Groupon, Groupoff ... | The Boneyard

Groupon, Groupoff ...

Status
Not open for further replies.
Joined
Aug 24, 2011
Messages
3,157
Reaction Score
1,680
I basically condemn online vendors to the nether regions if they don't take PayPal. I make a few exceptions, such as Amazon, whose security seems tight.

Anybody else feel strongly about this?
 
Joined
Aug 26, 2011
Messages
675
Reaction Score
612
Unless it's a big company, I generally agree. It's nice to at least pretend you can limit the number of places where your credit card info is kept on file.
 
Joined
Aug 24, 2011
Messages
3,157
Reaction Score
1,680
Unless it's a big company, I generally agree. It's nice to at least pretend you can limit the number of places where your credit card info is kept on file.

Exactly. The only two online security problems I've had were with very small companies I was foolish enough to give a credit card number to. In both cases some unidentified employee abused the trust I placed in their employer.

Amazon has problems, but so far it has involved their cloud-based services offered to third-party business clients, not their well-known Amazon sales site.
 

grizz36

Misabe Mukwa
Joined
Aug 26, 2011
Messages
369
Reaction Score
226
I basically condemn online vendors to the nether regions if they don't take PayPal. I make few exceptions, such as Amazon, whose security seems tight.

Anybody else feel strongly about this?

My only online security breach problem occurred through PayPal. I've tended to avoid them as a result. They may have tightened up in recent years, but I can't bring myself to try them again.
 
Joined
Aug 24, 2011
Messages
3,157
Reaction Score
1,680
My only online security breach problem occurred through PayPal. I've tended to avoid them as a result ...

Did PayPal confirm the breach? If not, how do you know the problem wasn't caused by another source such as a keylogger on your computer?
 

alexrgct

RIP, Alex
Joined
Aug 26, 2011
Messages
10,096
Reaction Score
7,842
If credit card data are in transit or at rest, the application managing the payment and the environment in which application resides are subject to the the PCI and PA Data Security Standards. These DSSs feature best practices on a code, encryption, network, and physical/logical security level. To be considered in compliance, you have to comply (or have a compensating control) with every single edict of the DSS.

Small companies may not be in compliance with PA and PCI DSSs. Any large company is.

If there is a breach of credit card data and the offending company is not complaint with PCI, the fines involved are akin to the warth of God. This almost destroyed TJX about five years ago.

PCI and PA standards are established by the credit card companies themselves and audited by third parties. Your data are safe. You're far more likely to have your card information stolen paying for something in person.
 
Joined
Aug 26, 2011
Messages
1,538
Reaction Score
847
While we all get antsy about the possibility of data theft, the most notorious breaches have been with Bricks and Mortar retailers who (used to, anyway) transfer date (via their parking lots) in a poorly protected manner.
 

ThisJustIn

Queen of Queens
Joined
Aug 26, 2011
Messages
3,804
Reaction Score
4,381
Isn't it challenging for smaller companies since they have to pay paypal a fee as well as the credit card? Or am I mistaken?
 
Joined
Aug 24, 2011
Messages
3,157
Reaction Score
1,680
If credit card data are in transit or at rest, the application managing the payment and the environment in which application resides are subject to the the PCI and PA Data Security Standards. These DSSs feature best practices on a code, encryption, network, and physical/logical security level. To be considered in compliance, you have to comply (or have a compensating control) with every single edict of the DSS.

Small companies may not be in compliance with PA and PCI DSSs. Any large company is.

If there is a breach of credit card data and the offending company is not complaint with PCI, the fines involved are akin to the warth of God. This almost destroyed TJX about five years ago.

PCI and PA standards are established by the credit card companies themselves and audited by third parties. Your data are safe. You're far more likely to have your card information stolen paying for something in person.

This is all true, but far from the whole story in this discussion. A recent security conference had a main speaker whose message was the following:
"There are three things to worry about in personal computer security - keyloggers. keyloggers, and keyloggers."

If you have a keylogger on your PC, your data is stolen before it is encrypted and transmitted along those oh-so-safe data channels and stored in Fort Knox-like data centers.
 

grizz36

Misabe Mukwa
Joined
Aug 26, 2011
Messages
369
Reaction Score
226
Did PayPal confirm the breach? If not, how do you know the problem wasn't caused by another source such as a keylogger on your computer?

VISA confirmed the breach, or I should say, put the finger on PayPal. I can monitor such breakins as keyloggers on my Mac.
 

Icebear

Andlig Ledare
Joined
Aug 24, 2011
Messages
18,788
Reaction Score
9,890
I have not had problems through either PayPal or Amazon which I use almost exclusively online but was one affected by the UConn store problems last year and have had to change my debit card three times because of security breaches at local banks.
 
Joined
Aug 24, 2011
Messages
3,157
Reaction Score
1,680
Icebear and grizz36 - look at 'Conversations' under 'Your Account.'
 
Joined
Aug 27, 2011
Messages
879
Reaction Score
291
I basically condemn online vendors to the nether regions if they don't take PayPal. I make a few exceptions, such as Amazon, whose security seems tight.

Anybody else feel strongly about this?

I use one credit card with no annual fee for on-line purchases only. I figure if a problem came up, it wouldn't be with the credit card I use for all my other purchases.
 
Joined
Aug 24, 2011
Messages
3,157
Reaction Score
1,680
I use one credit card with no annual fee for on-line purchases only. I figure if a problem came up, it wouldn't be with the credit card I use for all my other purchases.

Great plan! I use another approach - I just don't use plastic when there's a human being (or gas pump) around. I use that wacky stuff my Dad used to call "cash" to pay for nearly all my offline transactions.

By the way - criminals have been targeting gas pump card slots for several years now. It's fairly risky to use them.
 
Joined
Aug 26, 2011
Messages
984
Reaction Score
150
My only online security breach problem occurred through PayPal. I've tended to avoid them as a result. They may have tightened up in recent years, but I can't bring myself to try them again.

Grizz, that surprises me, and worries me a tad. I've been using PayPal for years with zero issues. I have also used a credit card on Amazon, but not too often.

Hate to be a dope, but what the heck is a "keylogger?"
 
Joined
Aug 24, 2011
Messages
3,157
Reaction Score
1,680
" ... Hate to be a dope, but what the heck is a "keylogger?"

A keylogger is any one of a laundry list of hardware devices or (usually) software malware that captures your keystrokes and forwards them to an unfriendly computer to look for your passwords, account numbers, etc.

I've seen claims that the old bugaboos like viruses, etc, are a tiny minority of PC security leaks these days, and that keyloggers are where the crooks are.
I use the anti-keylogger product Zemana AntiLogger, which sends up a flag when keylogging software is attempting to install/run on my system.

Understand, though, that some people intentionally put a keylogger on their own computer in a work or home environment to monitor whether someone else is using the computer, or, in the case of parents, what their kids are doing on the family computer.
 
Status
Not open for further replies.

Online statistics

Members online
231
Guests online
746
Total visitors
977

Forum statistics

Threads
169,889
Messages
4,196,052
Members
9,087
Latest member
uchskyfan


Top Bottom