Limiting how much someone can steal from your credit card
April 27, 2005
I'm sure anyone reading this page has ordered something from the internet if not many things. Everytime you make a purchase you're exposing your credit card to strangers, you might think its just computers talking to computers but at my previous company I was hired to create a new e-commerce site for them that interacted with an AS400 system they used for phone orders. Their old method was
1. Someone places an order online
2. Each day it was someones job to PRINT out the orders WITH CREDIT CARDS NUMBERS
3. That person would then hand key them into the AS400 system, if they didn't finish them they left a stack of orders on their desk overnight
tech supports, janitors, salesman, etc... basically anyone could stroll by, glance at the order on top and get your CC number and your billing address, everything they need to use your card. This was at a multi-million dollar ecommerce site too, not just some 5 order a day place, we're talking hundreds of orders a day, just sitting around.
As a consumer you cannot prevent your credit card information from being stolen in this manner, all you did was key it into a browser now its on someone's desk waiting to be keyed in. Since that experience what I did was contact my bank and get a credit card that I specifically use for the web with a $1000 limit, so the most I could get hosed for is a grand or less if there is a balance. I'm sure alot of people out there enter in their cards with 10, 20, 30 thousand dollars available. Why take the risk, get a small card just for the net, $250, $500, $1000 limits. This is also helpful for gas stations, restaurants, etc.
I know a few people first hand, one waiter and one full service gas pumper who would copy CC numbers down from customers cards and then use them that night to order whatever they wanted, it worked and they got away with it.
1. Someone places an order online
2. Each day it was someones job to PRINT out the orders WITH CREDIT CARDS NUMBERS
3. That person would then hand key them into the AS400 system, if they didn't finish them they left a stack of orders on their desk overnight
tech supports, janitors, salesman, etc... basically anyone could stroll by, glance at the order on top and get your CC number and your billing address, everything they need to use your card. This was at a multi-million dollar ecommerce site too, not just some 5 order a day place, we're talking hundreds of orders a day, just sitting around.
As a consumer you cannot prevent your credit card information from being stolen in this manner, all you did was key it into a browser now its on someone's desk waiting to be keyed in. Since that experience what I did was contact my bank and get a credit card that I specifically use for the web with a $1000 limit, so the most I could get hosed for is a grand or less if there is a balance. I'm sure alot of people out there enter in their cards with 10, 20, 30 thousand dollars available. Why take the risk, get a small card just for the net, $250, $500, $1000 limits. This is also helpful for gas stations, restaurants, etc.
I know a few people first hand, one waiter and one full service gas pumper who would copy CC numbers down from customers cards and then use them that night to order whatever they wanted, it worked and they got away with it.
Marco says:
April 27, 2005 @ 17:41 — Reply
The reason why they got away with it is that the entity left holding the bag is the merchant. By law, you are not responsible for unauthorized purchases after the $50 (unless the merchant has your signature on his sales slips, which is of course out of the question for MOTO transactions), and the bank simply transfers the loss over to the merchant--usually with a hefty "chargeback fee" tacked on for good measure. The kicker is that the problem exists because the credit card network is about as secure as leaving your cash in the middle of a subway station with a sign that says "steal me please", but nobody really cares because the ones bearing the cost of it are the merchants, who, of course, have no power to change things. The best part was VISA's answer to the issue (ever heard of "Verified by VISA"): instead of making the network more secure, they want people to start using numeric passwords--and while they're telling their customers that this way their cards will be "safe", in reality they are creating a security risk, because, while right now you're on the hook for a maximum of $50, if someone steals your VBV password, that's as good as your signature--and now you're on the hook for every purchase. Clever, eh? As long as the banks are off the hook, everybody should be happy...
Jim says:
April 27, 2005 @ 19:08 — Reply
yep, you're only responsible in most cases up to a certain limit, but why take chances when you don't need to. I'm definately aware about merchants getting the shaft by the processing companies, I got to look at the orders from all over the world... they all seemed to be.. give me the most expensive camera and i want it overnight! my billing address is in the states but I want it shipped to south africa lol, we had to put measures in to put auto holds on those types of orders because of the chargebacks we were getting, it was a mess.
Louis Vuitton handbags says:
June 16, 2010 @ 01:54 — Reply
Comment pending moderation