|
John Simmons / outlaw programmer wrote: From "NYC National Lotto" declaring that my email address was randomly selected and I won $5.2 million. No file attachment, but wanted some personal info.
Send this back:
Sir,
I am so exicted to learn that I have won. Since you already have my email, please keep the $200,000 and send me a cashiers check for the remaining $5 million.
If it's not broken, fix it until it is
|
|
|
|
|
i got one pertaining to be Itunes about my netflix subscription. I hovered over the link to see if it was from apple it was not! It looked like Itunes, but it came to the the wrong email not my email associated with Itunes!!
|
|
|
|
|
It's been a while that I'm pondering over the question.
On one hand inserting each time the CC details means exposing myself to Man In the Middle attacks or keyloggers/spyware on my PC.
On the other hand it is way more probable that a site or a client (I'm thinking about Steam client for example) get hacked and their database stolen. Do I know how they store my details? They have to use them to make the payment so they must be in a retrievable format (encrypted at best, for sure not hashed) so it is a certainty that my CC details could be decrypted and used.
Since I don't use public computers or Internet cafès anymore I switched definetely to inserting them every time - it also serves as a time buffer to change my mind and save money . I know my PC and how I manage it and I'm a bit paranoid on security so I don't really think I'm in a big risk this way...
What do you think about it?
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X
If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver
|
|
|
|
|
den2k88 wrote: Saving credit card details on sites or not? Not
Anything that is unrelated to elephants is irrelephant Anonymous
- The problem with quotes on the internet is that you can never tell if they're genuine Winston Churchill, 1944
- I'd just like a chance to prove that money can't make me happy. Me, all the time
|
|
|
|
|
I'm lazy so if I think it's safe then I'll save them. Usually still need to enter the cvv number [though not always].
Dave
|
|
|
|
|
den2k88 wrote: Do I know how they store my details? Do you want to know how sausages are made?
Just iDeal them the money, or whatever your local equivalent is called.
|
|
|
|
|
harold aptroot wrote: Do you want to know how sausages are made?
I'm quite aware of how they're made - I work for food industries on their machinery! I still like them, food is food. I also made them at home, living in the countryside has its benefits.
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X
If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver
|
|
|
|
|
Saving credit card details is rare as it involves complying with a lot of legislation. Just because a site can remember your details that doesn't mean it is saving them (encrypted or not). Many payment providers support the tokenisation of payment details, so let's say I enter my card number, expiry date etc, when the site instigates the payment with the payment gateway it indicates that it wants to token the details, and the site is returned a token...usually a guid...and that guid is stored against your account. The next time you pay the site sends that guid to the provider and the provider retrieves the details and uses them. So it is the payment provider that stores your details, not the site itself, it just stores a token.
Second of all the three digit check number (whatever you want to call it). It is against banking guidelines to store this number, if you need to use it you have to ask the client every time and that is added protection for the client but it means still having to enter your check number each time, but I think a lot of people know that off by heart (well, I do) so not much of an inconvenience. However you'll note that Amazon doesn't ask for your check digit, the reason being it isn't actually mandatory. If you want to use the check number to provide your clients with more security you can, but if you want to forgoe it you can do that too.
To sum up....if the site tokenises your details then choosing to have them remembered is more secure as it protects you from man in the middle attacks. If the site stores your details in an encrypted form you might not want to store them. How will you know which method the site uses? You don't. But if it's a fairly small site you can be pretty sure they use tokenised payments. If it's a massive multinational company then they might be storing your details in an encrypted form.
|
|
|
|
|
Very nicely put!
I'd disagree with the last bit though: if it's a really small site they are probably stored in clear text. Go look at what some of the morons in QA are playing with and you'll see what I mean. #
That's one of the reasons I prefer paying with PayPal - I'm pretty sure they are solid, and they don't share financial details with the online store I'm buying from, just the delivery address and so forth.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Have to admit if it's a site I've never really heard of or well known, and something I'm buying as a one-off I'll use PayPal for pretty much those reasons, I trust PayPal more than some random site. I've even paid more money for something from Amazon than an independent site because I trust Amazon. With all these hacks and data leaks I'm definitely more cautious about who I deal with and how.
Now excuse me while I look at these files HMRC have sent me, apparently I have "errors an your tax rebate".
|
|
|
|
|
Thank you a lot for your excellent explanation. Unluckily EVERY site that asked me my details saved the three digits code also, I wouldn't have problems otherwise.
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X
If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver
|
|
|
|
|
Never on a site that has anything to do with computer equipment or software. Too many of those guys are too sure of themselves, and we all know what pride comes before, don't we*?
* "Pridian", so so pride is so the day before yesterday!
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
den2k88 wrote: ...so they must be in a retrievable format (encrypted at best, for sure not hashed) so it is a certainty that my CC details could be decrypted and used. Not necessarily. Sites these days are not storing CC details, but simply store a transaction ID instead.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
My bank (Bank of America) has the ShopSafe feature, where they will create a virtual Visa card for you on demand and online, that is good for one transaction and the amount you specify. This is great for online payments, because you never use your real credit card online.
Get me coffee and no one gets hurt!
modified 11-May-16 13:55pm.
|
|
|
|
|
Do trees find Spring to be a real releaf?
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
I see you're finally branching out - a budding genus rooted in punditry!
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "As far as we know, our computer has never had an undetected error." - Weisert | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Who planted that joke in your head?
|
|
|
|
|
Ah, grow up, will you...
Anything that is unrelated to elephants is irrelephant Anonymous
- The problem with quotes on the internet is that you can never tell if they're genuine Winston Churchill, 1944
- I'd just like a chance to prove that money can't make me happy. Me, all the time
|
|
|
|
|
The circle of leaf?
New version: WinHeist Version 2.2.2 Beta I told my psychiatrist that I was hearing voices in my head. He said you don't have a psychiatrist!
|
|
|
|
|
Have you considered pollen the Lounge users to seed what they think of these remarks? Find out if they're furrow against the posts? While some may enjoy them, it's possible that others find them really irrigating. There's not mulch else to say; just bee cautious.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "As far as we know, our computer has never had an undetected error." - Weisert | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Please just get your coat and leaf
|
|
|
|
|
You certainly do seed things differently.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
He seems to be branching out.
/ravi
|
|
|
|
|
At least he's observant enough to stem the tide of the Star Wars TOTD.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
Yes, he seemed to be rooted on that theme. I'm glad that thread's trunkated.
/ravi
|
|
|
|