Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: buckworks
I feel that email like this should not be sent with sensitive information unless it's encrypted. It is now being sent without encryption. Am I correct? If so, I will make a change of provider on those sites.
How much risk does this represent?
Yes, it's still happening. I just found out, and have written to the company that does the processing. I'm also planning on posting to the crafters' email list to see if anyone else is experiencing this with other providers.
Just my 2 cents.
I've done enough research in encryption technology to know what it takes for a company to provide the right protection, but it's usually not something they promote very heavily. My guess is it's because the general public doesn't demand that much detail. That, and there's no need to go educating would-be hackers what method/software/etc. they use.
It all boils down to trust in the end. Trust is the cornerstone for all cc transactions anyway. It's where certificates to process are born from. Evaluate as much about the firm as you can and resolve to trust them until they give you a reason not to, I guess.
Having spent several decades in retail, I say AMEN to that. For years our credit card numbers have been lying around in hardcopy form in the backrooms of many, many businesses, accessible to a lot of employees. Stolen numbers from the web are relativley rare, I understand.
I went shopping at a large office superstore recently. When they swiped my card, the full number showed on the register's LCD display for a few seconds, which was facing parking lot window. With a good lens on a video camera, a thief could get a bunch of numbers very quickly by filming the register area from his car.
I complained to the manager, and was told no on else ever complained. Now that's a sign of trust -- blind faith actually.
Hacker posts 25,000 credit card numbers on web [usatoday.com] in extortion plot. (out of 55,000 stolen)
Other companies that have recently had credit card numbers obtained by hackers include:
CD Universe - about 300,000 credit card numbers
RealNames - 20,000 card numbers
Western Union- more than 15,000
"Private Payments enables American Express Cardmembers to use an instantly generated, limited life, transaction number instead of a Cardmember's actual Card number to make purchases online. American Express is able to match this transaction number to your registered American Express Card, so that all Private Payments purchases are recorded and billed directly to your actual American Express Card account."
Has anyone used this?
No but it sounds like at least a partial solution. I wonder how the cardholder goes about generating the unique transaction number at the time of purchase?
The RealNames one got me. No charges, but the bank made everyone get new accounts.
>limited amount of funds in it to use for internet purchases.
That's what I do for the business card I use with NetSol, etc. (Note: I do not believe business cards are protected by the $50 limit -you may have greater liability with them.)
As for my personal cards, I voluntarily change accounts every 2 years, just to break the trail of old info stored in databases.
AMX has a great system, I wholely back their plan (consumer confidence). Mastercard has just set a $0.00 dollar liability rate, good move (again read consumer confidence).
<rant>My problem is...who sides with the merchant. I have ranted on this before. "Non possension" chargebacks always make me cringe. However we have not had one since I secured some policies on orders(knock on wood).</rant>
We used to do it that way but not anymore. When we had the old cart it would work that way, but with he new cart they get a copy of the order with no credit card details, then they go and use the browser and secure server to view everything. Totally secure.
With the orderform, an e-mail is sent to me then I log on to the server and get the info (in it's encrypted form, decrypt it and process it). Everything we do now is extremely secure.
If there is anyone getting the complete info then I would like to know who they are and rectify it. I thought I got them all.
One option the cart has is to break the card into two E-Mails and send it that way. Believe it or not that is also secure because the chances of intercepting both E-Mails is basically impossible. I leave that on the cart with the secure option just for a choice. Also, when I send out
confirmations there is no part of the Credit Card numbers shown (I personally hand delete them) and if anyone tells otherwise then I would like to talk with them. Hope this helps.
Based, on this response, I guess it pays to double-check which shopping cart is being used and how it's configured.