I've never ordered anything online for fear of having my credit card number being intercepted by spies or key loggers. While this is risky with a PC, I use a Mac. Is there still a risk even with a Mac?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Credit card numbers over the web - Is it safe?
- Thread starter MACDRIVE
- Start date
- Sort by reaction score
Depends where you shop...
Amazon: fine. Eastern Bloc pr0n sites: perhaps not.
I've been buying stuff all over the place for the past four years without a single problem. Touch wood. As it were.
Amazon: fine. Eastern Bloc pr0n sites: perhaps not.
I've been buying stuff all over the place for the past four years without a single problem. Touch wood. As it were.
My rules for using my credit card on the web:
--Make sure my credit card company has a good policy/reputation for dealing with fraud
--Only on trusted sites (with security enabled of course).
--Only on my computer, at my house.
With this in place, I think it is as safe as giving your credit card number over the phone. I have never had any problems.
Be sure that you are careful when choosing passwords for anything that may save credit card information. Example: don't use the same pasword for your web-based e-mail as paypal. If someone got that password they could go crazy with your accounts.
--Make sure my credit card company has a good policy/reputation for dealing with fraud
--Only on trusted sites (with security enabled of course).
--Only on my computer, at my house.
With this in place, I think it is as safe as giving your credit card number over the phone. I have never had any problems.
Be sure that you are careful when choosing passwords for anything that may save credit card information. Example: don't use the same pasword for your web-based e-mail as paypal. If someone got that password they could go crazy with your accounts.
I prefer talking to the sales department and ordering by phone if I'm using
a credit card.
For large purchases, like buying a new Apple Computer, I get the Apple wire transfer account information and the Web Order Number and have my bank wire the funds directly to Apple.
a credit card.
For large purchases, like buying a new Apple Computer, I get the Apple wire transfer account information and the Web Order Number and have my bank wire the funds directly to Apple.
I only put my credit card number into secure pages. Make sure to look for the security warnings or the "lock" on your web browser.
SSL 4 LIFE <3
SSL 4 LIFE <3
Attachments
No...look for the lock icon in the upper right corner of Safari when you're on a secure site.
Yep!
If you click on the lock you can look at the website's certificate to see if it's authentic too.
Wow... I've never noticed that lock being up there before. I'm going to start looking for it from now on. Thanks
Remember, a secure web page means simply that -- the HTML communication from your browser screen to the web server on that particular page for the duration of your visit to that page is secure from being intercepted by others. Nothing more.
It has no assurance of what happens to your information AFTER it is transmitted to that web server. Is it held on the web server in plaintext files, or databases that can be hacked? Is it transmitted from the server to elsewhere with insecure emails? or FTP transfers? Sold to spammers? You don't know.
One time I was asked to make a link from a client site to a 'secure' page that took applications for credit. I went to the target site, and in 2 minutes, with no hacking and no passwords, I had public access to a directory containing about 2000 credit applications, in plain text files - because they had sloppily set up the website and made it so if you typed in a directory name, it displayed all the files in that directory. The name of the directory was easily derived from the link. I advised the client to avoid referring any people to that site until they secured it properly.
It has no assurance of what happens to your information AFTER it is transmitted to that web server. Is it held on the web server in plaintext files, or databases that can be hacked? Is it transmitted from the server to elsewhere with insecure emails? or FTP transfers? Sold to spammers? You don't know.
One time I was asked to make a link from a client site to a 'secure' page that took applications for credit. I went to the target site, and in 2 minutes, with no hacking and no passwords, I had public access to a directory containing about 2000 credit applications, in plain text files - because they had sloppily set up the website and made it so if you typed in a directory name, it displayed all the files in that directory. The name of the directory was easily derived from the link. I advised the client to avoid referring any people to that site until they secured it properly.
What do you do after you finish dinner at a restaurant? You hand you credit card so some waiter you've known for only one evening and he goes off and does who knows what in the back room with your card then brings in back. How do you know he is not copying the number onto a list he sells at the end of his shift.
I'd trust any of the major on-line retailers more than I would the waiter. There are some notorious on-line scammers. Almost all small camera shops in Brooklyn NY. most overseas based on-line dating outfits. and persons presenting themselves as African bank officials. But Amazon, Apple, most others are all OK.
If you don't know the outfit you are buying from do a Goggle on the name. If they are not good Google will turn up many complaints from archived forum posts and email lists.
You are actually safer using a credit card. There are laws requiring the bank to limit your exposure to fraud with a credit card. Normally you will be out no more than $50. But with a wire transfer the money is gone and not recoverable. Some "gold cards" go even farther than what the law requires and will offer a full refund and with many cards will extend the manufacture's warranty are replace damaged or stolen items.
Things like wire transfers and cashier's checks are intended to protect the SELLER
I've had occasion to test this too. A while back some one got hold of my credit card and used it to buy gas. A lot of gas at several gas stations in one day. I simply told the bank I did not make those purchases and did not have to pay.
If I make a fake Apple web site and trick you into doing a wire transfer to my account. You are just out the money. You will have to come to Nigeria and sue me if you want your money back. Banks can't charge back a wire transfer.
That's true....along with the lock on the upper right corner, those sites should also start with https. The "s" means that your on a secure site, and that security has already been explained above.
Stations are catching on to this use of stolen cards and some credit card processors are only allowing a certain amt on outside Debit/Credit (DCR) transactions or allowing the card to be used X times outside.
After that set number of attempts/transactions, any subsequent transactions have to be done inside, which more often than not requires a signed receipt. Then if card holder calls bank and says "my card was stolen and used to buy gas" they can ask the retail location for a signed receipt. It's unlikely your card would be stolen, used only twice outside then placed back into cardholder's hands to where they can sign for their gas purchase. If the holder signed for it, they had it all along.
Visa/MC want you to use their Visa/MC backed check/credit cards, so they are willing to extend protection to the consumer for unauthorized purchases. Although they won't just "give" you the money back, they first have to confirm it wasn't you making the purchases via a charge-back notice for a signed receipt, verification of other data if the purchase was made online.
Did anyone mention that many CC companies offer one-time use "temporary" credit card numbers nowadays? Won't matter if the number is stolen, it only works once, so you won't need to hassle with any fraud cases.
Your information is at a greater risk sitting in some database for some vendor in a non-encrypted form compared to the actual transmission of the information on the interweb.
Your information is at a greater risk sitting in some database for some vendor in a non-encrypted form compared to the actual transmission of the information on the interweb.
Eastern Bloc pr0n galleries and V.I.A.G.R.A. stores give my life meaning.
But joking aside, I've bought, and helped other people buy what amounts to many thousands of dollars worth of stuff entirely online, and nobody I know has ever had any problems.
i remember the days when it took up to 3 days to verify a credit card for an online purchase.
i remember when AOL didnt verify your CC except against an algorithm that others had access to.
i remember when AOL, during your sign on procedure, would ask if you would like to purchase something and charge it to your AOL bill.
i remember it would ship before they found the CC # didnt pass verification.
i remember lots of people switching from AOL...
i remember when AOL didnt verify your CC except against an algorithm that others had access to.
i remember when AOL, during your sign on procedure, would ask if you would like to purchase something and charge it to your AOL bill.
i remember it would ship before they found the CC # didnt pass verification.
i remember lots of people switching from AOL...
It's not just about the end server. If you are in a corporation you are very likely to be behind a proxy which can actually perform a man-in-the-middle attack by connecting and authenticating with the store's server over SSL and then providing it's own certificate to you. You will see the lock and assume you are safe, but really the proxy can see everything you are doing. This is pretty common practice for schools and businesses. What's more, you may not be at one of these places but you do not know how many transparent proxies you are behind at any given moment.
Do not just look for the lock. Click it and verify the certificate actually belongs to the site you think it should. Thankfully it is near impossible to get a fake ticket from a trusted resource in your browser. If your browser asks you to accept a certificate from an unknown source be very aware of what you are doing before you accept it because it means anyone could just make it up. The main certificate vendors have their systems already in place in your browser so they never have to ask. The real security in SSL is in the authentication that someone like Verisign or Thawte provides allowing you to be sure that if they have that certificate, they really are who they say they are.
In the end, online really can be safer than offline. You just have to know what you are doing.
I think the key here is that credit card numbers (and other private data) can be transmitted safely over the internet. What happens to that data AFTER the transmission, as CanadaRAM says, is what you're really concerned about. And that remains the same regardless of the mode of transport of the credit information. Use the same common sense and vigilance you would normally use.
I have made dozens (hundreds?) of online credit card transactions, to the point I have memorized all my credit card numbers since I type them in so much (5258 948... oh, wait ) and I have only ever had two problems. One was an order I wanted to cancel but the store shipped it anyway, so I refused delivery of the shipment, and after eight weeks had gone by with no refund, I disputed the charge. Got my money back. The other looks like a legitimate case of fraud, someone charged $75 worth of phone cards onto my credit card. I disputed that, got the charges taken off, cancelled the card and a new one was in my hands a few days later. Super easy. The credit card companies are on your side!
I have made dozens (hundreds?) of online credit card transactions, to the point I have memorized all my credit card numbers since I type them in so much (5258 948... oh, wait
) and I have only ever had two problems. One was an order I wanted to cancel but the store shipped it anyway, so I refused delivery of the shipment, and after eight weeks had gone by with no refund, I disputed the charge. Got my money back. The other looks like a legitimate case of fraud, someone charged $75 worth of phone cards onto my credit card. I disputed that, got the charges taken off, cancelled the card and a new one was in my hands a few days later. Super easy. The credit card companies are on your side!
I have made dozens (hundreds?) of online credit card transactions, to the point I have memorized all my credit card numbers since I type them in so much (5258 948... oh, wait
all you needed was the first 8 numbers to generate 1000s more from the CC# algorithm...
i think the first 4 is specific to the bank and the next 4 are the card type...i dont remember anymore.
i have a CC# memorized from like 10 yrs ago that I made into the password for a World Builder (go OS6!!!) game I created
id put it here as I can type it from memory, but who knows if its actually someones real card # by now!
Agreed. But like I said, don't just look for the lock. Follow through and verify the owner of the cert.