Safer Way to Use Your Credit Card

Discussion in 'Computer Security' started by Brad, Dec 30, 2004.

  1. Brad

    Brad Guest

    Hi,

    With the proliferation of "spyware", which includes "keyloggers" (logs
    your keystrokes as you type), why would anyone want to type their credit card
    number on a computer's keyboard? Is there really a "secure" site? No wonder
    identity theft is epidemic.

    A programmer friend of mine told me about his awesome idea for a safer way
    to order merchandize on the Internet. Web sites should present an option
    after you fill out an order form. If the credit card number slot is blank,
    you are presented with the option. If you accept (incase you forgot to type
    your credit card number), you receive an order number which you write down.
    Off line, you dial direct (no interception), a special toll free number and
    enter that order number. Next, you are prompted to enter the credit card
    number on your touch tone telephone. Note: This is automatic, no human
    contact. Also, your order is canceled if you fail to give your credit card
    number within a certain period of time.

    Brad
    Brad, Dec 30, 2004
    #1
    1. Advertising

  2. Brad

    Jim Watt Guest

    On Thu, 30 Dec 2004 13:32:24 GMT, (Brad) wrote:

    >Hi,
    >
    > With the proliferation of "spyware", which includes "keyloggers" (logs
    >your keystrokes as you type), why would anyone want to type their credit card
    >number on a computer's keyboard? Is there really a "secure" site? No wonder
    >identity theft is epidemic.
    >
    > A programmer friend of mine told me about his awesome idea for a safer way
    >to order merchandize on the Internet. Web sites should present an option
    >after you fill out an order form. If the credit card number slot is blank,
    >you are presented with the option. If you accept (incase you forgot to type
    >your credit card number), you receive an order number which you write down.
    >Off line, you dial direct (no interception), a special toll free number and
    >enter that order number. Next, you are prompted to enter the credit card
    >number on your touch tone telephone. Note: This is automatic, no human
    >contact. Also, your order is canceled if you fail to give your credit card
    >number within a certain period of time.
    >
    > Brad


    1. It introduces un-necessary complication and scope for error

    2. Its 'US centric' in its thinking in relation to using toll free
    numbers

    3. Systems are set up to do online card validation and charging


    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Dec 30, 2004
    #2
    1. Advertising

  3. on 12/30/2004 03:32 PM Brad wrote:

    > Hi,
    >
    > With the proliferation of "spyware", which includes "keyloggers" (logs
    > your keystrokes as you type), why would anyone want to type their credit card
    > number on a computer's keyboard? Is there really a "secure" site? No wonder
    > identity theft is epidemic.


    Visa has this "Verified by Visa" which makes sure the user is actually
    who he claims to be. This feature first requires approval from the card
    owner, approval is fast and totally free. After this, the user can buy
    securely and without fear of "any" abuse what there otherwise could be.
    More about this on Visa homepage. Of course, nothing's secure and this
    doesn't prevent keylogger from stealing getting your card number.

    --
    Teemu Valimaki <>

    "They who would give up an essential liberty for temporary security,
    deserve neither liberty or security" - Benjamin Franklin

    DailyCritical.com - News around the world
    Teemu Valimaki, Dec 30, 2004
    #3
  4. Brad

    Bill Unruh Guest

    (Brad) writes:

    >Hi,


    > With the proliferation of "spyware", which includes "keyloggers" (logs
    >your keystrokes as you type), why would anyone want to type their credit card
    >number on a computer's keyboard? Is there really a "secure" site? No wonder
    >identity theft is epidemic.


    > A programmer friend of mine told me about his awesome idea for a safer way
    >to order merchandize on the Internet. Web sites should present an option
    >after you fill out an order form. If the credit card number slot is blank,
    >you are presented with the option. If you accept (incase you forgot to type
    >your credit card number), you receive an order number which you write down.
    >Off line, you dial direct (no interception), a special toll free number and
    >enter that order number. Next, you are prompted to enter the credit card
    >number on your touch tone telephone. Note: This is automatic, no human
    >contact. Also, your order is canceled if you fail to give your credit card
    >number within a certain period of time.



    At which point the system stores the number on a database at the computer
    That computer is a far far higher usefulness to a identity thief--
    thousands of cards ratehr than one. Which computer would you target?
    Bill Unruh, Dec 30, 2004
    #4
  5. Brad

    Moe Trin Guest

    In article <>, Brad wrote:

    > With the proliferation of "spyware", which includes "keyloggers" (logs
    >your keystrokes as you type), why would anyone want to type their credit
    >card number on a computer's keyboard?


    Why are you installing the spyware? Or do you blindly click the block that
    says
    OK
    Install whatever you want - I don't care

    or even worse, have configured your browser to automatically install
    anything without asking, because it's to hard to click on 'OK' or 'Cancel'?
    Spyware/trojans/viruses can not install themselves without the user making
    some effort - either approving the install, or setting your browser to do
    it for you.

    >Is there really a "secure" site?


    Yes, plenty of them.

    >No wonder identity theft is epidemic.


    -------------------
    Do not attribute to malice that which can be explained by blatant stupidity.
    -------------------
    "Sufficiently advanced incompetence is indistinguishable from malice."`
    -------------------

    >A programmer friend of mine told me about his awesome idea for a safer way
    >to order merchandize on the Internet. Web sites should present an option
    >after you fill out an order form. If the credit card number slot is blank,
    >you are presented with the option. If you accept (incase you forgot to type
    >your credit card number), you receive an order number which you write down.


    Nothing wrong with that - it's been around since the 1960s, before there
    was an Internet (1969), never mind the web (1995).

    >Off line, you dial direct (no interception), a special toll free number


    1. Who pays for the call? "Toll free" isn't free to the callee. How do
    they recover the cost of the call? Do you have any idea how much the call
    would cost? How do they recover the cost of the telephone system that
    accepts these calls, and makes the association between order number and
    seller/buyer?

    2. What number do you dial? Is it one presented on the web site? Is it
    a single world wide telephone number that somehow figures out who the
    selling party is, and makes the connection between buyer and seller? Is
    it a number you saw on google, or looked up in the local phone book (which
    is only issued once a year)?

    3. How does your credit number get billed by the seller's bank - how is the
    information securely transferred from this computer that answers the phone to
    the seller's ordering computer, and then to the bank?

    >and enter that order number. Next, you are prompted to enter the credit
    >card number on your touch tone telephone. Note: This is automatic, no
    >human contact.


    4. How do you handle fumble-fingered typos?

    >Also, your order is canceled if you fail to give your credit card
    >number within a certain period of time.


    And who pays the cost of the order cancellation?

    Your programmer friend has absolutely no concept of how business operates
    and how things are costed out. Hope he's a better programmer than business
    consultant or security analyst.

    Old guy
    Moe Trin, Dec 31, 2004
    #5
  6. Brad

    Jim Watt Guest

    On Thu, 30 Dec 2004 17:52:05 +0200, Teemu Valimaki
    <> wrote:

    >Visa has this "Verified by Visa" which makes sure the user is actually
    >who he claims to be. This feature first requires approval from the card
    >owner, approval is fast and totally free. After this, the user can buy
    >securely and without fear of "any" abuse what there otherwise could be.
    >More about this on Visa homepage. Of course, nothing's secure and this
    >doesn't prevent keylogger from stealing getting your card number.


    At least it adds another element of security, and much to my suprise
    it is available in some the civilised world

    Andorra
    Austria
    Belgium
    Gibraltar
    Greece
    Israel
    Italy
    Norway
    Portugal
    Spain
    Switzerland
    Turkey
    UK
    RBS Group - available
    Barclays Bank (coming soon)

    Opps tough on the Irish, French and Germans etc
    mind you I don't see .fi there either, and the Gibraltar
    entry is in respect of Jyske Bank who only issue Visa
    branded debit cards, which are impractical.

    In the UK Barclays have the bulk of the Visa business for
    hstorical reasons, they started first. Natwest (part of RBS)
    mention a similar scheme for Mastercard.

    Looking at the terms and conditions I see "You understand that you are
    financially responsible for all uses of NatWest Secure."

    aha do I detect a game of pass the parcel ?

    Not today thanks.

    Of course in the future you would just need to insert your
    hand in the reader and the implanted ID chip could validate
    your identity.

    But wait thats just a bad dream, Blunkett has gone.


    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Dec 31, 2004
    #6
  7. Brad

    donnie Guest

    On Thu, 30 Dec 2004 13:32:24 GMT, (Brad) wrote:

    >Hi,
    >
    > With the proliferation of "spyware", which includes "keyloggers" (logs
    >your keystrokes as you type), why would anyone want to type their credit card
    >number on a computer's keyboard? Is there really a "secure" site? No wonder
    >identity theft is epidemic.
    >
    > A programmer friend of mine told me about his awesome idea for a safer way
    >to order merchandize on the Internet. Web sites should present an option
    >after you fill out an order form. If the credit card number slot is blank,
    >you are presented with the option. If you accept (incase you forgot to type
    >your credit card number), you receive an order number which you write down.
    >Off line, you dial direct (no interception), a special toll free number and
    >enter that order number. Next, you are prompted to enter the credit card
    >number on your touch tone telephone. Note: This is automatic, no human
    >contact. Also, your order is canceled if you fail to give your credit card
    >number within a certain period of time.
    >
    > Brad

    ##########################
    There is no reason for any of that. Some credit card companies offer
    one time numbers for internet purchases, so it's doesn't matter who
    gets the number because it's not good anymore anyway. What do you
    think of that?
    donnie.
    donnie, Dec 31, 2004
    #7
  8. Brad

    _Vanguard_ Guest

    "Brad" <> wrote in message
    news:...
    > Hi,
    >
    > With the proliferation of "spyware", which includes "keyloggers"
    > (logs
    > your keystrokes as you type), why would anyone want to type their
    > credit card
    > number on a computer's keyboard? Is there really a "secure" site?
    > No wonder
    > identity theft is epidemic.
    >
    > A programmer friend of mine told me about his awesome idea for a
    > safer way
    > to order merchandize on the Internet. Web sites should present an
    > option
    > after you fill out an order form. If the credit card number slot is
    > blank,
    > you are presented with the option. If you accept (incase you forgot
    > to type
    > your credit card number), you receive an order number which you write
    > down.
    > Off line, you dial direct (no interception), a special toll free
    > number and
    > enter that order number. Next, you are prompted to enter the credit
    > card
    > number on your touch tone telephone. Note: This is automatic, no
    > human
    > contact. Also, your order is canceled if you fail to give your credit
    > card
    > number within a certain period of time.
    >
    > Brad
    >



    Isn't it amazing how people will use a method that is more insecure?
    Hitting digits on a telephone. Yeah, like no one tapping your line
    could figure out what was your credit card number from that. That's
    like folks that are worried about ordering online and yet they go
    speaking their credit number on the telephone to place an order that
    way.

    Instead of using your real credit card number, why not use a temporary
    one? I have an account with MBNA Visa/MC. They have their ShopSafe
    scheme where you have them generate a temporary credit card number. It
    is tied back to your real account but only they know the linkage. You
    can specify both a maximum dollar limit on that temporary card number
    and an expiration (minimum is 1 month). That means when you order that
    $8 case fan with $5 shipping that you use ShopSafe to generate a temp
    card number that has a maximum charge of $15 (I always add a bit to
    account for any sales tax and other charges they may happen to omit when
    you are checking out) and have it expire in 1 month (the default term).
    That means if anyone steals that number, they can only nail you for the
    $15 and they'd have to use it before it expires in a month (i.e., your
    card number doesn't go floating around indefinitely and remain usable).
    My other credit card companies don't have this service so I end up using
    temp cards generated from my MBNA card all the time for online order, or
    even for telephone orders.

    I'm sure at some point in setting up the ShopSafe account or registering
    online with the credit card company to get an web account that you'll be
    typing in the sensitive info unless they ask for confirmation info to
    prove who you are instead of directly asking for your credit card
    numbers (or look you up on a partial card number). You could use an
    onscreen keyboard that you click on with the mouse as a keylogger
    wouldn't get that but a packet sniffer might *IF* the sight were so
    stupid as to not use SSL to encrypt your communications. However, you
    obviously should be periodically cleaning your system, anyway.

    --
    ____________________________________________________________
    *** Post your replies to the newsgroup. Share with others.
    *** For e-mail, you must append "#NEWS#" to the Subject.
    ____________________________________________________________
    _Vanguard_, Dec 31, 2004
    #8
  9. Brad

    Jim Watt Guest

    On Fri, 31 Dec 2004 01:09:42 -0600, "_Vanguard_" <>
    wrote:

    >why not use a temporary one? I have an account with MBNA


    Very nice, but they won't issue one to me.

    Bastards.

    They were soliciting clients in the depature lounge at
    Gatwick airport and wasted my time filling in an application
    only to announce later 'UK residents only'.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Dec 31, 2004
    #9
  10. Brad

    _Vanguard_ Guest

    "Jim Watt" <_way> wrote in message
    news:...
    > On Fri, 31 Dec 2004 01:09:42 -0600, "_Vanguard_" <>
    > wrote:
    >
    >>why not use a temporary one? I have an account with MBNA

    >
    > Very nice, but they won't issue one to me.
    >
    > Bastards.
    >
    > They were soliciting clients in the depature lounge at
    > Gatwick airport and wasted my time filling in an application
    > only to announce later 'UK residents only'.




    Must've been the branch to which you sent the application. MBNA is
    incorporated in Maryland (http://www.mbna.com/investor/articles.html).

    --
    ____________________________________________________________
    *** Post your replies to the newsgroup. Share with others.
    *** For e-mail, you must append "#NEWS#" to the Subject.
    ____________________________________________________________
    _Vanguard_, Dec 31, 2004
    #10
  11. Brad

    Jim Watt Guest

    On Fri, 31 Dec 2004 04:58:29 -0600, "_Vanguard_"
    <> wrote:

    >"Jim Watt" <_way> wrote in message
    >news:...
    >> On Fri, 31 Dec 2004 01:09:42 -0600, "_Vanguard_" <>
    >> wrote:
    >>
    >>>why not use a temporary one? I have an account with MBNA

    >>
    >> Very nice, but they won't issue one to me.
    >>
    >> Bastards.
    >>
    >> They were soliciting clients in the depature lounge at
    >> Gatwick airport and wasted my time filling in an application
    >> only to announce later 'UK residents only'.

    >
    >
    >
    >Must've been the branch to which you sent the application. MBNA is
    >incorporated in Maryland (http://www.mbna.com/investor/articles.html).


    I thought they were Australian, however it was their UK launch
    and they only wanted business from UK residents., now if they had
    said that up front it would have saved a lot of time.

    One might also assume that in a departure lounge at least 50% of
    the people are likely to be non residents.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Dec 31, 2004
    #11
  12. on 12/31/2004 02:50 AM Jim Watt wrote:

    > Opps tough on the Irish, French and Germans etc
    > mind you I don't see .fi there either, and the Gibraltar
    > entry is in respect of Jyske Bank who only issue Visa
    > branded debit cards, which are impractical.


    You don't see .fi where?
    From
    http://www.visa.fi/Visa%20s%E4hk%F6isesti/Verified%20by%20Visa.html you
    can see that all our banks are supporting Verified by Visa feature. Also
    http://www.visa.de/produkte/technologien_index.htm shows that Germans
    too have this feature.

    --
    Teemu Valimaki <>

    "They who would give up an essential liberty for temporary security,
    deserve neither liberty or security" - Benjamin Franklin

    DailyCritical.com - News around the world
    Teemu Valimaki, Jan 2, 2005
    #12
  13. Brad

    Jim Watt Guest

    On Sun, 02 Jan 2005 10:02:28 +0200, Teemu Valimaki
    <> wrote:

    >You don't see .fi where?


    On the Euopean Verified by Visa website;

    http://www.visaeu.com/iusevisa/signup.html

    it seems strange they have included us and omitted .fi
    I'm not disputing the service is available just that their
    site implies its not.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Jan 2, 2005
    #13
  14. on 01/02/2005 10:19 AM Jim Watt wrote:

    > On Sun, 02 Jan 2005 10:02:28 +0200, Teemu Valimaki
    > <> wrote:
    >
    >
    >>You don't see .fi where?

    >
    >
    > On the Euopean Verified by Visa website;
    >
    > http://www.visaeu.com/iusevisa/signup.html
    >
    > it seems strange they have included us and omitted .fi
    > I'm not disputing the service is available just that their
    > site implies its not.


    Ah, indeed. Strange. That site (like the finnish one too) is pretty
    uninformative, atleast when it comes to this technology. I didn't find
    any details of the it (privacy, what information Visa gets from every
    action etc.).

    --
    Teemu Valimaki <>

    "They who would give up an essential liberty for temporary security,
    deserve neither liberty or security" - Benjamin Franklin
    Teemu Valimaki, Jan 2, 2005
    #14
  15. Brad

    Jim Watt Guest

    On Sun, 02 Jan 2005 10:57:46 +0200, Teemu Valimaki
    <> wrote:

    >Ah, indeed. Strange. That site (like the finnish one too) is pretty
    >uninformative, atleast when it comes to this technology. I didn't find
    >any details of the it (privacy, what information Visa gets from every
    >action etc.).


    My understanding is that it simply allows you to set a password
    after being authenticated by your card issuer; The terms and
    conditions were spelt out clearly enough on the Natwest Mastercard
    site (their equivalent) However, as I commented previously there
    seems to be an emphasis of shifting responsibility for any missuse
    to the user. In plain English "hey you have set a password so if there
    are any probems WHATSOEVER they are yours mate."

    Wheras one can sympathise with the issuer doing this, mysely I'll
    avoid signing up to that until it becomes mandatory.

    Yes its another level of security, but at a price.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Jan 2, 2005
    #15
  16. on 01/02/2005 03:23 PM Jim Watt wrote:

    > My understanding is that it simply allows you to set a password
    > after being authenticated by your card issuer; The terms and
    > conditions were spelt out clearly enough on the Natwest Mastercard
    > site (their equivalent) However, as I commented previously there
    > seems to be an emphasis of shifting responsibility for any missuse
    > to the user. In plain English "hey you have set a password so if there
    > are any probems WHATSOEVER they are yours mate."


    Yes that's what they explaind to me in the bank. Personally I don't
    quite get the idea of having just a simple password, my bank which
    offers online services too has this card with 100 unique (to my account)
    numbers that I need to punch in every time I make transactions online.
    Apparently Verified by Visa is similiar but only with one password. It
    is easier but not as secure.

    If we think about how Visa benefits from this system is that they
    actually can make analysis of what people buy. Given that Visa is
    probably the largest and most widely used payment system it's a very
    powerful data collection tool.

    --
    Teemu Valimaki <>

    "They who would give up an essential liberty for temporary security,
    deserve neither liberty or security" - Benjamin Franklin
    Teemu Valimaki, Jan 2, 2005
    #16
  17. Brad

    Jim Watt Guest

    On Sun, 02 Jan 2005 16:19:40 +0200, Teemu Valimaki
    <> wrote:

    >If we think about how Visa benefits from this system is that they
    >actually can make analysis of what people buy. Given that Visa is
    >probably the largest and most widely used payment system it's a very
    >powerful data collection tool.


    Not really, the way it looks the processing will continue to be done
    by your card issuer, who are not getting any additional information.

    Of course they already accumulate a lot of information about your
    buying habits, in the UK under the data protection act you can ask
    to see their records. I did once and found they did not have a
    record of my date of birth. They have subsequently added that.

    With the general paranoia level about 'money laundering' opening
    a bank account etc is no longer as easy as it was. However one
    suspects that the bigtime operators have less problems. Contrary
    to popular myth there is very little locally as the banks are too
    small and any real movement would show up. Although they get
    anxious when they see four figues of cash these days, that not
    what money laundering is about. Personally given the falling
    price of computer hardware I don't see it often enough.

    Heres a good story from the money laundering file ...

    http://www.radioislam.org/crime/launder/dirty.htm


    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Jan 2, 2005
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tiny tim

    Myie2 Browser...Safer to use?

    Tiny tim, Jun 26, 2004, in forum: Computer Support
    Replies:
    5
    Views:
    455
    Boomer
    Jun 27, 2004
  2. Gladys Pump

    Two PC's safer than one ?

    Gladys Pump, Jan 26, 2005, in forum: Computer Security
    Replies:
    10
    Views:
    657
    donnie
    Jan 26, 2005
  3. Brad Petria

    Credit Card Use on Web CAUTION

    Brad Petria, Dec 22, 2003, in forum: Computer Information
    Replies:
    4
    Views:
    455
    Calvin Crumrine
    Dec 22, 2003
  4. Muse Gruppes

    Openoffice safer to use?

    Muse Gruppes, Sep 26, 2006, in forum: Computer Support
    Replies:
    8
    Views:
    449
  5. Tia B. McMahon

    Which is "safer" from a hotel room (public or private IP)?

    Tia B. McMahon, Oct 30, 2007, in forum: Wireless Networking
    Replies:
    8
    Views:
    466
Loading...

Share This Page