A newsletter for genealogy
consumers, packed with straight
talk, hold the sugar coating - whether the vendors like it or
not!
Credit Card Safety
A popular myth says "Don't use credit cards on the web." In fact, the opposite is true. Checks are easily stolen and you will lose the money. Use of credit cards is fully insured so you will never lose money.
Here are the facts (you can verify this information in thousands of places on the web):- All VISA, MasterCard, American Express and Discover cards issued in the United States (and in most other countries) are fully insured against theft or fraud. Most checks are not.
- If you send a check, it can be stolen and cashed by someone unknown to you. If that happens, the money is taken from your checking account. In most cases, you will not get the money back even if the criminal is caught. Thousands of checks are stolen every day.
- Anyone can "wash your check." That is, your check will have the payee and the amount removed. Then the scam artist writes in a new payee name and a new amount. See http://www.scamsonline.com/2006/01/how_would_you_l.html for information about how easy it is to "wash a check." If that happens, the money is taken from your checking account. In most cases, you will not get the money back, even if the criminal is caught.
- If you post your credit card number to a web site, there is a very slight chance that someone could obtain the numbers and use them to charge things illegally. If that happens, you call up your credit card company and tell them. The charges are instantly reversed and you do not lose a penny, whether the criminal is caught or not.
I will never, ever send a check to an unknown company or person because of the strong possibilities of theft or fraud. I always use credit cards instead because they are so much safer.
I do not use debit cards because they are really "plastic checks." They are not true credit cards. Debit cards have all the same security risks as paper checks. I use true credit cards instead.
- Dick Eastman
P.S. here are some more articles about this topic.
Anyone can take money from your checking account!
The following is an article from the June 20, 2005 edition of Eastman's Online Genealogy Newsletter:
I often hear the old wives' tale of "it is dangerous to use your credit card
on the web." In fact, the reverse is much more accurate: the web is probably the
safest place in which to use a credit card. Now we are told that use of a credit
card on the web is much, much safer than sending a check in the mail.
The security and anti-fraud managers at any credit card company can tell you
that most credit card numbers are stolen in face-to-face transactions, typically
when the card leaves your sight for a bit. Think about the typical restaurant:
the waiter or waitress takes your card and then walks away with it. You do not
see them in the back room where they can easily make copies of your card, a task
that requires only a few seconds to accomplish. The same may be true in many
stores, beauty parlors and a host of other places.
In addition, use of any U.S.-issued VISA, MasterCard or American Express card on
the web is fully insured: if anyone does ever fraudulently charge your card as a
result of an online transaction, simply contact the credit card company at the
toll-free number on the back of your card and the charges will be reversed.
Face-to-face transactions typically are not insured.
Many people will not use credit cars online. Instead, they always insist upon
sending checks. Now one of the better-known anti-scam web sites has shown how
easy it is for anyone to steal money out of your checking account. In fact, it
is much easier to take money from your checking account than it is from your
credit card. All that is needed is the routing number and the account number
that is printed on the front of every check you send. The thief simply needs to
have your check or even a photocopy of your check, everything after that is
easy. Do you pay your mortgage, electric bill, telephone bill, car payment or
other bills with a check? Any dishonest employee at the receiving company can
easily steal money from you.
You can read more about this on "Aunty Spam's Net Patrol," a well-known site
that reports on spam, spyware, spoofing, security breaches, and other Internet
nasties. The article is available at
http://www.aunty-spam.com/your-checking-account-is-not-safe.
The following is an article from the November 11, 2002 edition of Eastman's Online Genealogy Newsletter:
This article is not about a genealogy-related topic. Yet the
information presented here directly affects many of the companies,
products, and services mentioned in this newsletter as well as the many
readers who use those goods.
Last week I announced the new Plus Edition of the newsletter and told
how to subscribe online by using a credit card. In the following days,
I received about a dozen e-mails from people questioning the use of
credit cards on the Web. The words varied, but the underlying theme
was, "I am afraid to use a credit card on the Web." I must admit that I
was surprised; I thought that phobia died years ago. Perhaps a better
understanding of how online ordering works will help dispel the
needless fears that apparently still deprive some people of this great
convenience.
According to Forrester Research, consumers will spend more than $76.3
billion in 2002 in purchases made on the Web. Seventy-six billion
dollars! That’s a lot of money, and probably 99% of it is spent via
credit cards on the Web. Even with $76 billion in online credit card
usage per year, I bet you do not personally know anyone who was "ripped
off" for using a credit card on the Web. The reason is simple: credit
card fraud on the Web is extremely rare, much less common than credit
card fraud elsewhere.
I might also mention my qualifications for writing about this topic.
Two years ago I was the Principal Technical Support Engineer for a
dot-com company that provided online credit card processing for Web
merchants. Our customers included more than two thousand dot-com
e-commerce sites, including several companies that are household names.
When you ordered something from our customer’s Web site and paid by
credit card, you were actually sending the information to my employer’s
servers. You probably never knew that, however. We handled all the
"back end" credit card processing. I really loved that job and was
disappointed when my employer filed for bankruptcy and closed their
doors as one more dot-com company bit the dust.
During my two plus years there, I watched as my employer’s servers
processed millions of online credit card transactions. My department
got involved whenever there were problems. We were the ones who dealt
with technical problems, as well as with stolen credit cards and
attempted fraud. Of the hundreds of attempted fraud cases that my
department handled, we never found one where the would-be thief
retrieved card numbers from a Web transaction. In all the attempted
fraud cases where we were able to identify the source of the problem,
the credit card numbers had been obtained from telephone orders or from
face-to-face credit card transactions in restaurants, gas stations,
beauty parlors, stores, and other retail establishments. In fact, I
learned that it is very easy to steal credit card numbers, even if you
don’t know how to use a computer. Most thieves prefer the easier,
non-computer methods.
Many of us know people who have had theft of card numbers in
face-to-face transactions. If you know me, then you know one of those
people: years ago I had my credit card numbers stolen twice although
both occurrences happened long before the invention of the World Wide
Web. Luckily, the credit card companies covered the losses completely;
I never lost a dime.
When you personally hand your card to a waiter or retail clerk and he
or she takes it out of your sight, your information is easily "ripped
off." Someone outside of your view can easily copy the numbers or swipe
the card twice in a credit card machine. Telephone orders are just as
risky; the person working in the call center on the receiving end may
not be totally honest. Do you really want to give your credit card
numbers to a stranger on the other end of the phone? He or she may be
writing the numbers onto a piece of paper for later use.
The security specialists who work for credit card companies report that
almost all credit card fraud occurs in face-to-face transactions in
restaurants, gas stations, and retail stores. Inserting your card
directly into a credit card machine and then retrieving it yourself is
much safer. One example is the automated gas pumps that are so common
these days. The reason that automated pumps are so popular among gas
station owners is that the pumps significantly reduce credit card theft
by their employees. Unlike the old pumps, gas station employees today
never see the credit card or the numbers on the card.
Most people also do not realize that their credit card transactions in
stores, restaurants, and gas stations are also transacted via online
networks. The larger corporations usually have their own dedicated
networks for credit card transactions. However, many smaller stores,
restaurants, and gas stations use dial-up connections to agents over
the same Internet that you and I are using. Their credit card swipe
devices make encrypted connections across the Internet to servers at
the clearinghouses. They send your personal data across the Internet,
using encryption technology that scrambles the data so that no human
can decipher it. This encryption technology is similar to that used in
your Web browser. Very likely, your credit card information has already
been sent across the Internet many times – safely – even if you have
never made an online purchase.
Like the dial-up connections the vendors use, Web browsers have the
same capability to send and receive sensitive financial and personal
information in an encrypted form that is essentially impossible to
intercept. Whether an online purchase is made using Internet Explorer,
Netscape, AOL, or some other browser, only the merchant or their agent
will ever have access to the information. No one else can decode your
credit card numbers.
The buzzword for all this is "Secure Sockets." I’ll skip over the
technical details but will point out that your credit card information
is encrypted right at your PC, before it ever reaches the Internet.
When Secure Socket connections are used, your data is never transmitted
"in the clear." The encryption techniques employed are extremely robust
and secure. These encryption methods can only be broken by the use of
multi-million dollar mainframes. Even with expensive hardware, decoding
one credit card transaction might require several months. Most thieves
can find easier ways to steal money.
Compare that to orders placed by telephone or by FAX. These orders are
not encrypted at all! Anyone can tap in. Did you recently call in a
telephone order while using a cell phone or a cordless phone in your
home? Many people can listen in on those conversations by using an
inexpensive police scanner. Stealing a credit card number is child’s
play when calls are placed by telephone.
Once your credit card information is received at the online merchant’s
server, it normally remains within a secured database in the order
processing system. That database may even be the same one that the
merchant uses for telephone orders and mail orders. Theoretically,
credit card information could be stolen after it arrives at a
merchant’s central computer system, but this is a human risk that can
happen on both Web orders and non-Web orders alike. Using the Web does
not increase or decrease the odds of human theft. You encounter the
same risk when you give your credit card number in person, over the
phone, by letter, or by FAX.
The high-security encryption techniques used for online purchases is in
stark contrast to using your credit card at dozens of local shops,
restaurants, and gas stations. When your credit card is used to make a
paper imprint, your credit card number is in the hands of people whom
you don’t know, and it may wind up on slips of paper in dumpsters
accessible to all sorts of people. One phrase I learned is "Dumpster
Diving:" the act of going through dumpsters behind stores or
restaurants looking for credit card receipts. Such activities are very
common among credit card thieves.
Online credit card transactions via Secure Socket connections are much
safer than handing your card to a clerk in a store or restaurant. A
largely uninformed media has given in to hearsay, rumor, and urban
legend rather than taking the time to investigate the facts. These
rumors circulate without regard for truth.
If you are still uneasy, you should also remember that there are limits
on your exposure in all credit card thefts. In the United States,
federal laws mandate that you can be charged a maximum of $50.00 for
all the purchases made with your stolen credit card. However, American
Express and many issuers of VISA and MasterCard reduce this liability
to zero. A person using one of these "insured cards" still may suffer
some inconvenience when the card is ripped off, but at least it won’t
cost any money. If you have several credit cards in your wallet, check
to see which ones offer theft protection. Then use those cards all the
time, both online and offline.
To illustrate the safety of credit cards, I’ll remind you that a few
months ago I reported on a slightly different issue. A company
advertised a national genealogical conference, took in thousands of
dollars in prepaid reservations, then canceled the conference and
refused to refund any money. Those who paid by credit card and reported
the problem to the banks that issued the cards received refunds from
those issuing banks. In effect, the card-issuing banks insured the
purchase. Those who paid by cash, check, or money order received
nothing. Credit cards really are safer than cash, checks, money orders,
or debit cards, both online and off, especially when non-delivery of
goods and services are involved.
In the past ten years, I have probably charged more than $40,000 in Web
purchases, all of it done by credit cards. A lot of that was for
airline tickets as I used to travel a lot for a former employer. I was
reimbursed by submitting an expense account.
In addition, I purchase many items on eBay and always pay via credit
card through PayPal. I also purchase most of my computer software and
hardware online. I pay for the newsletter bulk mailing service that
sends this newsletter by e-mail by using a credit card online. I also
pay for the RootsForum.com Web site by using a credit card and PayPal.
Most of my Christmas presents, birthday presents, and a lot of other
things are purchased online, all paid by credit card. I even pay my
bills online. In fact, I avoid shopping malls as much as possible. I
find it easier and safer to shop online.
I have never had a problem with an online credit card transaction, nor
do I know anyone else who ever had any problems with fraud by using
credit cards on the Web. Even among the two thousand customers of my
former employer, not one of them ever identified the Web as the source
of a stolen credit card number.
In short, your credit card is less exposed to fraud when used on the
Web than it is when used in person at restaurants, gas stations, and at
retail stores. Think about it.
Check Washing
How would you like to hand someone a blank check? Pretty dumb, right? Well you are doing just that if you send a check in the mail or hand a check to someone in a store.
Check washing is a growing problem and it essentially puts a blank check in your name in the hands of criminals that are more than willing to fill out any dollar amount to their own bank accounts. Check washing is the process of taking a check that's already been filled out, removing the ink from a pen, then re-writing in a new dollar amount and recipient. You can read the article at http://celtickane.com/projects/washing.
or instructions.