Credit card numbers over the web - Is it safe?

Discussion in 'Buying Tips and Advice' started by MACDRIVE, Nov 27, 2006.

  1. MACDRIVE macrumors 68000

    MACDRIVE

    Joined:
    Feb 17, 2006
    Location:
    Clovis, California
    #1
    I've never ordered anything online for fear of having my credit card number being intercepted by spies or key loggers. While this is risky with a PC, I use a Mac. Is there still a risk even with a Mac?
     
  2. Blue Velvet Moderator emeritus

    Joined:
    Jul 4, 2004
    #2
    Depends where you shop...

    Amazon: fine. Eastern Bloc pr0n sites: perhaps not.

    I've been buying stuff all over the place for the past four years without a single problem. Touch wood. As it were.
     
  3. ChickenSwartz macrumors 6502a

    Joined:
    Jul 27, 2006
    #3
    My rules for using my credit card on the web:
    --Make sure my credit card company has a good policy/reputation for dealing with fraud
    --Only on trusted sites (with security enabled of course).
    --Only on my computer, at my house.

    With this in place, I think it is as safe as giving your credit card number over the phone. I have never had any problems.

    Be sure that you are careful when choosing passwords for anything that may save credit card information. Example: don't use the same pasword for your web-based e-mail as paypal. If someone got that password they could go crazy with your accounts.
     
  4. FFTT macrumors 68030

    FFTT

    Joined:
    Apr 17, 2004
    Location:
    A Stoned Throw From Ground Zero
    #4
    I prefer talking to the sales department and ordering by phone if I'm using
    a credit card.

    For large purchases, like buying a new Apple Computer, I get the Apple wire transfer account information and the Web Order Number and have my bank wire the funds directly to Apple.
     
  5. Eric5h5 macrumors 68020

    Joined:
    Dec 9, 2004
    #5
    Ordering online (even with a PC) is typically a lot safer than giving your card to some restaurant worker, which people do all the time without thinking about it. Don't worry about it. (Unless the site is of some sort of dubious nature....)

    --Eric
     
  6. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #6
    I only put my credit card number into secure pages. Make sure to look for the security warnings or the "lock" on your web browser.

    SSL 4 LIFE <3
     
  7. MACDRIVE thread starter macrumors 68000

    MACDRIVE

    Joined:
    Feb 17, 2006
    Location:
    Clovis, California
    #7

    Attached Files:

  8. WildCowboy Administrator/Editor

    WildCowboy

    Staff Member

    Joined:
    Jan 20, 2005
    #8
    No...look for the lock icon in the upper right corner of Safari when you're on a secure site.

    Picture 1.png
     
  9. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
  10. MACDRIVE thread starter macrumors 68000

    MACDRIVE

    Joined:
    Feb 17, 2006
    Location:
    Clovis, California
    #10
    Oh Ok... and that will ONLY appear when I'm on a secure site?
     
  11. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #11
    Yep!

    If you click on the lock you can look at the website's certificate to see if it's authentic too.
     
  12. MACDRIVE thread starter macrumors 68000

    MACDRIVE

    Joined:
    Feb 17, 2006
    Location:
    Clovis, California
    #12
    Wow... I've never noticed that lock being up there before. I'm going to start looking for it from now on. Thanks :)
     
  13. CanadaRAM macrumors G5

    CanadaRAM

    Joined:
    Oct 11, 2004
    Location:
    On the Left Coast - Victoria BC Canada
    #13
    Remember, a secure web page means simply that -- the HTML communication from your browser screen to the web server on that particular page for the duration of your visit to that page is secure from being intercepted by others. Nothing more.

    It has no assurance of what happens to your information AFTER it is transmitted to that web server. Is it held on the web server in plaintext files, or databases that can be hacked? Is it transmitted from the server to elsewhere with insecure emails? or FTP transfers? Sold to spammers? You don't know.

    One time I was asked to make a link from a client site to a 'secure' page that took applications for credit. I went to the target site, and in 2 minutes, with no hacking and no passwords, I had public access to a directory containing about 2000 credit applications, in plain text files - because they had sloppily set up the website and made it so if you typed in a directory name, it displayed all the files in that directory. The name of the directory was easily derived from the link. I advised the client to avoid referring any people to that site until they secured it properly.
     
  14. MACDRIVE thread starter macrumors 68000

    MACDRIVE

    Joined:
    Feb 17, 2006
    Location:
    Clovis, California
    #14
    Thank you CanadaRAM and everyone else who has contributed to this thread. :)
     
  15. ChrisA macrumors G4

    Joined:
    Jan 5, 2006
    Location:
    Redondo Beach, California
    #15
    What do you do after you finish dinner at a restaurant? You hand you credit card so some waiter you've known for only one evening and he goes off and does who knows what in the back room with your card then brings in back. How do you know he is not copying the number onto a list he sells at the end of his shift.

    I'd trust any of the major on-line retailers more than I would the waiter. There are some notorious on-line scammers. Almost all small camera shops in Brooklyn NY. most overseas based on-line dating outfits. and persons presenting themselves as African bank officials. But Amazon, Apple, most others are all OK.

    If you don't know the outfit you are buying from do a Goggle on the name. If they are not good Google will turn up many complaints from archived forum posts and email lists.
     
  16. ChrisA macrumors G4

    Joined:
    Jan 5, 2006
    Location:
    Redondo Beach, California
    #16
    You are actually safer using a credit card. There are laws requiring the bank to limit your exposure to fraud with a credit card. Normally you will be out no more than $50. But with a wire transfer the money is gone and not recoverable. Some "gold cards" go even farther than what the law requires and will offer a full refund and with many cards will extend the manufacture's warranty are replace damaged or stolen items.

    Things like wire transfers and cashier's checks are intended to protect the SELLER

    I've had occasion to test this too. A while back some one got hold of my credit card and used it to buy gas. A lot of gas at several gas stations in one day. I simply told the bank I did not make those purchases and did not have to pay.

    If I make a fake Apple web site and trick you into doing a wire transfer to my account. You are just out the money. You will have to come to Nigeria and sue me if you want your money back. Banks can't charge back a wire transfer.
     
  17. topgun072003 macrumors 6502

    topgun072003

    Joined:
    Sep 11, 2006
    Location:
    Los Angeles, CA
    #17
    That's true....along with the lock on the upper right corner, those sites should also start with https. The "s" means that your on a secure site, and that security has already been explained above.
     
  18. jessep28 macrumors 6502

    jessep28

    Joined:
    Sep 8, 2006
    Location:
    Omaha, NE
    #18
    Stations are catching on to this use of stolen cards and some credit card processors are only allowing a certain amt on outside Debit/Credit (DCR) transactions or allowing the card to be used X times outside.

    After that set number of attempts/transactions, any subsequent transactions have to be done inside, which more often than not requires a signed receipt. Then if card holder calls bank and says "my card was stolen and used to buy gas" they can ask the retail location for a signed receipt. It's unlikely your card would be stolen, used only twice outside then placed back into cardholder's hands to where they can sign for their gas purchase. If the holder signed for it, they had it all along.

    Visa/MC want you to use their Visa/MC backed check/credit cards, so they are willing to extend protection to the consumer for unauthorized purchases. Although they won't just "give" you the money back, they first have to confirm it wasn't you making the purchases via a charge-back notice for a signed receipt, verification of other data if the purchase was made online.
     
  19. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #19
    Did anyone mention that many CC companies offer one-time use "temporary" credit card numbers nowadays? Won't matter if the number is stolen, it only works once, so you won't need to hassle with any fraud cases.

    Your information is at a greater risk sitting in some database for some vendor in a non-encrypted form compared to the actual transmission of the information on the interweb.
     
  20. dpaanlka macrumors 601

    dpaanlka

    Joined:
    Nov 16, 2004
    Location:
    Illinois
    #20
    Eastern Bloc pr0n galleries and V.I.A.G.R.A. stores give my life meaning.

    But joking aside, I've bought, and helped other people buy what amounts to many thousands of dollars worth of stuff entirely online, and nobody I know has ever had any problems.
     
  21. Sdashiki macrumors 68040

    Sdashiki

    Joined:
    Aug 11, 2005
    Location:
    Behind the lens
    #21
    i remember the days when it took up to 3 days to verify a credit card for an online purchase.

    i remember when AOL didnt verify your CC except against an algorithm that others had access to.

    i remember when AOL, during your sign on procedure, would ask if you would like to purchase something and charge it to your AOL bill.

    i remember it would ship before they found the CC # didnt pass verification.

    i remember lots of people switching from AOL...
     
  22. tuartboy macrumors 6502a

    tuartboy

    Joined:
    May 10, 2005
    #22
    It's not just about the end server. If you are in a corporation you are very likely to be behind a proxy which can actually perform a man-in-the-middle attack by connecting and authenticating with the store's server over SSL and then providing it's own certificate to you. You will see the lock and assume you are safe, but really the proxy can see everything you are doing. This is pretty common practice for schools and businesses. What's more, you may not be at one of these places but you do not know how many transparent proxies you are behind at any given moment.

    Do not just look for the lock. Click it and verify the certificate actually belongs to the site you think it should. Thankfully it is near impossible to get a fake ticket from a trusted resource in your browser. If your browser asks you to accept a certificate from an unknown source be very aware of what you are doing before you accept it because it means anyone could just make it up. The main certificate vendors have their systems already in place in your browser so they never have to ask. The real security in SSL is in the authentication that someone like Verisign or Thawte provides allowing you to be sure that if they have that certificate, they really are who they say they are.

    In the end, online really can be safer than offline. You just have to know what you are doing.
     
  23. notjustjay macrumors 603

    notjustjay

    Joined:
    Sep 19, 2003
    Location:
    Canada, eh?
    #23
    I think the key here is that credit card numbers (and other private data) can be transmitted safely over the internet. What happens to that data AFTER the transmission, as CanadaRAM says, is what you're really concerned about. And that remains the same regardless of the mode of transport of the credit information. Use the same common sense and vigilance you would normally use.

    I have made dozens (hundreds?) of online credit card transactions, to the point I have memorized all my credit card numbers since I type them in so much (5258 948... oh, wait :eek: ) and I have only ever had two problems. One was an order I wanted to cancel but the store shipped it anyway, so I refused delivery of the shipment, and after eight weeks had gone by with no refund, I disputed the charge. Got my money back. The other looks like a legitimate case of fraud, someone charged $75 worth of phone cards onto my credit card. I disputed that, got the charges taken off, cancelled the card and a new one was in my hands a few days later. Super easy. The credit card companies are on your side!
     
  24. Sdashiki macrumors 68040

    Sdashiki

    Joined:
    Aug 11, 2005
    Location:
    Behind the lens
    #24
    all you needed was the first 8 numbers to generate 1000s more from the CC# algorithm...

    i think the first 4 is specific to the bank and the next 4 are the card type...i dont remember anymore.


    i have a CC# memorized from like 10 yrs ago that I made into the password for a World Builder (go OS6!!!) game I created

    id put it here as I can type it from memory, but who knows if its actually someones real card # by now!
     
  25. tuartboy macrumors 6502a

    tuartboy

    Joined:
    May 10, 2005
    #25
    Agreed. But like I said, don't just look for the lock. Follow through and verify the owner of the cert.
     

Share This Page