Re: Safer Way to Use Your Credit Card

From: _Vanguard_ (
Date: 12/31/04

Date: Fri, 31 Dec 2004 01:09:42 -0600

"Brad" <> wrote in message
> Hi,
> With the proliferation of "spyware", which includes "keyloggers"
> (logs
> your keystrokes as you type), why would anyone want to type their
> credit card
> number on a computer's keyboard? Is there really a "secure" site?
> No wonder
> identity theft is epidemic.
> A programmer friend of mine told me about his awesome idea for a
> safer way
> to order merchandize on the Internet. Web sites should present an
> option
> after you fill out an order form. If the credit card number slot is
> blank,
> you are presented with the option. If you accept (incase you forgot
> to type
> your credit card number), you receive an order number which you write
> down.
> Off line, you dial direct (no interception), a special toll free
> number and
> enter that order number. Next, you are prompted to enter the credit
> card
> number on your touch tone telephone. Note: This is automatic, no
> human
> contact. Also, your order is canceled if you fail to give your credit
> card
> number within a certain period of time.
> Brad

Isn't it amazing how people will use a method that is more insecure?
Hitting digits on a telephone. Yeah, like no one tapping your line
could figure out what was your credit card number from that. That's
like folks that are worried about ordering online and yet they go
speaking their credit number on the telephone to place an order that

Instead of using your real credit card number, why not use a temporary
one? I have an account with MBNA Visa/MC. They have their ShopSafe
scheme where you have them generate a temporary credit card number. It
is tied back to your real account but only they know the linkage. You
can specify both a maximum dollar limit on that temporary card number
and an expiration (minimum is 1 month). That means when you order that
$8 case fan with $5 shipping that you use ShopSafe to generate a temp
card number that has a maximum charge of $15 (I always add a bit to
account for any sales tax and other charges they may happen to omit when
you are checking out) and have it expire in 1 month (the default term).
That means if anyone steals that number, they can only nail you for the
$15 and they'd have to use it before it expires in a month (i.e., your
card number doesn't go floating around indefinitely and remain usable).
My other credit card companies don't have this service so I end up using
temp cards generated from my MBNA card all the time for online order, or
even for telephone orders.

I'm sure at some point in setting up the ShopSafe account or registering
online with the credit card company to get an web account that you'll be
typing in the sensitive info unless they ask for confirmation info to
prove who you are instead of directly asking for your credit card
numbers (or look you up on a partial card number). You could use an
onscreen keyboard that you click on with the mouse as a keylogger
wouldn't get that but a packet sniffer might *IF* the sight were so
stupid as to not use SSL to encrypt your communications. However, you
obviously should be periodically cleaning your system, anyway.

***  Post your replies to the newsgroup.  Share with others.
***  For e-mail, you must append "#NEWS#" to the Subject.