Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: phranque
After all these years, I expected the web to become just another way to do shopping, and that the use of credit cards over the web would become second nature.
Not so, the number of people that prefer to place an order over the web, and then use our phone order option (designed for the paranoid) has stayed the same at 5% of the population over all these years.
I wish schools would teach people that its not giving the credit card over a secure connection, but what happens to the credit card information afterwords, which is the source of the problem.
There are still lots of gas stations that dumps your
unshreded credit card numbers into the dumpster, after a few months or a year.
The simple act of giving another human being your card gives you some sense of assurance as well. It gives you the idea that this person is responsible for your card and you can take up any complaints back to that person. The idea of typing it in and hoping everything goes ok is less comforting. Though these impressions may not necessarily be factually acurate, people make a lot of decisions based on feelings.
If those scare stories on TV gave the total number of ALL credit card transactions online in a year, the number of fraudulent transactions, and the percentage of the total they add up to, it would help... but it wouldn't make for nearly as exciting a story.
People don't really understand how RARE it is for credit card data to be stolen...
This identity theft propaganda has really gotten outa hand. It gets hipe on the evening news because it sells. Even the credit card companies themselves now must use rhetoric insuring customers they're safe against it!
I've been trying to get a family member to buy a computer and get online for several years. Now they won't because of, what else, identity theft - like some thief is gonna sneak into their home through the computer.
But what they don't realise is that is not the customer that has to worry. It is the merchant - they are the one taking the risks. Fraudsters use the internet because they view it as an easy option - there is no phone call, fax, letter, or contact at all! A person who speaks very little English can give a very English name over the internet but cannot do that on the phone or by letter (bad grammar), so the internet is seen as an easy target.
We never keep an electronic copy of credit card information, and if a company feels that it must keep this information for subscription purposes, then it should be highly encrypted, in a secure area, on a machine not connected to a network, with access by only key staff, that has undergone extensive security checks.
Wish I could remember the exact numbers, but basically it went, people under (I believe its somewhere between 22-25) 25 are more likely to trust the web for credit card usage that the phone.
People over 25 are the opposite. It's definately a generation gap thing between who trusts the net and who doesn't.
I use a credit card processor that handles the card number and just sends me the money. So I don't see the number. Someone called me on the phone, said he wanted to by my downloadable e-book but wouldn't use the card online. So he gave me the card over the phone (this person has never met me and doesn't know anything about me). I then called up the credit card processors web site and typed the card number into my browser. But it made him feel better.
Easiest way to steal credit card numbers is to get a job as a waiter in a restruant where the waiter takes the cards and goes to another area to run it through the machine. I understand that there are pocket devices that will allow the card to be inserted and will read and store the card number.
Another way, more difficult but easier than intercepting internet traffic, is to tap the voice phone lines going to companies that process telephone orders.
I use WorldPay and they provide a system designed for the exact situation above. They know it was a phone/fax/customer present order because you use that screen.
Why do people feel more secure phoning (taps possible) a customer service department (human theft) who types it into a machine (visual theft from other employees possible, but unlikely), which transmits it down a phone line (taps possible, but encrypted, like the internet), to store it on a computer at the other end (where humans have access to it and it is likely to be connected to the internet to facilitate internet purchasing).
The other alternative: Customer types in the number (visual theft possible - but not if you are alone!), down the internet (taps/hack possible), to a computer (hacking possible but unlikely, human access by employees possible).
I work that out to be 6 theft chances by phone against 4 theft chances by internet - reducing the theft by around 33%.
Also, think about how every place wants your mother's maiden name. Any employee at any of your credit card companies who knows your mother's maiden name then knows your "password" for ALL your accounts at other banks. It may be smart to use a different "mother's maiden name" for every place that wants it -- provided you have a way to remember the unique password you give to each company.