EdV
07-09-2009, 02:54 PM
For those of you who have embraced on-line shopping for its convenience, ability to locate hard to find items, and sometimes significant savings, let me tell you about a serious problem that exists even with well known on-line retailers. It doesn’t involve Nigerian scams, hijacked web sites, spoofed Internet addresses, the Russian mafia, or any sophisticated high tech scheme. It’s simple data theft.
Most of you are aware of that 3 or 4 digit ‘security’ code on the back of your card that you have to enter for on-line purchases over the phone purchases. The technical term for this is the “card not present’ number which needs to be entered when the merchant does not have your card to scan into a card scanner. This is supposed to provide a level of proof that you actually have the card in hand. And there is a restriction imposed by the credit card companies that states that the merchant is not supposed to store that number with your credit card number on their computer systems. But guess what? A lot of companies ignore that restriction and store that information anyway.
So that secure information is being stored on thousands of merchant computers for perhaps millions of customers. And do you have any idea how easy it is for an employee of one of those merchants to copy that data containing perhaps ten thousand customer records onto a 2 inch long usb thumb drive in less time than a coffee break. That’s what the well publicized TJMax credit card theft was all about.
How then can one prevent this from happening in the first place. You can use what’s called a one-time-use credit card system. And the one I’ve been using is ShopSafe with my Bank of America Visa card. Now whenever I’m about to enter my credit card number for an on-line purchase, I log into the ShopSafe server and enter the dollar amount of the purchase and up pops an image of my credit card with a unique card number that has a default two month expiration date and a secure 3 digit number. I enter that information into the on-line order and a soon as the transaction completes, that number automatically expires forever and can never be used again. And these charges appear on my credit like any other charges. The merchant never knows the real credit card number.
The on-time-use numbers can also be used for recurring charges. Have you ever signed up for a monthly service with your credit card and later cancelled the service only to find the recurring charges continuing to be billed to your credit card. With a recurring ShopSafe number, you tell the system the total number of charges and the maximum amount of each charge, and you can adjust the limits at any time to extend it. Then if I decide to cancel the service, I first cancel the recurring number and then I contact the vendor to cancel the service.
Another problem that one-time-use credit cards solves is the hidden renewal charge that some unscrupulous vendors use. A couple of years ago, I used a regular credit card to purchase Spyware Doctor anti-spyware software. A year later, even though I had stopped using the software, a charge for an annual update of the software appeared on my credit card statement. And even after disputing the charge, I wasn’t given a credit. Never again.
If you are interested in getting this type of service (and I highly recommend that you consider it) you can Google “one time use credit card”. Also, here are a couple of direct links to the ones I know of:
Bank of America ShpeSafe information (http://www.bankofamerica.com/privacy/index.cfm?template=learn_about_shopsafe)
Citi-Bank Virtual Account Numbers (https://www.citicards.com/cards/wv/swf/flash_test.html)
Most of you are aware of that 3 or 4 digit ‘security’ code on the back of your card that you have to enter for on-line purchases over the phone purchases. The technical term for this is the “card not present’ number which needs to be entered when the merchant does not have your card to scan into a card scanner. This is supposed to provide a level of proof that you actually have the card in hand. And there is a restriction imposed by the credit card companies that states that the merchant is not supposed to store that number with your credit card number on their computer systems. But guess what? A lot of companies ignore that restriction and store that information anyway.
So that secure information is being stored on thousands of merchant computers for perhaps millions of customers. And do you have any idea how easy it is for an employee of one of those merchants to copy that data containing perhaps ten thousand customer records onto a 2 inch long usb thumb drive in less time than a coffee break. That’s what the well publicized TJMax credit card theft was all about.
How then can one prevent this from happening in the first place. You can use what’s called a one-time-use credit card system. And the one I’ve been using is ShopSafe with my Bank of America Visa card. Now whenever I’m about to enter my credit card number for an on-line purchase, I log into the ShopSafe server and enter the dollar amount of the purchase and up pops an image of my credit card with a unique card number that has a default two month expiration date and a secure 3 digit number. I enter that information into the on-line order and a soon as the transaction completes, that number automatically expires forever and can never be used again. And these charges appear on my credit like any other charges. The merchant never knows the real credit card number.
The on-time-use numbers can also be used for recurring charges. Have you ever signed up for a monthly service with your credit card and later cancelled the service only to find the recurring charges continuing to be billed to your credit card. With a recurring ShopSafe number, you tell the system the total number of charges and the maximum amount of each charge, and you can adjust the limits at any time to extend it. Then if I decide to cancel the service, I first cancel the recurring number and then I contact the vendor to cancel the service.
Another problem that one-time-use credit cards solves is the hidden renewal charge that some unscrupulous vendors use. A couple of years ago, I used a regular credit card to purchase Spyware Doctor anti-spyware software. A year later, even though I had stopped using the software, a charge for an annual update of the software appeared on my credit card statement. And even after disputing the charge, I wasn’t given a credit. Never again.
If you are interested in getting this type of service (and I highly recommend that you consider it) you can Google “one time use credit card”. Also, here are a couple of direct links to the ones I know of:
Bank of America ShpeSafe information (http://www.bankofamerica.com/privacy/index.cfm?template=learn_about_shopsafe)
Citi-Bank Virtual Account Numbers (https://www.citicards.com/cards/wv/swf/flash_test.html)