General discussion


How savvy are you about online security? Take the test & find out.

By deepsand ·
Before reading the findings of a study, conducted by the Univ. of Pennsylvania, based on this test, try it yourself.

Seventeen Facts American Shoppers Need to Know - But Don't

For the press release, see
For the full report, see


Topics > Privacy & Security > Privacy > Online Privacy >

How Savvy Are You About Your Online Security?

U.S. residents are "dangerously ignorant" of the data that Web site owners collect on them, a study shows.

Juan Carlos Perez, IDG News Service
Wednesday, June 01, 2005

U.S. Internet users are dangerously ignorant about the types of data that Web site owners collect from them and how that data is used, a new study has found.

This lack of awareness makes U.S. Internet users vulnerable to online exploitation, such as personal information misuse, fraud, and overcharging, according a study conducted by the University of Pennsylvania's Annenberg Public Policy Center.

For the study, titled "Open to Exploitation: American Shoppers Online and Offline" and released today, 1500 adult U.S. Internet users were asked true-or-false questions about topics such as Web site privacy policies and retailers' pricing schemes.

Failing Grades
Most respondents failed the test, correctly answering, on average, 6.7 of the 17 questions. The study's interviews, conducted between early February and mid-March 2005, yielded some findings the authors consider alarming, including:

75 percent of respondents wrongly believe that if a Web site has a privacy policy, it will not share their information with third parties.
Almost half of respondents (49 percent) can't identify "phishing" scam e-mail messages, which information thieves dress up to look as though they came from a legitimate company, such as a bank or store, to lure users into entering sensitive information. Requested information might include Social Security numbers, passwords, and bank account numbers.
62 percent of respondents don't know that an online store can simultaneously charge different prices for the same item based on information it has on different shoppers--a practice that can make users victims of what the study's authors call "price discrimination."
To address the problems identified in the study, the Annenberg Public Policy Center is proposing three measures:

The U.S. Federal Trade Commission should mandate that Web sites replace the term "Privacy Policy" with "Using Your Information" to combat users' misconception that those documents are Web sites' pledges not to share their information with third parties.
Consumer education and media literacy should be taught in elementary, middle, and high schools in the United States.
By government decree, online retailers should be required to disclose what data they have collected about customers, and when and how they will use that data.
If you'd like to take the test yourself, go here.

This conversation is currently closed to new comments.

46 total posts (Page 4 of 5)   Prev   02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -


by Jaqui In reply to Changing tape print-outs ...

transaction number.
the authorisation is against a specific transaction number.
the card number is only required for getting the authorisation number, after that it is not rquired anywhere.
( not even on manually filled out slips )

a store that is using the carbon/less slips with the imprint machine needs the card number on the merchant ( deposit ) copy.
but not the other two copies.
( merchant records, customer receipt )
this is because usually there is no approval until after slip is deposited.

the electronic swipe pos system doesn't even need the card number after the approval comes through.
the transaction record has the only number needed, transaction number.
card issuer can make correct payment with that number alone.

Collapse -

Where to begin?

by deepsand In reply to yup..

1) Authorization codes are not unique.

2) Authorizations identify only the specific dollar amount, the merchant acct. no., and the cardholder's acct. no., and the date on which they expire.

3) Auth. codes are issued prior to a tranaction code being ascribed.

4) Transaction numbers are not unique; it is typical, on POS machines, following an open batch being settled, for transaction numbers to be reset to the same initial value, and increased incrementally by 1.

5) A single purchase can span multiple transaction numbers; for example, when the authorization & capture are performed separately, as is not unusual.

6) The transaction numbers assigned at point-of-sale are for the card processors use only; they are not the same as those which appear on one's statement. The account number is absolutely required for settlement.

7) In general, merchants are required to obtain an authorization, and record such on the imprint slip, prior to imprinting the card and obtaining the card bearer's signature.

With respect to manually imprinted slips, the original is for the customer, one copy is for deposit, and the other the merchant's copy, which he is required to keep (see item 10, below).

9) In the event of a dispute, the merchant will be provided with the account number in question, not the authorization code and/or transaction number(s). If needed to resolve the dispute, it is the merchant who would need to provide such. Without some portion of the account number, the merchant has a near impossible task of successfully defending against a charge-back; a signature on an imprint slip or POS tape does not identify the account in question.

10) Merchants are required to keep all pertinent records, with the exception of the Card Code, for a substantial period of time following settlement of the transaction; a typical time period is 3 years.

Collapse -


by joetechsupport In reply to Where to begin?

We were speaking to what get gets printed on the receipt from the POS terminal. The information required for the transaction from the PIN terminal through authorization/reversal, void, charge, credits between client-merchant-processor-financial institution are another matter. There is to my recollection a differing degree to how much of the card number is shown on the receipt. I haven't investigated if these differences pertain to clearing house, financial institute or whatever. From what I've seen with work at my old employment and ISO 8583, the change is technically easy, but approval may be another thing.

I do not doubt you folks are correct

Collapse -

The copy of the POS tape is the equivalent of the merchant's copy of ...

by deepsand In reply to Receipts

an imprint slip.

Therefore, some portion of the card acct. no. must be present of the tape so that the merchant can match the transation to that of an acct. under which a dispute has been initiated.

Keep in mind, for example, that for Visa, MasterCard & Discover, which use 16 digit nos., the 4 terminal digits are check-digits, derived from the 1st 12.

The 1st 4 are the Interbank no., which serves to identify the issuing bank; the next 2, the Portfolio No., such that the 1st 6 identify the servicing bank; and the next 6 the actual acct. no..

It is not possible to determine the 1st 12 digits from the last 4.

AmEx, with a 15 digit no., which includes both their traditional T&E charge cards, along with theur newer credit cards, use a different scheme, but with the same result that the 1st 11 digits cannot be dreived from the last 4.

Therefore, printing the 4 terminal digits on the tape serves to provide sufficent data for the merchant to match a given transaction with a disputed one, but cannot be used to determine the entire acct. no..

Accordingly, the display/printing of such present no security risk.

Collapse -

Thank you...

by jmgarvin In reply to The copy of the POS tape ...

This verifies what I understood to be true. They only need the last 4 digits and not the rest...

Collapse -

To serve is my pleasure.

by deepsand In reply to The copy of the POS tape ...

That I am so familiar with the nuts & bolts of card processing is owing to the fact that I happen to have several clients for whomh I've had to become intimately familiar with the inner workins & hidden mechanisms of what for most is an unseen & unconsidered world.

Most merchants themselves are pretty much cluseless as to what happens behind the scenes; they've enough to do just keeping things working, without having to wonder about how they work.

Collapse -


by joetechsupport In reply to The copy of the POS tape ...

Seeing the variability in digits displayed and the other merchant ID, authorization, reference #'s that seem present I thought card # presence was optional. I suppose a cashier could have told me this :)

Thank you for your explanation deepsand. If my colleague and I ever get it together, this entire thread will have been helpful as well as edifying.

Collapse -

Cashiers are clueless.

by deepsand In reply to The copy of the POS tape ...

With no need to know, absent an active curiousity they'll not ask about the matter.

****, all too many of them don't even know how to determine & provide the correct amount of change if the auto-dispenser fails!

Collapse -

Where you been hiding?

by Oz_Media In reply to Video Store

Sorry for being rude but I haven't run into you here or perhaps you updated your profile and added your location.

I am in New West probably 10 or more days of each month, they sure have cleaned it up over the last 10 years as far as street people are concerned! It's actually somewhere I have thought about moving back to IF I take permanent work in Coquitlam.

That's actually where I run my studio from, you may have seen Fiasco Brothers (Outlaw Entertainment) and Diamond Sharp (22nd st Studios) on 12th I've done a lot of work with them too, good studios.

Don't know if you do the races at Hastings park but if you ever want to lose some money and drink a few beers let me know by peer mail.

ALSO, if you're NOT into racing but want to hit the PNE (Which is up to $10 this year), you can apply for a FREE Horse Player account (BEFORE THE FAIR) and they will send you a card so you can make bets (which you don't have to do) and you get free admission to the PNE anytime any year. You can save a bundle taking the family out for the day.

Again, if you want details, just peer mail me.

Collapse -

Pretty Savy

by mjd420nova In reply to How savvy are you about o ...

You should have seen the agreement that I had my kids read and sign before I allowed them on the
internet. It involved never giving anyone your
real name, address, phone number, or place of birth. Or the same info of anyone, whether you know them or not. Also, never to even look at any e-mail from anyone they didn't know, Sounds pretty tough?? It has worked so far, I've not had any virus or worms and has remained secure
since set up. With four machines, three desktops
and one wireless laptop, each machine has its
specialty, one for audio downloads and cd burning, one for video downloads, and capture
and DVD burning and one for online gaming. The laptop really has no specialty except being
portable and wireless. All are on a VPN and
have WINXP Home..I have anticipated the worst
and prepared for eventual penetration but have
remained clean of trouble for 10 years. I did
set up one low end machine to drive a printer,
kind of like a printer server for the other machines and doesn't get onto the internet so
it has very limited functionality other than to
print from the VPN. I did set up one machine
a couple years ago for my youngest son to
experiment with and became infected from a porn site, hijacked home page, pop ups, and endless
email. Once that username was eliminated all
returned to normal. I use the Win firewall on
each machine, and a firewall on the router.
I wish all my customers could do the same, but
most have at least one user who runs amuck and
infects their whole network, but it's these guys that keep me employed.
works, My machines have never been infected,
hijacked or

Back to Desktop Forum
46 total posts (Page 4 of 5)   Prev   02 | 03 | 04 | 05   Next

Related Discussions

Related Forums