Sobering reminder about credit card security

[Guest JonP01]

I don't know how many of you have been the victims of credit card fraud, but I was almost a victim myself today. I have never used my credit card in a person to person transaction. I have only used it over the internet sites that display the security padlock in the Explorer status bar, or using those automated telephone payments systems. Apart from the main use of paying my telephone, gas, water, eletricity bills and council rates, it is also used to purchase computer parts from the US and flight sim software that is not otherwise available from shops (ie only downloadable).This morning my bank rang me to query a declined $1000 US transaction that occured last night. I told them I did not know anything about it and had certainly not authorised it. The bank then went through each item on my statement and verified they were legitimate. This $1000 was the only unauthorised transaction. Accordingly, the bank has now cancelled my card and will send me another one in the next few days.I have to admit that before today I was starting to really believe that my credit card was secure and I would have argued with anyone who said using your card over the internet was dangerous. Now I'm afraid to ever use it again over the internet.I notice some sites where I have bought software require me to enter that 3 digit code on the back of my card in addition to my address. The majority, however, have only ever asked for my address. I have never bought anything where I did not have to at least enter my address.To find out where the "leak" has occured would be next to impossible I guess. I have had to provide my card to maybe 25 vendors since I got it and who knows what undetected security leaks may have occured over the eighteen months since I got it. It could even have been someone intercepting an automated telephone payment call for all I know.Darn it, these fraudsters really ruin it for all of us. I have been a pretty darned good patron of flight sim payware. Not anymore, unless I can buy it as a CD-ROM with cash at the local games store.I'm also going to have to re-appraise how I buy my computer parts and how I pay my living expenses :-fume

[Guest Joshieca]

I have had it only once...I got a call from some stereo shop in New Jersey that asked if I approved a purchase for a $900 car dvd player to be sent to someone in New York. Of course I didn't. I canceled the card right away.Ever since then I only use a credit card that has a very low credit limit...I have only card that I wrote the bank and told them to lower my credit limit to $500 and that I didn't want any pre-approved credit limit increases. Also, if you need to purchase something larger than that you can call your bank and ask that a one time credit card number be issued to you. Usually they will comply with you, at the very least they will put an "auto" watch on your account for any large purchases which you need to approve by calling them.The net is not safe, when you can, call the company and purchase the stuff over the phone.[br][br][div align=center][br][link:members.cox.net/fstimes/wetimage.html]Click Here For Weather Image of the Day!

[Splash_One 0]

That hapenned to my parents once, someone charged a $1700 stereo system to their card.... Cancelled.

[Guest JonP01]

Joshieca,That low limit is a good idea. I will think about that one. The highest I've ever needed is about $1200 Australian. That is when all the bills come at once :-lol I guess the cost of calling the US could be worth it for the sake of security though, as that is where I buy lots of stuff from. There is just so much stuff I get from the US that is impossible to get from Oz. Things like the best memory sticks, computer fans and heatsinks. And of course a yearly Avsim donation!!! I only kept the standard limit for emergencies - touch wood I've never had one yet. I think when I get my new card I might try that. If a website has a phone number I will try that first.The only hard thing about ringing the US is time conversion, but FS2002 helps me out there!!!! I'd be ringing anywhere between 23:00 and 08:00 hours. I need to improve my American geography, so I know the longitute of the town I'm ringing :-lol

[Francois_Dumas 10]

I have had problems with my Master Card twice already.Once through a very well known hotel (American Chain) in Budapest, Hungary, where someone probably copied the number and exp. date off my transaction receipt after I paid the hotel. They (this ws clearly an organized gang) then went out and bought for about $ 10.000 worth of furniture, sporting goods and some other stuff until the banks computer recognized a 'wrong pattern' in my spending and they inquired about it.The other time I got called by the New Scotland Yard in the UK. They had arrested a guy with a booklet in his posession full with credit card numbers. Mine was among them. He too must have gotten them (probably) somewhere dealing with hotels. My remedy is to pay for my debit cards (we actually do not have many 'credit'cards in Europe), get a Gold Card and be insured for abuse !When someone broke into our house 2 years ago and got hold of a cheaper cardf, we did not get the money refunded that they stole off our account. So be warned indeed !! :-outta Francois :-wave________________________Francois A. "Navman" DumasAssociate Editor &Forums AdministratorAVSIM Online!email: fdumas@avsim.com________________________

[Guest JonP01]

Actually I don't really like *credit* cards as such either. What I really wanted was a debit card. Like many people, I don't actually use the credit side of it, as it gets paid off immediately. The problem is you go and ask for a debit card over here and you just get a blank stare. I have a normal EFTPOS card I use for supermarket and store purchases - this is great where it is accepted and you do the transaction face to face.I still have to wonder of how much use just a credit card number on it's own actually is. When you purchase, you are just about always asked for the name on the card and expiry date. In the case of internet purchases this extends to address and sometimes the three digit code on the back. I guess the problem is you enter this data and there it sits on a database just waiting to be hacked.Francois, your experiences have been a lot worse than mine. I really have to thank my bank for being so quickly on the ball. I only ever checked my card twice a week previously. Now I'm going to check it daily.So much for the "unbreakable" 128 bit SSL encryption.

[Guest]

Most sites don't store that data, or give you an option to store it or not.Most sites (especially the smaller more vulnerable online stores) have also outsourced the credit card processing to a bank or specialised company.Those do have the resources to protect your data.In fact, online use of your card is probably far safer than using it in a restaurant or gas station.There they have the opportunity to not just get the number and date, but also the content of the magnetic strip and your signature.Most creditcard abuse happens like that.Someone has a cardreader hidden in his pocket or behind the counter, which is backed up by a photocopy of your slip.They simply create a new card...

[Guest]

Never been done "offline" - but I did have a problem with a website a few years ago.I found a transaction from an American website on my credit card that I had never heard of, when I phoned to query it all I could ever get was a recorded message - luckily it had their e-mail address. I blasted off an e-mail to them with the details AND at the same time contacted the Credit Card company who "stopped" the transaction immeadiately. After about 20 e-mails to the website I finally got them to credit the payment - although the credit card company had already credited me anyway, so I ended up in profit :-lol ...Every time I use that card now on the internet (which is not very often) the company will phone me to confirm I have authorised the payment - which is fine by me.My view is the complete opposite of Francois - if a dodgy payment comes off my credit card I can easily get it frozen, and from experience it never gets near having to be paid. If it comes out from a debit card then the money has already gone and you might well have a fight on your hands to get it back (plus the worry of your bank account going very red)....

[Guest JonP01]

That is a very good point as well. With a debit card the money has of course gone. I guess if the fraud is attempted and unsuccessful then you can just freeze the credit card and get a new one like what happened today. I just wonder how accomodating the bank might be if they have to keep ringing me every 8 months and cancelling and issuing me with new cards. I suppose with the number of purchases I have made and the large variety of vendors I have dealt with I am perhaps lucky I have gone two years without incident.

[Francois_Dumas 10]

Yeah, well, Dutch banks are among the smartest (and biggest) in the world and they do not deal in credit cards ;-) But even with a debit card you can get protection from abuse, which is what I have. And necessary too.... especially since I do not get to see what is written off from my card but once a month. Another bank 'rule' to save money.I must say that all cards are doing okey (I have Visa, MC and Amex), and that the 'problem' card was the one from the 'Postbank'. And I concurr with Jeroen, the biggest risk is from physically handing your card to a waiter who disappears with it for a while... so that's why I tend to pay with my company Amex card as much as I can ;-) :-outta Francois :-wave________________________Francois A. "Navman" DumasAssociate Editor &Forums AdministratorAVSIM Online!email: fdumas@avsim.com________________________

[Guest]

Add this to your fears.Many years ago whilet taking advantage of lower interest rates I paid off my wife's Discover Card and my own Discover Card.After a week, someone had maxed out My wife's card in Atlantinc City and my card at various locations around Los Angeles.So there are crooks within the creditcard organizations themselves so you are never really secure.Credit cards are a great convenience you just have to be careful.

[Guest mikehaska]

Well, to defend internet credit card use (as I always do), when done correctly, it is safer than using your card anywhere else.Look for the padlock icon when you are on an order page. It should be on the lower taskbar of the browser. If you click it, and investigate it, you can learn about what security features are in place. You can trust it if the certificate is signed by a refutable company, and if they are using 128 bit encryption. This level of security is extremely difficult to be breached, and will protect your information. The bigger risk is if someone on the other end of the line (ie: the guy running the orderwebsite) abuses this information, but that is very rare.A survey was recently done that said more than 90% of webusers were concerned about what information is collected about them and how it was used, but less than .01% bothered to check the privacy statements! How many of you have read AVSIM's privacy statement (or even knew it existed!). (I have, so I can afford to be high and mighty ;))My last point is to be weary of PayPal. I have been burned, and many more have been to. If you are using the service, you should be very cautious about what's on your bank statement. See http://www.paypalwarning.com/ThingsYouShouldSee/Default.htm to read more on the risks. This is not the ramblings of one lunatic, there are articles from Wired, NBC, TechTV, and News.com. Please, be careful when it comes to this company!

[Guest]

"Credit" cards are much safer than Debit cards. In fact you should not use a Debit card on the internet. With a Credit card you are usualy only responsible for $50.00 max. A Debit card however has no protection, and no way to stop or dispute a transaction that has already cleared. This is the norm in the States, dont know about other parts of the world.Paulhttp://www.advdigitalmedia.com/sig3.gif

[Guest]

The real answer to this mess is to kick the banks into gear and get them to setup one-time-only credit card number services expressly for online transactions.Chase Visa - the largest Visa company in the US - is experimenting with this right now. Basically its setup like this: you either phone a special number or visit their encrypted web site and enter how much your purchase is for. They issue you a one-time credit card number that you use to pay for your items. That number is useless and will be automatically declined for any other charges once the first is made.Paypal is setup in a similar manner: but does have less protection. You transfer into your public Paypal account only the amount of money you want to use for a transaction. While warnings are made all the time about Paypal, they get a lot more inspection by the government than they did a year ago. The government wants to classify them as a bank in the near future as well, but Paypal is fighting this. Point being: Paypal is a lot safer these days than they were a year ago - and getting better every day. More retail sites are finally accepting Paypal payments too, now that they are becoming "mainstream". I think its the fear of Paypal thats finally driving the established credit companies (like Visa) to finally setup safe online systems.Between the two options, things *are* looking brighter for the future of online payments. It just seems most established credit companies are draging their feet getting there while their customers get robbed. Makes sense to them though: true credit cards gain them a lot more cash than debit-type systems - they can't charge through the roof for outstanding balances. Rest assured they'll charge a service fee each time you use one of the newer services though.I'm glad to hear your bank was at least on its toes this time Jon. You might want to inquire about the temporary-number service in your area since it sounds like they're are close to that type of setup anyway.Take care,Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

[Guest JonP01]

Given that for one reason or another my bank has already given me three cards in 18 months I think you are right!!!!