest threat of all, seeing as emails can be easily sniffed through the net.

I like your approach of faxing the card details partially and then complementing with an email.

When it comes to websites, I think it's fair to say that you should always look for SSL certificates that match, Thawte or VeriSign badges and the likes.




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

I iz your trusted friend
5846 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 201429 16-Mar-2009 15:20
Send private message

alternatively, use prepaid credit card to cut down the chances of a fraud. Like Prezzy Card or Loaded (both by NZPost)




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 


 
 
 
 


6358 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 201477 16-Mar-2009 19:27
Send private message

magu: When it comes to websites, I think it's fair to say that you should always look for SSL certificates that match, Thawte or VeriSign badges and the likes.


Agreed to a level.  I could setup a website with SSL, take your order and credit card details, and then email them to myself for processing.  While the first step is encrypted, your cc details would pass unencrypted and be stored encrypted in my inbox.

I think a good rule is stick with well-known, reputable companies and you shouldn't go wrong.  I'd also keep an eye on your credit card statements if you aren't feeling too confident.

BDFL - Memuneh
64623 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 201479 16-Mar-2009 19:38
Send private message

nate:
magu: When it comes to websites, I think it's fair to say that you should always look for SSL certificates that match, Thawte or VeriSign badges and the likes.


Agreed to a level.  I could setup a website with SSL, take your order and credit card details, and then email them to myself for processing.  While the first step is encrypted, your cc details would pass unencrypted and be stored encrypted in my inbox.

I think a good rule is stick with well-known, reputable companies and you shouldn't go wrong.  I'd also keep an eye on your credit card statements if you aren't feeling too confident.


Yep. While the communications between your browser and their servers is encrypted, what guarantees you have they don't have the data on a database with a blank administrator password? Or that your credit card details is not visibile to everyone in their internal network? Or that their database server is on a separate box from their webserver with proper firewall between then to prevent buffer overflow exploits? Or that their credit card validation system is not manual and people can see and copy your details?

SSL alone doesn't mean anything at the end of the day...




Professional yak shaver
1599 posts

Uber Geek

Trusted
BitSignal
Lifetime subscriber

  # 201480 16-Mar-2009 19:43
Send private message

freitasm:
nate:
magu: When it comes to websites, I think it's fair to say that you should always look for SSL certificates that match, Thawte or VeriSign badges and the likes.


Agreed to a level.? I could setup a website with SSL, take your order and credit card details, and then email them to myself for processing.? While the first step is encrypted, your cc details would pass unencrypted and be stored encrypted in my inbox.

I think a good rule is stick with well-known, reputable companies and you shouldn't go wrong.? I'd also keep an eye on your credit card statements if you aren't feeling too confident.


Yep. While the communications between your browser and their servers is encrypted, what guarantees you have they don't have the data on a database with a blank administrator password? Or that your credit card details is not visibile to everyone in their internal network? Or that their database server is on a separate box from their webserver with proper firewall between then to prevent buffer overflow exploits? Or that their credit card validation system is not manual and people can see and copy your details?

SSL alone doesn't mean anything at the end of the day...


Hence why I didn't say 'just use sites that have SSL'. Proper Thawte and VeriSign validation helps a lot, but there's always the 'other side' element. Don't just take my word for it.




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

1786 posts

Uber Geek

Trusted

  # 201486 16-Mar-2009 20:39
Send private message

chiefie: alternatively, use prepaid credit card to cut down the chances of a fraud. Like Prezzy Card or Loaded (both by NZPost)


+1 with loaded, I use this for every online transaction I make. I  never keep than what's required on there :)

BDFL - Memuneh
64623 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 201489 16-Mar-2009 20:42
Send private message

It would be much better if Visa and Mastercard offered those one-use credit card numbers generated just for your account. I needed to buy a couple of things and could only use an American card number - pinged a friend on MSN, transferred money to his account and he generated two virtual credit card numbers.

These are really safe because have all the original owner's details but can only be used once and online only.





 
 
 
 


I iz your trusted friend
5846 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 201513 16-Mar-2009 22:12
Send private message

freitasm:

It would be much better if Visa and Mastercard offered those one-use credit card numbers generated just for your account. I needed to buy a couple of things and could only use an American card number - pinged a friend on MSN, transferred money to his account and he generated two virtual credit card numbers.

These are really safe because have all the original owner's details but can only be used once and online only.



That sound super awesome.. truly if-only!




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 


22485 posts

Uber Geek

Trusted
Subscriber

  # 201633 17-Mar-2009 15:14
Send private message

chiefie: alternatively, use prepaid credit card to cut down the chances of a fraud. Like Prezzy Card or Loaded (both by NZPost)


No way, a bank will not charge you to deal with customer service to start a chargeback, a bank will care because its their money that is at risk since you dont have to pay for charges you didnt authorize and the bank has an interest in keeping you happy as an ongoing customer.

The prepaid card companies couldnt give a toss about you, so make it as hard as possible to even query a charge on the card. They are for no hopers that cant get credit, or have no self control over their spending. Stick with a bank and you are treated like someone with a clue and respect.




Richard rich.ms

BDFL - Memuneh
64623 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

# 201637 17-Mar-2009 15:17
Send private message

richms: Stick with a bank and you are treated like someone with a clue and respect.


Until you need them... "A bank is a place where they lend you an umbrella in fair weather and ask for it back when it begins to rain" (Robert Frost).




2584 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 201647 17-Mar-2009 15:49
Send private message

As someone who has been the victim of credit card fraud I can say that at least with ASB they were very onto it. They contacted me to tell me that a transaction had been made that looked suspicious long before it appeared on my credit card account.

What’s more they cancelled my card as soon as I confirmed that I had in fact not brought airline tickets from some airport in the middle east and got a replacement card on the way straight way (arrived a couple of days later). As soon as the charge appeared on my card they sent me the documentation to say it was not mine and it was gone again the next day.

I have also had to get a charge reversed for a company that turned out to be very dodgy (something I did not find until things started looking suspicious). This took a bit longer but still at no point was I out of pocket as such.

I would say that if you are using a online store that you are not sure about do a google for complaints about the store first. If I had done so I would not have purchased of the store that I had to then reverse charges on.

However the case where airline tickets were purchased I believe was from a popular and trusted NZ online shop.


 







Media centre PC - Case Silverstone LC16M with 2 X 80mm AcoustiFan DustPROOF, MOBO Gigabyte MA785GT-UD3H, CPU AMD X2 240 under volted, RAM 4 Gig DDR3 1033, HDD 120Gig System/512Gig data, Tuners 2 X Hauppauge HVR-3000, 1 X HVR-2200, Video Palit GT 220, Sound Realtek 886A HD (onboard), Optical LiteOn DH-401S Blue-ray using TotalMedia Theatre Power Corsair VX Series, 450W ATX PSU OS Windows 7 x64



31 posts

Geek


# 201668 17-Mar-2009 16:59
Send private message

Hi, Thanks everyone for your comments. Agree that Prepaid Cards would not be my choice.

MasterCard does offer a Side Card, which is in addition to your main card, which has a daily limit, say one thousand dollars. This way the fraudster cannot get away with all your credit limit. HOWEVER I have been caught out myself when trying to pay for something online, then exceeded the daily limit, and the transcation was then "denied"!

It is obvious from all the feedback that it is very easy for credit card fraud to be committed, especailly online. The banks seems to be unable or unwilling to be proactive about dealing with these. At least with the major banks they do promise you are not out of pocket if you are found to be the victim, and you are quick to let them know. Interesting about the ASB keeping an eye out on transactions.

Thanks again.

22485 posts

Uber Geek

Trusted
Subscriber

  # 201669 17-Mar-2009 17:06
Send private message

One big gotcha is that if its your only card, they will not give you the CVV before the card arrives, so you are effectivly off the air as far as purchases online till the physical card arrives. For that reason multiple cards is a must. I had to let a friend use my loaded card when his card needed replacement and he was in the UK - and those currency fees on the loaded are outragous..




Richard rich.ms

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35


Amazon Studios announces New Zealand as location for its upcoming series based on The Lord of the Rings
Posted 18-Sep-2019 17:24


The Warehouse chooses Elasticsearch service
Posted 18-Sep-2019 13:55


Voyager upgrades core network to 100Gbit
Posted 18-Sep-2019 13:52


Streaming service Acorn TV launches in New Zealand with selection with British shows
Posted 18-Sep-2019 08:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.