Credit Cards and Common Sense, Part 2 By Yisroel (Izzy) Goodman AuctionBytes.com
December 15, 2001
In a previous issue, I wrote about some of the risks in using credit cards to make purchases online, particularly the risk of becoming a victim of identity theft. The risk is small, particularly if you exercise some caution in how you use your credit card. Here's more on how to use common sense when using credit cards.
Decide if the order is really worth using a credit card. One of the main reasons people use a credit card is to protect themselves against possible fraud. But the consequences of a seller misusing your credit card may cost you more than the item. There was a seller on eBay who used buyers' credit card numbers to open accounts with payment services and then ordered merchandise from other sites. There have even been phony Web sites and payment services set up entirely for the purpose of harvesting credit card information.
It's bad enough that your information can be easily stolen. Don't compound the problem by giving it away. If you don't trust the seller for the cost of the item, don't trust him with your credit card.
When dealing with a reputable seller, the first point of risk is in transmitting your credit card information. Never email your entire credit card information. For transactions in which a secure site is not available, I recommend that the customer send two emails to two different IDs, each one containing half the information and half the credit card number. Dealing with a seller who accepts credit cards and does not have a secure page may be asking for trouble.
Never leave your information on an answering machine. Not every employee in every business is authorized to accept this information.
Some people have been led to believe that if the site is "secure," it is safe to enter their CC info. A secure site means that there is encryption between you and the site, so that an eavesdropping hacker can't grab the CC info as you enter it. It does NOT mean that a hacker can't break into the site and steal the information after it has been recorded. In fact, this is the preferred method of hackers.
If you want the convenience of a credit card deal without worrying that some scammer will get your information, use a payment service. Despite the customer service problems reported with some payment services, I have not yet heard any reliable report of PayPal, Billpoint, Yahoo PayDirect or C2it being hacked, nor do I suspect that any of these services will place unauthorized charges on your card. It is far safer and more convenient to give your information to these services once than to give it to every seller from whom you make a purchase. Since C2it is backed by Citibank, it remains my first choice for security.
I have had customers say, "I'm not going to some Web site and giving them my info. I'm going to find a vendor where I can just phone in and give them my info directly." What do you think happens then? That vendor then types your info into their PC and transmits it to his card processor, often via an insecure transmission. That information now sits both at the processor and on the PC in the store, accessible by any of the minimum wage employees who work there.
One company was so lax in their security that they actually emailed customers with order confirmations that included the CC info. The emails also included links right to an insecure page on the site where this info was posted for anyone to see. By changing the order number in the link, the customer was then able to view other people's orders, along with their CC info. And when some shocked customers called the companies to complain, their complaints were ignored, and this information remained on the sites until the stories hit the newspapers.
So before you give out your CC information to a site you don't know, remember that the best way to protect your CC information is not to give it out. If you do give it out, make sure it is to a site that you know. If you use a payment service, you don't have to worry about hackers breaking into a retailer's PC and stealing your information, because it is not stored on a PC. The service handles paying the vendor without sending them your CC information.
Yisroel (Izzy) Goodman owns Complete Computer Services Inc. and sells electronics and ink cartridges online. His Web site http://www.ccs-digital.com contains articles about creating web sites, using HTML and ASP, obtaining a merchant account, payment service ratings, and avoiding fraud. His informed opinions are based on his own experience and from reading about others' experiences with payment services as well as discussions with users, representatives of the services and experts in the field. (Note: He is not affiliated in any way, directly or indirectly, with any payment service.) He can be reached by email at izzy @ ccs-digital. com.
