Groupon, Groupoff ...
- Thread starter Wonkster
- Start date
- Status
Exactly. The only two online security problems I've had were with very small companies I was foolish enough to give a credit card number to. In both cases some unidentified employee abused the trust I placed in their employer.
Amazon has problems, but so far it has involved their cloud-based services offered to third-party business clients, not their well-known Amazon sales site.
grizz36
Misabe Mukwa
- Joined
- Aug 26, 2011
- Messages
- 369
- Reaction Score
- 452
My only online security breach problem occurred through PayPal. I've tended to avoid them as a result. They may have tightened up in recent years, but I can't bring myself to try them again.
Did PayPal confirm the breach? If not, how do you know the problem wasn't caused by another source such as a keylogger on your computer?
alexrgct
RIP, Alex
- Joined
- Aug 26, 2011
- Messages
- 10,091
- Reaction Score
- 15,648
If credit card data are in transit or at rest, the application managing the payment and the environment in which application resides are subject to the the PCI and PA Data Security Standards. These DSSs feature best practices on a code, encryption, network, and physical/logical security level. To be considered in compliance, you have to comply (or have a compensating control) with every single edict of the DSS.
Small companies may not be in compliance with PA and PCI DSSs. Any large company is.
If there is a breach of credit card data and the offending company is not complaint with PCI, the fines involved are akin to the warth of God. This almost destroyed TJX about five years ago.
PCI and PA standards are established by the credit card companies themselves and audited by third parties. Your data are safe. You're far more likely to have your card information stolen paying for something in person.
Small companies may not be in compliance with PA and PCI DSSs. Any large company is.
If there is a breach of credit card data and the offending company is not complaint with PCI, the fines involved are akin to the warth of God. This almost destroyed TJX about five years ago.
PCI and PA standards are established by the credit card companies themselves and audited by third parties. Your data are safe. You're far more likely to have your card information stolen paying for something in person.
- Joined
- Aug 26, 2011
- Messages
- 1,550
- Reaction Score
- 1,044
While we all get antsy about the possibility of data theft, the most notorious breaches have been with Bricks and Mortar retailers who (used to, anyway) transfer date (via their parking lots) in a poorly protected manner.
ThisJustIn
Queen of Queens
- Joined
- Aug 26, 2011
- Messages
- 4,109
- Reaction Score
- 11,315
Isn't it challenging for smaller companies since they have to pay paypal a fee as well as the credit card? Or am I mistaken?
This is all true, but far from the whole story in this discussion. A recent security conference had a main speaker whose message was the following:
"There are three things to worry about in personal computer security - keyloggers. keyloggers, and keyloggers."
If you have a keylogger on your PC, your data is stolen before it is encrypted and transmitted along those oh-so-safe data channels and stored in Fort Knox-like data centers.
grizz36
Misabe Mukwa
- Joined
- Aug 26, 2011
- Messages
- 369
- Reaction Score
- 452
VISA confirmed the breach, or I should say, put the finger on PayPal. I can monitor such breakins as keyloggers on my Mac.
Icebear
Andlig Ledare
- Joined
- Aug 24, 2011
- Messages
- 18,784
- Reaction Score
- 19,227
I have not had problems through either PayPal or Amazon which I use almost exclusively online but was one affected by the UConn store problems last year and have had to change my debit card three times because of security breaches at local banks.
- Joined
- Aug 27, 2011
- Messages
- 879
- Reaction Score
- 582
I use one credit card with no annual fee for on-line purchases only. I figure if a problem came up, it wouldn't be with the credit card I use for all my other purchases.
Great plan! I use another approach - I just don't use plastic when there's a human being (or gas pump) around. I use that wacky stuff my Dad used to call "cash" to pay for nearly all my offline transactions.
By the way - criminals have been targeting gas pump card slots for several years now. It's fairly risky to use them.
- Joined
- Aug 26, 2011
- Messages
- 984
- Reaction Score
- 300
Grizz, that surprises me, and worries me a tad. I've been using PayPal for years with zero issues. I have also used a credit card on Amazon, but not too often.
Hate to be a dope, but what the heck is a "keylogger?"
A keylogger is any one of a laundry list of hardware devices or (usually) software malware that captures your keystrokes and forwards them to an unfriendly computer to look for your passwords, account numbers, etc.
I've seen claims that the old bugaboos like viruses, etc, are a tiny minority of PC security leaks these days, and that keyloggers are where the crooks are.
I use the anti-keylogger product Zemana AntiLogger, which sends up a flag when keylogging software is attempting to install/run on my system.
Understand, though, that some people intentionally put a keylogger on their own computer in a work or home environment to monitor whether someone else is using the computer, or, in the case of parents, what their kids are doing on the family computer.
- Status