Ask Slashdot: How Safe, Really, Is Paying For Things Online? 396
An anonymous reader writes:
Due to the rash of intrusions into electronic payment systems lately, I've decided to go back to paying cash for everyday purchases, groceries, fuel, and anything else I pay for in person (which also has the positive effect of making balacing my checkbook every month that much easier). The question I have is: For the monthly bills it's just not practical to pay in person (utilities, for instance), how safe are those?
Five minutes of research is telling me that mailing paper checks isn't any more secure than online electronic payments and in fact may be even less secure, but short of literally showing up at the electric company, phone company, ISP, and so on, and paying them cash in person, I can't see any other way to pay them. So how safe is it right now, honestly?
I'm always interested in how Slashdot readers secure their own personal finances -- but how high is the danger that a remote malefactor will hijack and then drain your bank account? Leave your best answers in the comments. How safe, really, is paying for things online?
Five minutes of research is telling me that mailing paper checks isn't any more secure than online electronic payments and in fact may be even less secure, but short of literally showing up at the electric company, phone company, ISP, and so on, and paying them cash in person, I can't see any other way to pay them. So how safe is it right now, honestly?
I'm always interested in how Slashdot readers secure their own personal finances -- but how high is the danger that a remote malefactor will hijack and then drain your bank account? Leave your best answers in the comments. How safe, really, is paying for things online?
old movie (Score:5, Funny)
Re:old movie (Score:5, Informative)
Been paying for stuff online since 1999, frequency of CC number changes is about the same pre and post... occasional bogus charge shows up, call the company, charge is reversed and we get new card numbers... no drama, minor hassle, way better than mailing checks.
Re: (Score:2, Informative)
I don't know why anybody in the US even cares about credit card theft at all. Unless you're with a downright crappy bank, you aren't liable for even one cent worth of fraudulent charges. You get people who fret over buying those ultimately useless contactless credit card shields and trying to go back to checks (seriously?) for nothing.
In the EU I could see avoiding it because they have no concept of zero fraud liability and the banks are allowed to stick it up your ass. But EU is so poor that restaurants ch
Re: (Score:2)
But EU is so poor that restaurants charge money for water
At least they don't fill the water jug from the broken toilet out back.
Seriously, how did you turn this discussion around to bashing the EU? Got an agenda going there?
Re: (Score:2, Interesting)
The law is fairly clear, the onus of credit card purchases is upon the person who accepts the card. It is their legal responsibility to ensure the person entitled to use the credit card is the person attempting to use the card. How this is done is pretty hairy fairy ie they pretend to check properly but it is nearly impossible to do, unless cards come with pictures and thumb prints and the those items are secured. Now as that security is pretty much hairy fairy make belief, the credit card companies came up
Re: (Score:2)
Re: old movie (Score:5, Interesting)
First many banks pay to open accounts so open an account at a bank that is paying those rewards, Every month simply transfer enough to pay your bills to your new PAY OUT ACCOUNTS. For example you can have an account just to pay your electric bill. Leave the required residual in the account so it is not closed. This way if the account is hijacked all you can lose is the electric bill payment. i also use PayPal a lot. So imagine that you set up ten accounts at banks offering sign on bonuses. Mine pay anywhere from $50 to $500 to open an account. Assuming your are all $50. reward accounts you will still quickly and easily earn $500 for a few minutes work. Meanwhile your funds earn interest in your regular account and you never, ever, pay bills from that account so you earn more interest. On most accounts with rewards you are free to change at the $90 day mark. So you can do this many times a year. Also you can earn referral fees for steering others to open accounts so work with a friend and refer each other frequently. Currently some people can actually earn a living simply opening and closing bank accounts.
Re: (Score:3)
" i also use PayPal a lot."
Ha! Hahahahaha! HAHAHAHAHAHAHAHA!
They're one of the worst. [paypalsucks.com]
Re: old movie (Score:4)
Re: (Score:3)
Paypal can suck a lot if you're the developer of a suddenly well-known game and receive too much money in a short time. It can suck if you're responsible for a charity whose goals don't fit Paypal's.
But for the average Joe (including myself), it's pretty much perfect, easy to use and free.
Re: (Score:2)
When you have a 30 year mortgage, you don't really need to care about your credit rating. A mortgage will bring a 500 back up to a 700 in 6 months
Re: (Score:2)
Paying for things online is perfectly safe. Any reversible transaction is safe for the payer.
Receiving payments online is much less safe. Transactions without effective non-repudiation offer risk for the seller.
Re: (Score:2)
Just use a credit card, set a low limit on the volume of outstanding transactions, and check the if the expenses listed are legit before you pay up. If not then report it.
Comment removed (Score:3)
Re: (Score:2)
It doesn't seem like many websites support this option, though.
Many banks offer credit card temp numbers (Score:4, Interesting)
ApplePay FTW. One-shot accounts work for me.
Nothing against ApplePay, I occasionally use it. However many banks allow you to create temporary account numbers linked to your real number. In addition to letting you set the max amount chargeable and expiration date for this number the number may also lock to the first vendor to charge it. So if that vendor gets hacked a second entity will be denied if they attempt to use the temporary number.
Re: (Score:3)
Re:Many banks offer credit card temp numbers (Score:5, Informative)
You can just use your nice high-def camera on your phone to capture someone's Apple Pay screen, say while you're behind them in line and they're getting ready to pay. Free access to ApplePay account with just a picture, no hacking required.
Without that person's specific hardware device (e.g. the iPhone whose screen you photographed), you're not going to be able to use that data you just captured.
Re: (Score:2)
its not (Score:2)
Not all that safe. But my credit card gives me a window to dispute charges, and a level of indirection I'm comfortable with.
How safe? (Score:2)
Wait a couple more decades when quantum computers will allow encryption to be broken in weeks. Then it will not be as safe.
Re:How safe? (Score:4, Insightful)
Your CC# has always been vulnerable at the endpoints, whether or not it gets trawled up with a million others in a hacking scheme is a much smaller risk.
Re: (Score:2)
Wait a couple more decades when quantum computers will allow encryption to be broken in weeks.
I'm sure by then the world will still rely on encryption that can be broken by quantum computers.
Re: (Score:2)
Not to mention my CC company seems to detect fraud attempts almost instantly.
Re: (Score:3)
Watch those change-in-term notices from your bank and CC provider. Recently mine reduced the standard of liability on debit card transactions. And online bill pay has less protection than the cards do... though supposedly they are limited as to how hard they can shaft you by Federal Reserve Regulation E. At least until the Fed gets seeded with cleptocrats.
I actually sacrificed a bunch of interest income to deactivate online banking, as it cannot be deactivated while keeping electronic statements, and you
Re: (Score:2)
Re: (Score:2)
Yeah, these are credit unions... the banks suck even worse.
Re:its not (Score:5, Interesting)
3. Cash for in-person transactions.
Unfortunately, I find that this is steadily becoming more of a hassle. I tried to pay for something with cash at Best Buy recently, and the poor young teller looked at me like I had just asked her what color her underwear was. Instead, I had to go to customer service to pay with cash like some kind of paleontology museum escapee... which was fine with me because the girl working at customer service was downright gorgeous. But next time when Bill the balding floor manager is on shift, then it's going to be an inconvenience.
Re:its not (Score:5, Informative)
Walking around with cash is statistically more dangerous than using credit cards for everything, in the same way that the most dangerous part of a flight is the drive to the airport.
Re:its not (Score:5, Insightful)
Re: (Score:2)
- Bob, how many donuts could we buy with $10 000?
- I don't know, around 300?
- Ooooohhhhhhh. Step away from your vehicle, sir!
Re: (Score:2)
Al I need is a picture of your ApplePay screen, in high-def, and your shit is now my shit.
Worst security ever. Can't even protect you from someone peeping over your fucking shoulder.
ad absudium (Score:5, Insightful)
Well, how safe is it to be walking around with a pocket full of cash? What if you get robbed? What if you drop your wallet? What if you go to the bank machine and it dispenses too few bills, but thinks it dispensed them all? What if you go to a teller to withdraw cash and watch them count it, but the bank gets robbed?
At least with credit card payments, there's a known and tested dispute process in place.
Getting robbed without cash isn't good... (Score:2)
But if you do get robbed, which to be fair is rare, having cash is usually a good thing as it makes the robber go away. Trying to explain to a robber that you don't have any money is not necessarily the best way to de-escalate and resolve the conflict
Re: (Score:2)
"Well, how safe is it to be walking around with a pocket full of cash?"
Pretty safe if you don't do stupid shit like go walking in the ghetto dressed up like you're the next Donald Trump.
Re: (Score:2)
offtopic
Unless you pay with cash for online purchases.
Nobody expects you to read TFA, but maybe TFS, or at least the HEADLINE:
"Ask Slashdot: How Safe, Really, Is Paying For Things Online?"
Re: (Score:2)
I use a credit card whenever I can but I always keep around ~$200 in my wallet. It won't break me if I lose it and it can cover small emergencies.
I only have ONE credit card now since the bank where I have both checking and savings accounts cancelled my other one because I never used it. Or rather hardly ever used it.
My remaining card information has been stolen a few times (never the physical card) and I've never been held liable for the fraudulent charges but I've sometimes only found out at the cash re
Re: (Score:2)
The answer is basically, yes.
The online stores are almost always to blame - usually using bad security practices or improperly storing the data.
Usually for the dodgier stores, I revert to using Paypal - once I started doing this, me number of times i had to change my card dropped from once a year to I haven't had to in the past 5. One year it was so bad
Re:ad absudium (Score:5, Insightful)
I'll put up a fight before I hand over anything, assuming anyone wants to try me.
I mean this in the kindest possible way, but your'e a damned fool.
I don't care how big you are, or that you have a knife (I carry a gun, myself), the risks involved in getting into a fight are far greater than the value of a few hundred bucks. If you lose the fight, it may be worth your life. Carrying a deadly weapon actually increases that risk in some ways. (Aside: If you carry a lethal weapon, I recommend carrying a less lethal weapon as well, such as OC spray; this is to provide you with an option that allows you to maintain some distance in the event the situation doesn't justify deadly force. You don't want to get into a wrestling mach while carrying a deadly weapon.)
But even if you win the fight, it may still cost you your life, not because you die but because you end up having to defend your actions in court, creating an incredibly stressful situation for yourself, likely destroying your savings, and possibly landing you in prison. Whether your use of deadly force to defend yourself is legal depends on a host of factors, some of them subtle and hard to judge in the heat of the moment, and that's assuming that the actual facts are provable and not something else entirely.
There's also a psychological risk. Killing someone, even if fully justified, seriously messes some people up. Unless you've killed someone before, you do not -- and cannot -- know how it will affect you.
I carry a gun. I'm a concealed weapons permit instructor, so I teach and certify other people to carry guns. I strongly believe in the importance and value of being armed. But if handing over some cash and my cell phone will end the encounter peacefully, I'll hand it over in a heartbeat. A few hundred bucks isn't worth my life. For that matter, it's not worth the life of the mugger, even if the fool is asking for it.
The only way my gun is coming out of concealment is if I have a real belief that my life, or the life of someone else, is at serious risk if I do not. I practice, and teach, a "balance of fears" decision making process, because in a potentially-violent encounter there isn't time to determine the details of justification of force. Instead, I assume that if I draw my gun (or knife; I usually have one of those, too), I will go to prison for it. So, I will only introduce deadly force if I believe that whatever will happen if I don't is worse than going to prison. This makes it fairly certain that I will only use deadly force when it is very easy to justify... and if through a quirk of the situation or the system I end up going to prison for it, well, I believed based on what I knew at the time that that was the better choice.
Clearly, I'm not willing to go to prison over a few hundred dollars, so there's no way I'm using deadly force if I'm pretty certain that just handing over the cash will end it.
Re:ad absudium (Score:5, Insightful)
I know this is totally off topic. But it is so fucking depressing that you feel that you need to carry a gun or a knife to be safe.
The risks to my person are so low where i live that the hassle factor of carrying a weapon (as in the picking it up part) far exceed any benefit.
Re: (Score:3)
I imagine the university I attend is a lot like many others. I've seen a few and it's pretty typical. On one side you have the dormitories, frat houses, apartments, and old houses that are often rented to students. On another side you have city offices, dentists, lawyers, churches, and other such things. On another side is the restaurants, bars, T-shirt shops, bookstores, and music shops.
Then there is the one side that faces the low rent housing, porn shops, light industrial shops, and so on. Every tow
Re:ad absudium (Score:5, Insightful)
I live in the most multicultural country in the world.
Risk has nothing to do with race.
Re: (Score:2)
... if handing over some cash and my cell phone will end the encounter peacefully, I'll hand it over in a heartbeat. A few hundred bucks isn't worth my life. ...
I do not completely agree. Look at those brave girls who run in parks in the morning or evening. They intrinsically carry what other people may want. Shall they also give up easily?
One of the most important weapon is mobility. One does not have to fight stupidly. But even most important are innovative tactics. It is very useful to read historical books about real battles of the past. For example, a Battle of the Trebia https://en.wikipedia.org/wiki/... [wikipedia.org] . Often battles were won not by gun or muscle power
Re: (Score:2)
Guns, no guns. This is usually a case of east coast liberals vs westerners. I am of the westerner type, and if .380 auto will take care of him. Dead, of course; less chance of having him tell
some black kid tries to hold me up with a knife, he's gonna find out real quick the meaning of "don't bring a
knife to a gun fight." My little
a different story. Trump 2020.
Re: (Score:2)
And yes, I carry both.
For that very reason.
... okay (Score:4, Insightful)
Most major utilities use bank lockboxes or if they are large enough... their own. Mail fraud in those instances is very, very low because typically the mail goes out in large automated trays to those addresses vs the one or two letters that you and I are used to getting.
But you ask... sometimes it's an ACH payment using the Billpay... well.. you're right, sometimes it is. However, life is all about risk. Personally, I find it riskier to carry cash on me and drive to 10 different places to pay bills than it is to just go online, have the bank cut a couple checks, and ride it out. I also do not use the bank debit card for anything other than ATM transactions and a few places that will accept debit, but not credit. Sure, let some kiddie get my credit card number and go to town... it takes a phone call and a "um, not me" and I've got a new card on the way with no liability.
Re: (Score:2)
The worst part was that I had to wait about ten days for a new card/number.
Re: (Score:2)
Yep, same thing that happened to me a few weeks ago. I was lucky that I had just a month before got a debit card from my retirement program (very respected non-profit firm) that I had put a few hundred on just in case I lost my wallet. It was nice to have another card for the week it took to get the new main card. I suggest checking to see if your retirement firm has something like that available. One other plus for me is that the retirement card is interest bearing, not much, but enough to not have to
False assumption (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
Many thefts used compromised readers during a regular in person transaction, though newer cards make this less likely.
Much MUCH less likely. Modern chip/NFC cards with modern readers do not provide anything to the reader which could be used to perform a subsequent payment without the card being inserted again.
Re: (Score:2)
No, not at all less likely. How many users know how many seconds it takes to perform a transaction? And what, precisely, prevents it from executing more than one simultaneously, on behalf of another card reader somewhere else?
Re: (Score:2)
Modern cards generate a cryptogram from several pieces of data, some of which the reader does not have access to, and some of which is unique to the transaction. It's cryptographically impossible for the reader to do another transaction that the issuer will approve, because it cannot generate a valid cryptogram.
Re: (Score:3)
FYI - https://www.rt.com/usa/354657-... [rt.com]
The presentation-slides you can find here:
https://www.blackhat.com/docs/... [blackhat.com]
Re: (Score:2)
Many thefts used compromised readers during a regular in person transaction, though newer cards make this less likely.
Much MUCH less likely. Modern chip/NFC cards with modern readers do not provide anything to the reader which could be used to perform a subsequent payment without the card being inserted again.
Good. That's why I always sign away a big tip when I get the receipt back from the waiter/waitress at those fancy restaurants. Since I have my card back I know they'll never be able to charge the tip.
Re: (Score:2)
Good. That's why I always sign away a big tip when I get the receipt back from the waiter/waitress at those fancy restaurants. Since I have my card back I know they'll never be able to charge the tip.
Sorry, but the card/reader interaction results in an approval of the charged amount. The tip is added later, when the day's batch of transactions are submitted for actual payment. I hope you didn't tip too much :p
Re:False assumption (Score:5, Insightful)
You only need to use electronic payments, such as a credit card, not necessarily online. Many thefts used compromised readers during a regular in person transaction, though newer cards make this less likely. Ultimately your retailer will typically store your payment information in a database, along with other personally identifying information. This is even more likely with over the phone purchases. Many companies store it in plain text while few properly hash/encrypt it.
The above isn't actually all that true; PCI requirements demand encryption at rest (encryption, not hashing, there's no point in hashing a credit card number). But let's assume that it's true.
Meh. I don't care.
By federal law, my liability for any fraud is limited to $50. In practice, no credit card issuer I've ever met in the US (and I used to do security consulting for credit card issuers, so I've met a lot of them) charges cardholders a penny. If you claim that a transaction is fraudulent, and they can't prove it wasn't, you won't pay a penny. If they're pretty sure you're the fraudster, they'll just cancel your card, and refuse to do business with you any more.
Credit card payment is the safest form of payment, online or in meatspace. Cash is the least safe form of payment.
Note that I'm talking about safety, not privacy. That's a separate issue, and on the privacy axis cash is king and credit cards are awful (though personal checks are significantly worse, assuming you can find someone still willing to accept one).
Note also that debit card transactions (when processed through the debit networks, not as credit cards) do not provide the same protections that credit cards do. Many banks do handle fraud similarly, but you need to get your bank's policy to know. With credit cards, the $50 liability limit is guaranteed by law.
Perhaps not Canadian? (Score:3)
Do What Cheap Folks Have Always Done (Score:2, Insightful)
No real answer. (Score:5, Informative)
I have several checking accounts, and I got tired of paying the check printing companies for... printing my checks. So I bought check stock cheap and I print my own. Apparently, the world has gone from magnetic ink to OCR, so I am home free. If I can print my own checks, so can anyone else print anything they want. I could easily print checks from any other business once I have their account number.
What reduces check fraud is enforcement. Or so I think.
Re: (Score:3)
Yes, but balances died a few elections back.
Wait, a check book? (Score:3)
You have a check book? You pay for checks? And you balance it? Like, on the little paper balance sheet that comes with the checks, with a pen? Why why why?
I pay for virtually everything with credit cards. Like, everything but food from the local taco truck and private purchases, like used cars or used furniture, etc. I certainly don't use a debit card tied to a bank account for online purchases.
The only thing I do online with my actual bank accounts is pay off my credit cards and my mortgage (they won't accept a credit card, but it's a bank, so I feel reasonably safe - and the account I pay it out of is used almost exclusively for that, and nearly always has a zero balance), and transfer money between banks.
If I want to know what's in my bank account, I check it online. I don't ever need to read statements, because I check all my accounts multiple times per month. And paper statements via snail mail? Please.
Now, I'd prefer to have a tokenizing credit account for online purchases with not-so-major vendors, where each payment uses a single-use or limited-use token, but I don't know if that exists in a convenient form. That's how mobile payments work, but that wouldn't currently work for online payments. I'm also not that worried about it, since credit cards do a nice job of protecting customers from fraud, and I've never had a CC number stolen.
And one last thing. If you pay with cash, you are subsidizing the rewards I get by paying with a credit card. Thanks :)
FREELOADER ALERT (Score:5, Funny)
The only thing I do online with my actual bank accounts is pay off my credit cards and my mortgage
How dare you! If everyone was doing like you, the credit card companies would make no money and we would still have to pay things with cash and debit cards, paying obscene transaction fees every time.
People who pay their credit card on time are the modern equivalent of the tragedy of the commons. Start carrying your weight today! Just pay the minimum and slowly build a mountain of debt. That's the American way.
Re: (Score:2)
Actually paying cash isn't subsidizing your rewards. Your rewards are paid by the merchant transaction fees business pay, data mining your purchases, and any fees for your card if your card has an annual fee.
If someone pays a business in cash, that means the business don't have to pay a transaction fee for the purchase, so it's a tiny bit more profit in the business' pocket.
Where do you think the money to pay those transaction fees comes from?
To be more correct, we are all subsidizing those rewards through the higher prices required to cover the transaction fees. People who pay cash don't get the benefit of those higher prices. Thanks :)
Also the reason gas stations these days tend to have different prices for cash and credit. This all started a few years back when gas exceeded $4 a gallon. Gas stations operate on very thin margins especially for the sale of the gas itself, they generally make all their profit from the stuff they still in their convenience stores. With those high gas prices, the average transaction fee increased since it is usually based on a percent of the sale. Now this is why you have gas stations charging a couple cents more per gallon for credit, and the practice has now stuck even though gas prices are now at more normal levels.
That's not true everywhere. For example, here. I rarely see gas stations charging a premium for credit purchases.
Chill (Score:4, Insightful)
There is risk in everything. Understand the type and extent of those risks. For example, you could get hit by a car while trying to pay a bill in person and die or end up in the with hospital with thousands of $$ in bills. Paying by check or online looks pretty safe by comparison.
Furthermore, paying with a credit card limits your risk to $50 for fraudulent charges - just check your statement every month. If you're really paranoid, get a Bank of America MasterCard. They have a feature called ShopSafe [bankofamerica.com] whereby you can create multiple virtual credit cards (linked to your real CC) for use online. You simple specify the amount and duration and new CC and CVV/CVC numbers are generated. As a bonus, only the first vendor to use a virtual card can use that card. You can bump the limit and/or expiration date and "delete" the virtual card at any time.
Re: (Score:2)
Bank of America MasterCard. They have a feature called ShopSafe [bankofamerica.com] whereby you can create multiple virtual credit cards (linked to your real CC) for use online. You simple specify the amount and duration and new CC and CVV/CVC numbers are generated. As a bonus, only the first vendor to use a virtual card can use that card. You can bump the limit and/or expiration date and "delete" the virtual card at any time.
That's what I was describing above. Almost perfect, except, "Please note that ShopSafe requires you to have Adobe Flash installed on your computer. Download Adobe Flash" :(
Re: (Score:2)
Money Order? (Score:3)
Does it matter? (Score:3)
Although somewhat snarky, the subject line sums up my opinion pretty succinctly: as an individual, does it really matter much?
If my credit card gets compromised, by law the most I'm liable for is $50 (and my bank's policy is that I have $0 liability for fraudulent charges). On the few occasions, when my card information has been misused, the transactions were reversed and a new card in my wallet within a day or two. All I had to do was fill out a form saying "I didn't make these charges.", sign it, and send it to the bank. A mild irritation, to be sure, but hardly a big deal. With chip cards now commonplace in the US, simple cloning of cards is less of an issue than it was.
Legally, I seem to recall that debit cards have somewhat less protection, but banks often extend their $0 liability policy to them as well, so long as you report it being lost or stolen within a reasonable time. Still, I dislike these since one is not merely disputing whether or not one owes money to the bank, but rather if one should get one's own money back.
As for bank transfers and the like, I'd like it if the US would add "push" transfers like European banks do, rather than the "payee pull" system it currently has. Still, my understanding is that one is still protected from unauthorized withdraws from one's bank account.
In short: I'm not terribly concerned about my financial information being abused by criminals, as the law and bank policies offer significant legal protections from fraudulent activity. Any such issues are a minor inconvenience. Of course, one should take reasonable precautions, but in general it's not a big deal. I'm a lot more concerned about criminals gaining access to difficult-to-change/cancel things like one's social security number, with which they could apply for new, unknown-to-you accounts in your name. That's much more of a hassle to resolve than simply having a credit card stolen or a bad guy making an unauthorized debit from one's account.
Re: (Score:2)
Safety, risk, and liability (Score:3)
My answer may not apply to people outside of the US. The rules vary.
The better question, with regard to going all cash, is how liable are you in the event of compromise?
Are online payment systems "safe" in the sense that they are unlikely to be compromised? No, not really.
But if they are compromised, so what? If you use a major credit card, and your number gets compromised, it's really not that big of a deal. Most all of the liability is on the merchant and the card issuer, not you. The worst case scenario I've dealt with is the card being inactive for a few days. If you stick to using credit online, no debit or ACH, this can pretty much be the worst you have to deal with.
This is one reason bitcoin and other digital currencies have difficulty going mainstream. Sure my hardware bitcoin wallet might be 100x more secure than my credit card, but if it gets compromised, I'm screwed. If my credit card gets compromised, I'm merely inconvenienced.
Rather than going to cash, I recommend people try to:
1) Keep at least two major credit cards open at all times with two different banks. Use one regularly, the other is a backup.
2) Avoid using debit or ACH, especially online.
3) Use a system like Mint so that you can easily monitor activity on your cards. If you see any activity that isn't you, be proactive.
4) Use a service like PayPal whenever possible. A lot of my bills are paid via PayPal. If a card is compromised, expired, whatever, I only have to update one place. Plus it gives me yet another entity to share liability in the event of fraud.
If you do these things, you're liable for virtually nothing, and the security of your payments is less of a concern. Let the credit card companies deal with it.
Re: (Score:2)
This is one reason bitcoin and other digital currencies have difficulty going mainstream. Sure my hardware bitcoin wallet might be 100x more secure than my credit card, but if it gets compromised, I'm screwed. If my credit card gets compromised, I'm merely inconvenienced.
The thing with that though is that bitcoin just is not vulnerable at all like credit cards. There is no way someone can copy down the details you gave someone else legitimately to make a payment and just start using them to charge up things on your account.
Re: (Score:2)
Oh I agree, like I said, 100 time more, maybe it's 10,000x more. The exact amount isn't the point. The point is that the question should be "which option is most likely to cause me the least grief?" The answer to that question isn't necessarily "which is the least vulnerable to remote gremlins being bad?" The original question is too focused on that. Your payment system may get compromised ten times, but not cost you a dime. Your Bitcoin or your cash getting compromised once, will most certainly cost you mo
My debit card got around... (Score:4, Interesting)
Re: (Score:2, Funny)
A teenager in London got a hold off my debit card number, ordered makeup and bling
I'm sure that's what you told your mom when she saw your bank statement, but you're not fooling anyone. It's 2017, just assume your crossdressing kink, nobody will judge you for that.
Reducing Online Transaction Risk (Score:2, Informative)
Limit your financial and inconvenience exposure by
(1) Closing inactive (i.e., unused 6months) accounts
(2) Initiating a freeze on new credit applications or existing credit reporting
(3) Request a Personal Identification Number (PIN) from the IRS to prevent bad guys from filing a fraudulent tax return in your name
(4) Request your bank to limit the amount of money which can be withdrawn electronically from checking and savings accounts
(5) Don't use debit cards for electronic transactions
(6) Always challenge o
Re: (Score:3)
Limit your financial and inconvenience exposure by
(1) Closing inactive (i.e., unused 6months) accounts
(2) Initiating a freeze on new credit applications or existing credit reporting
(3) Request a Personal Identification Number (PIN) from the IRS to prevent bad guys from filing a fraudulent tax return in your name
(4) Request your bank to limit the amount of money which can be withdrawn electronically from checking and savings accounts
(5) Don't use debit cards for electronic transactions
(6) Always challenge organizations which request your SSN when establishing an account
(7) Immediately validate/reconcile your financial statements/transaction reports
(8) Use challenge questions with responses that few, if anyone, would know the answer
(9) Take advantage of online businesses which give you the opportunity to receive a separate code on your smart phone, to complete a transaction
(10) Never respond to an initial online request to provide your identifiers or authenticators
I don't think you understand what "limiting inconvenience" really means.
You can always call the credit card issuer (Score:2)
and get a one time number to use for any specific transaction.
In America very (Score:2)
Credit YES ------ Debit NO (Score:2)
Depends on the type of payment. My solution: (Score:2)
Don't give your bank account number to anyone to withdraw from directly, online or off. (That includes paypal)
Instead - use your BANK'S billpay service (almost all banks and CU's offer one), where you enter your bill account number on your bank's service, and then tetll your bank to send payment(s) in the amount you specify on the date you specify, and the biller (nor anyone that hacks their database) never has access to withdraw money from you.
For services that want a credit card and won't bill you, either
Don't worry, but give your card to the fewest merc (Score:2)
Mostly I just don't worry. If there's fraud I won't be liable for anything significant. That said, I also don't want the hassle of replacing cards because somebody's customer database was compromised. So whenever possible I use payment options that don't result in my card info being on file with yet another third party. PayPal, Apple Pay, buying via a marketplace like Amazon, etc. Each time I can pay with one of those methods, it's one less opportunity for my card info to leak out.
Credit cards are pretty safe (Score:2)
I've never had a problem with credit cards used for online payments. Sure, they'll get compromised, but half the times my cards were compromised it was through brick-and-mortar merchants whose point-of-sale systems were compromised so online use doesn't look to be any more risky that in-person use. Just make sure to check the charges daily (I use a finance program that automatically downloads new charges every morning, plus it gives an alert on the first charge by a new merchant which is convenient). Consum
I use electronic payments (Score:2)
I use my bank's bill pay system for everything except for two fossil payees to whom I have to mail checks, like we did in the 1900s. These are the ones I have trouble with, because an average of once a year the checks just never get there, even though one is a block away from me.
This is one area where the Europeans do it better: make everybody use their equivalent to the bank transfer system.
reality check needed (Score:2)
Avoid using checking account info online (Score:2)
While nothing is 100% safe online, paying online is much more dangerous for users that aren't smart with their computer before they ever go to buy something.
With that said, I'd avoid using checking account numbers for online purchases. It is riskier than credit or debit cards because all someone has to do is credit an ACH payment against your routing and account number and the money is withdrawn and gone. At best, you only lose a few hours of your life and deal with the following:
You have to contact your ba
Re: (Score:2)
"all someone has to do is credit an ACH payment against your routing and account number and the money is withdrawn and gone."
In the US at least, your routing and account number are printed on the bottom left of every physical check you write in those odd, but quite human readable, MICR characters. Doesn't give one a warm fuzzy feeling. OTOH, I've never had any problem with ACH based raids on my bank account and have never heard of anyone who has.
I'm not a Luddite (Score:2)
I never carry cash anymore. I pay-tap everywhere. As to CC transactions, that's payment of last resort. All my bills are paid by direct debit. Not in my list? I get an SMS needed to add. Other transactions, via PayPal if available. Approved by, wait for it, SMS code. Last resort, CC details. They've been hijacked twice, each time reversed withing 18 hours. Get with the times.
One-time use credit card systems (Score:2)
Way back when I started using MBNA's ShopSafe system for online purchases. BankAmerica bought them and implemented their technology.
ShopSafe allows you to generate a temporary credit card number that is good from 2 - 12 months, with whatever dollar amount you wish (up to your credit line limit).
I have a BofA CC that I use exclusively for Internet purchases. The physical card itself is stored in my safe and has never had that account number used, other than the generated ShopSafe numbers.
I've never had a f
Separate account and card (Score:2)
.
Easy fix, worked ever since:
Setup a separate account at the bank for online stuff, in my case, with a debit card. Don't keep any real amount of money in the account. Just before clicking the final "check out" or "place my order", log into the bank and transfer just the right amount into the online account.
That account normally only has a small amount of money in it - $20-$50, which is all t
I try to pay bills by phone with credit card (Score:2)
I may be one of the few but I started doing that when the check-printing software I used to use started sucking.
Either I couldn't find the original install media or that version didn't work on a newer version of Windows, I can't remember. I got their upgraded software but it absolutely sucked if it worked at all. Besides printing your own checks isn't really worth the hassle anyway. My printer has been out of ink for several years now.
I could pay most of my bills by phone and with a credit card but fir
Euro Experience (Score:3)
Euro-peon here (Ireland). I use a debit card linked to my current (checking) account for small purchases, and a credit card for online and larger purchases, which I can usually pay off every month unless it's very large. The debit card is touch-enabled, which has some security features built in. Touch purchases are limited to €30 and after three of those you'll be asked to insert the card and enter the PIN - so if the touch system is compromised there's a "stop" on that. As far as I can tell those touch purchases are authorised without checking your current balance, and might not hit your account until days later.
I have heard of "walk-by" attacks on touch cards here - e.g. one lady I know had €11 taken off her card that was apparently billed to a pay email service on an ISP in New Zealand. Small, one-off charges that the payee might not even notice if they are a heavy user of that card. There are things you can do to avoid that, such as not keeping the card on you in an obvious place such as handbag or back pocket. Or tin foil.
Monthly fee (Score:2)
I keep a second checking account with debit card. I keep $20 in it normally
How much does the bank withdraw to cover the monthly fee for having a second checking account? If nothing, how did you qualify for free checking?
Re: (Score:2)
Re: (Score:2)
Seriously why would you use your main checking and savings account for online purchases?
Cons:
- You pay more banking fees
- You have less protection against bad purchases and scams
- You don't get cashback or other forms of rewards
- You can't get detailed spending trends on mint.com and use it to optimize your budget
Pros:
- There's a rush of intrusions into electronic payment systems (whatever that means)
- Mastercard can tell you spent $26 on toilet paper and USB sticks and they use that information to do evil things like ad campaigns for toilet paper and USB sticks
I'm still on the fence.
Re: (Score:2)
For store/online purchases, I've never had any trouble using credit cards. I always try Apple Pay first, because if the merchant has it it's more secure. Many merchants don't even know that it's enabled on their new chip card terminals, so don't look for the logo before trying it.
Re: (Score:2)
- There's a rush of intrusions into electronic payment systems
So who would you want to expose checking or savings information to the same potential risks?
- Mastercard can tell you spent $26 on toilet paper and USB sticks and they use that information to do evil things like ad campaigns
Your bank can do that too if you write a check, because, information sharing....
Re:PayPal when possible. (Score:4, Informative)
Make that WHEN someone hacks them. Which will almost certainly happen sooner or later. If it's a broad breach instead of just a few accounts, it's a safe bet that in the US neither PayPal nor your money will be anywhere to be found. In the EU where PayPal is subject to banking laws, you may have recourse. Not so in the US where PayPal operates as an unregulated bank. (Why would any sane person give an unregulated bank access to their money?)
Re: (Score:2)
I much prefer getting a one time CC number, over giving a third party control over my banking. CC company and bank are basically second party, so no idiocy from the peanut gallery.
No fees, above the CC merchant fee, which is priced in regardless of whether you pay cash, CC, or third party extra fee.
The safety factor boils down to a race condition, but your personal info is just as vulnerable as with a direct CC number. PayPal just centralizes the attack surface.
Re: (Score:2)
That's quite an AT&T vs Verizon situation.
It's a shame some industries like this got a quite bad duopoly.