I bought something on-line the other day and my wife scolded me about using my credit card to make the transaction. She was probably right, but it got me thinking - what is really safe these days? Is PayPal the way to go? Should I use a pre-paid credit card? How do you protect yourself from internet crime? Is there a single best way to minimize the chances of identity theft and credit issues?

I've bought and continue to buy many things over the net. It is primarily how I do most of my shopping, as I am 3 hours from most of the "big city" conveniences. I have done this for the past 6 or 7 years. Sometimes I use Paypal, sometimes I don't. The only time my wife and I have had our credit card information stolen was using it at a gas station. Ironically, the only place we were using the card at the time was in rural Northern Saskatchewan. Go figure. You could very likely drop your credit card on the street aound these parts, and the person that finds your card would track you down and return the card. (I would however, not recommend you try that!)

The only thing I would say, is make sure the site you are giving your credit card information to is encrypted, and keep your antivirus software current. Unfortunately, I believe that if someone wants your information badly enough, they will get it, no matter what precautions you take.

I have to admit, I have no idea what people are even worried about. If someone fraudulently uses your credit card, it costs you nothing. You aren't liable for any of it. So don't worry about it.

Is that really true for all credit cards Dan? My brother had his account hacked or card number stolen or whatever they did and they maxed out his card while he was travelling in Europe and he was stuck without money for several days while they worked on figuring out if he was conning them somehow. We sent him cash somehow so he could keep travelling. The hassle was huge. Maybe I worry too much.

Almost all sites that ask for your credit card number are "secure" sites (https). It's been a while, but as I remember it, the server and your computer have a way of securely exchanging encryption keys, and then the rest of the transaction is encrypted. I've never heard of a credit card number being compromised during the exchange - they're always compromised by someone breaking into the server data base. If they don't keep your credit card info that avenue is not available.

Mike

I'm sure it would be true for all credit cards. In our instance they made several thousand dollars in purchases, and the credit card company reversed all the charges. It did take a week or so to sort it out. The card was cancelled immediately, and we had to look through the statement to see which purchases were authorized and had to sign a whole bunch of papers. It was an inconvienence for sure, and did put the credit card out of commission for a few weeks, until the new card arrived in the mail. But Dan is right, it isn't really anything to get overly concerned about....

If your wife is worried about the Internet I sure as heck wouldn't EVER use your card anywhere where you let someone else touch it! Especially at a restaurant.

If your wife is worried about the Internet I sure as heck wouldn't EVER use your card anywhere where you let someone else touch it! Especially at a restaurant.

Somebody stealing your personal data via a keylogger or other nefarious means makes a great sensationlist movie plot/media story. Some minimum wage earner scanning your card twice -- once on the store's terminal, once on his/her own device then selling the output of his/her personal reader -- is more likely. Or a phishing attempt -- " we need to confirm your account details. Please enter your credit card information in the form below" :rolleyes:. There was case recently, I think in center city Philly where some people replaced the card reader on an ATM machine with their own card skimmer. They then installed a tiny camera above the keypad area. The bogus card reader read the account information and the camera recorded the PIN number. I don't think the ATM machine dispensed cash while the illegal reader was in place.

I don't know if it's been used 'in the wild' yet but the encryption method most commonly used on the internet has been compromised by researchers.
http://www.pcworld.com/businesscenter/article/240933/hackers_crack_internet_encryption_should_you_be_wo rried.html
This still requires installing a piece of code on the unsuspecting user's browser it appears.

This still requires installing a piece of code on the unsuspecting user's browser it appears.

And if they are going to do that they might as well just capture what they want any other number of ways.

If your wife is worried about the Internet I sure as heck wouldn't EVER use your card anywhere where you let someone else touch it! Especially at a restaurant.

yep, that was lesson learned for me the hard way. When I was younger and more naive about these things, I opened a bar tab where they held the card. I didn't even think about it.. About 2 weeks later, someone in California tried charging $1000 on a web site. That's when I learned all about fraud detection by the card companies. They blocked the transaction and notified me, but there were 4 other smaller transactions that were eventually fully refunded after a fraud investigation.

Our card number was jacked 2 weeks before Xmas. They racked up more than $10k. The card company gave us a new number, and deleted the charges. It was taken at a gas station.

We purchase over the net all the time, and never had a problem. We use Paypal whenever possible. It's another layer of protection.
Be sure it's a reputable company you're doing business with.

I think if you stick with well know sites like Sears, Amazon, Lee Valley etc... you have a much higher chance of being ok. I see things on the web that may be cheaper but don't buy because I am not familiar with the site . Just way too easy for someone to put up a false website to collect information.

We've had three occasions on which our credit card number was compromised - though only once was it actually used. In that case it was at a brick-and-mortar store in which the employee (presumably) copied the number. In the second case it was the notorious break-in at the TJX database in which many thousands of numbers were stolen by hackers due to lax security. This was from using the card at their stores, not from internet! And in the third case some idiot at the Boston Globe printed out a dump of their credit card database, threw it into recycling, and someone else picked it up and used it for packing around the delivered newspapers:eek:. When we order online, we stick to reputable vendors and have never had an issue.

When we order online, we stick to reputable vendors and have never had an issue.
Bingo! I don’t enjoy trudging through stores so I do most of my shopping online. My #1 rule is to use only reputable vendors. I do a lot of shopping through Amazon.com and I try to use the SMC “SHOP” portal at the top of the page to help keep the lights on here:
http://www.sawmillcreek.org/amazon.php (http://www.sawmillcreek.org/amazon.php)

Just to pile on what the other folks have said, I've got no issues with internet transactions. It's the skimming, etc, that occurs in restaurants that I'd be worried about.

I have had fraudulent charges probably twice on my credit cards in 17 years, and in both cases, I was responsible for $zero when the dust settled (despite the fact that the cards could've put me on the hook for $50 at the time, don't know if that's still true).

The only way you should take legitimate scolding from your wife is if you used a debit card to make payments. There's no good reason to use a debit card for anything other than withdrawing money from an ATM.

I have owned an internet business for over 10 years and have never had a problem receiving credit card numbers. Probably a third of the customers choose to go through Paypal and two-thirds pay direct with a credit card. I have also made 100's of purchases over the internet and never had a problem. From the previous posts and my own experience, it seems like your wife is correct in that a credit card can be compromised, but she is looking in the wrong area! :)

I do a few things that IMO help mitigate risk:

1) Always use a credit card whenever possible. The CC companies will aggressively track down fraud and -can- recoup or refund some of the money. With Paypal you can get screwed because your transaction is with Paypal, not the vendor. Your CC company will not be able to go after the vendor because as far as they are concerned it was a valid transaction (to paypal). I've also had enough bad experiences with PP that I will not link my account information with them.
2) Sign up for Mint (free) & link in your credit cards. I have it text me anytime a purchase is made over $10. Many banks / cards offer this feature as well.
3) Keep a low credit limit on your card. If disaster occurs how bad will it hurt to have to pay the entire thing? The banks want a high limit on your card so you spend too much and have to start paying interest to them.

Buying on line with your CC is far safer than a lot of other CC transaction you might make, take a restaurant for example how easy would it be for someone there to copy it? I bet the OP's wife has done that many times over.

If you get a CC charge that you did not make you do not have to pay it. Your CC company will reverse the charges and make the merchant prove you made the purchase.

Many on line retailers now have CC transactions set up so that their employees never see or have access to your actual CC information.

I have been selling on line for 9 years.

I think you have better protection using your CC than with a PayPal transaction. My CC companies can not access my bank account!!

One more comment:
Paypal used to be a great option for small businesses to accept $$$ because you didn't get eaten alive by CC transaction fees. With the advent of Square-Up (https://squareup.com/) and other cheap CC processing methods I've stopped accepting Paypal.

3) Keep a low credit limit on your card. If disaster occurs how bad will it hurt to have to pay the entire thing? The banks want a high limit on your card so you spend too much and have to start paying interest to them.

The first two ideas were good, but this is not. If you didn't authorize a charge on your credit card, you aren't liable for it. Period. There is no "disaster" which would cause it to be your problem.

A low credit limit will hurt your credit score, too, unless something has changed with credit scores.

I have to admit, I have no idea what people are even worried about. If someone fraudulently uses your credit card, it costs you nothing. You aren't liable for any of it. So don't worry about it.

I couldn’t find any statistics for 2011, but it’s estimated that the 2010 cost to consumers for credit card fraud was $8,600,000,000*. Not exactly what I’d call nothing.

This reminds me of the "Identity Theft Seminar" sponsored by my local PNC bank. After numerous comments by bank personnel to not worry about it; "The bank will reimburse you for fraudulent transactions"; I asked the audience: "And where do you suppose the bank gets the money to pay for this—from every one of us through higher fees and interest rates." After that we didn’t have to listen to any more ridiculous comments that fraud is free.

Pat. I use a service provided by my credit card company called ShopSafe:
ShopSafe® is a free credit card fraud protection service that allows you to create a temporary card number each time you make an online purchase. This number links directly to your real credit card account number but keeps your card number completely private and protected. The ShopSafe number is used just like any other credit card—a merchant never knows it's not your real credit card.

*Credit Sesame

Dave, Whats wrong with using debit cards. I use mine ALL THE TIME. I do use it in credit mode, not debit mode, so I usually have to sign for the purchase. That has to be OK, right? I mean, I would never punch in my PIN number.

I couldn’t find any statistics for 2011, but it’s estimated that the 2010 cost to consumers for credit card fraud was $8,600,000,000*. Not exactly what I’d call nothing.


Sure, but it won't personally cost you, say, thousands of dollars.

I think services like ShopSafe are specious, at best. It costs the company money to set up such a service, maintain it, etc - that cost is absorbed in exactly the same manner that fraudulent charges are absorbed. So unless they're preventing more loss in fraud than the cost of the service, it's actually *worse*. More to the point - as a consumer, why are you bothering? The amount you, personally, can reduce fraud is so insignificant, that you're essentially expending some effort to get absolutely nothing in return.

Pat, why would you use a debit card rather than a credit card? There are numerous reasons that a real credit card is better:
1) The money isn't immediately withdrawn - you can pay 30 days later, letting your money earn interest in your bank account longer
2) With a rewards card, you can likely get 1% or more cash back by using a credit card
3) Most credit cards offer additional services (such as a doubling of a factory warranty on anything you buy with it)
4) Federal regulation of credit cards is much different than for debit/check cards - consumer protections are much stronger with credit cards. Specifically, you aren't liable for any fraudulent activity on a credit card, you have the right to not pay for any items (including interest) on any charge you dispute, etc.

I am going to have to discuss this with my bank. The biggest reason for using the debit card for purchases is so as not to go further in debt.

We've had three occasions on which our credit card number was compromised … And in the third case some idiot at the Boston Globe printed out a dump of their credit card database, threw it into recycling, and someone else picked it up and used it for packing around the delivered newspapers.

It never ceases to amaze me how a few clueless people can bring on an avalanche of tribulations.

I have worked in the aftermath of such people.

jtk

I am going to have to discuss this with my bank. The biggest reason for using the debit card for purchases is so as not to go further in debt.

Then adopt the mentality that it's an bill you must pay every month. Track spending on the web so you know what you are spending just like you would track your checking account.

I couldn’t find any statistics for 2011, but it’s estimated that the 2010 cost to consumers for credit card fraud was $8,600,000,000*. Not exactly what I’d call nothing.

This reminds me of the "Identity Theft Seminar" sponsored by my local PNC bank. After numerous comments by bank personnel to not worry about it; "The bank will reimburse you for fraudulent transactions"; I asked the audience: "And where do you suppose the bank gets the money to pay for this—from every one of us through higher fees and interest rates." After that we didn’t have to listen to any more ridiculous comments that fraud is free.

Pat. I use a service provided by my credit card company called ShopSafe:
ShopSafe® is a free credit card fraud protection service that allows you to create a temporary card number each time you make an online purchase. This number links directly to your real credit card account number but keeps your card number completely private and protected. The ShopSafe number is used just like any other credit card—a merchant never knows it's not your real credit card.

*Credit Sesame

I suspect you're no longer on PNCs christmas card list :D