General discussion

Locked

Credit card security.

By Melar ·
Being a software development house dedicated to residence management systems for university housing, one of the questions that has come from customers recently is "how can we make credit card information more secure?"

With the recent spate of credit card fraud/theft, this has become a hot topic.

I'm interested in what sort of solutions are being used in other areas to keep this kind of information safe.

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

One Use Credit Cards

by tagmarkman In reply to Credit card security.

Here is one way:
http://www.newstarget.com/005014.html
http://archives.cnn.com/2000/TECH/computing/09/08/online.payments.ap/
http://channels.lockergnome.com/windows/archives/20041208_whats_a_onetime_use_credit_card.phtml

Collapse -

My job...

by Frenchwood In reply to Credit card security.

I work for a very reputable credit card company, and looking at the systems we use, it is hard to see how fraudsters manage to get through.

We use many fraud detection systems to monitor customer spending, and these can detect fraud instantly, and block transactions.

Saying this, i can see obvious leaks in some industry standard systems, this is not due to bad programming by any extent, but more to the technology that fraudsters are now using.

I guess in short, what i am trying to say is:

As fraud detection systems get better, so do the fraudsters. If someone really wants to put in the effort to commit fraud, then they will find a way.

Collapse -

news report on how it happens

by gralfus In reply to My job...

http://www.kptv.com/Global/story.asp?S=3559070

Sometimes the clerks don't even check for ID. However, almost all the places we frequent do check, even the ice cream shop.

What I'm curious about is why credit card companies are so hot to give out cards that fraudsters can steal info from a garbage can and open new cards. They really need better ways to verify who is contacting them besides having the SSN or another credit card number.

Collapse -

I agree

by tagmarkman In reply to My job...

I have found the most common ways people commit fraud is through very simplistic methods. It used to be as simple as finding a carbon copy slip in the garbage or a clerk simply collecting the numbers and reselling it.

But as criminals get more technically adept it becomes harder to protect. But using old style methods with technology is especially dangerous. For example, putting up a fake site and either selling or using credit card for verification put a lot of cards at risk. But simple stealing of tape backups can get a lot of numbers very quickly. The ways are simply endless.

Using ID to check a credit card I have found to simply be a joke. It rarely is checked but what is the point of checking ID when someone can simply order it online (aside from the address bit :) )

The point I'm trying to make is this... I agree with CTS C1... Do as much as you can to secure the card but if someone really wants to commit fraud... they can. This is why i'm always on top of my credit cards and credit history.

Collapse -

I agree with tagmarkman, but also...

by TomSal In reply to I agree

Physical security of credit cards I think is at least more solvable (preventable) than what I think is the greater threat -- over the phone/over the Internet transactions...in other words where you remove the physical person to person interaction.

After all you can help solve the physical aspect with biometrics -- who knows maybe in the future they can go so far as some kind of DNA check -- you match up the DNA information that is somehow stored on the credit card when the account is opened..then at the register to do a DNA check against the credit card the proper cardholder needs to slide their thumb or some other finger, whatever over some "super sensitive" sensor that can read the DNA from the the person's skin. (or perhaps you'd put the back of your hand on the sensor and it would get the DNA from the little hairs on your hand).

Now of course folks will say well that is still not fool proof -- someone could just get a hair from your coat, your gloves, a hat, etc.

Yeah but then you'd be able to call the clerk at the register the one responsible for the fraud (Um..dude why did you let someone use my card when you know they specifically said "oh wait for verification scan this specific hair strand").

Now the other hand with the online stuff...you'll always have fraud issues..because how do you stop that stuff? I mean even if you did the DNA idea in an e-commerce solution (you'd have a special scanner hooked up to your computer) now though there is no clerk involved in seeing that you "stole the owner's hair sample" and are using that for the DNA verification part.

As long as vendors want to have a constant 24/7/365 BUY NOW BUY NOW BUY NOW attitude online...no company will ever stop using credit cards online or approve anything that makes it a hassle for people to use them online (scaring away revenue).

As for self managament issues..yep...agreed most people don't manage their credit cards or personal finances for crap. Which if you think about it is quite amazing...people will put time in organizing their 500+ CD collection by order of artist/genre and year...but they don't put the effort in what affects their financial security and prosperity.

Collapse -

one check

by Dr Dij In reply to I agree

they have is the 3 digit code on back.
you need to have that code to order at many online places, and is not part of credit card#.

One solution related to one-use cards is a credit card where you need to supply the vendor with an authorization to use code. That code is good ONLY for a specific $ amount and possibly small range of days. So if you try any other amount than authorized for the transaction, it will not go thru. This requires a chip built into credit card to create this#.

This would help prevent scam sites like 6ave.com, infinitiphoto.com, etc that send a few goods out but quite often change the shipping and/or the product price without asking.

And the date thing might help with sites like overstock.com that are lie about shipping dates and availability like many online sites (see reviews on resellerratings.com; type in the website before you buy online to see some of this).

Collapse -

Common

by tagmarkman In reply to one check

The 3 digit code is also often stolen in online fraud sites. When Phone cards first came out people would call the phone number say that they were from xyz phone company and that they needed "proof" of whatever to keep their card open. The scammer would specifically tell them "do not tell me the whole card number, we only need verification of the last 4 digits." Many people immediately felt comforted that this must be ligitamate because they only want a portion of the number. The kicker was the the first 10 digits was their phone number, they only needed the last 4 digits to make it complete.

They do the same thing with credit cards. Gather information from disparate sources and fill in the blanks with the 3 digit code. Even so, the code is not needed to make an online transaction, you don't even need to verify the billing address or zipcode. Although some vendors require that informaion because they get a smaller transaction fee from the credit companies if they provide it.

The one use cards are great. I use them myself and I'm quite happy with them. The resellerratings.com is a good idea as well as long as there are measure taken not to accidentally defraud a business.

Collapse -

They seem careful

by Dr Dij In reply to Common

you can't post a rating w/o an actual invoice#. Even so I think scam sites sometimes make up good ratings. one site I knew was a scam had alot of postings in early hours -2AM, 4AM eastern. Still wasnt' enuf to make up for real people posting bad ratings.

what is really scary is that these people change the amount charged to credit card, and/or never ship mdse, and you have to ask credit card company to dispute charge. they also yell at you if you try to cancel order and lie about dely.

other scary: shopping.com 'features' some of the real bad scam sites. one note is that they are often NOT in the price comparison area but in 'sponsored' results. And you'll see a 3 or 4 star site then read revus and see the people who are mad at them and wonder how they got 3 or 4 stars!

Collapse -

Interesting

by tagmarkman In reply to They seem careful

I know the rating issues from time to time are "false" on Amazon or Download and I supose you have to assume at least 3 stars on any "new" company.

Actually, this just brought up something... why are rating based off the "average" instead of a deviated weight against an average rating of 5 out of 10? You would still get people making false entries but it would be harder for a person to have a high initial rating without at least several people reviewing it.

Back to subject...
A company that "charges" your credit card often places a reserved amount on it and charge you later (usually in batch). For example, a credit card you use for gas "authorizes" an amount before you get to pump gas.. this might be $60.00 that is reserved on your credit card. Until, they charge your card the $34.51 in gas the remainder of the $60.00 ($25.49) can not be accessed.

Usually, companies will only charge up to the reserve amount so they don't get hammered by fees if they go over it but they are not restricted to this can charge significantly more than the reserved amount (if the company is willing to risk the rejection).

I have no idea why I'm talking about this... I guess I'm in the mood to blab... But yes.... price changing is scary and in many cases (but not all) can be illegal.

Collapse -

A solution to price changes

by Dr Dij In reply to Interesting

From posts about beachcamera.com and others, found out that banks allow credit card users to obtain online 'one-use' CC#s that are funded only for the amount you request, and linked invisibly to your original card# which you don't have to give the merchant. This foiled one place that tried to raise the price afterwords. The guy got the order cancelled instead and kept his money from one of these 'never ship' places.

Some of them seem to ship out stuff occasionally to keep their ratings higher. Some seem to pick and choose the customers, cancelling those who won't accept an order at higher price, or substituted item or an opened box/ DOA that they then have to call the MFGR to get fixed.

eCost's scam seems to be offering FAR (Free-After-Rebate) items to suck people in but that are not mfg rebates but from affiliated company, and only good for 10 days from ORDER date. They then delay shipment so you get item AFTER rebate expires, or don't include rebate form in box, etc.

Back to Community Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums