Preventing credit card fraud
ECF has no specific knowledge of consumer-side credit card security so we asked people with some knowledge of this area to contribute to an advice page. There are some very good tips, listed below, and our advice is to carefully read them and follow at least one of them.
Compromised vendor sites
It is impossible to say how and why any particular credit card fraud event happened, since some card fraud is probably the result of simple computer generation of card numbers. However, when the card requires the 3-digit security code in order to work, and it has only been used once, then there is a reasonable chance that something associated with the online store visited may be implicated in the event; although the problem might be a keylogger on your PC.
The fact is that online stores can be vulnerable to exploits in several ways, and this is mainly the responsibility of the website hosting service, not the vendor - vendors are not experts in server security and online sales security. The hosts should be, but frequently are not. There are specialist ecommerce hosting services who do have expertise in this area, and who should be used by vendors. Unfortunately they are not the cheapest hosts - you get what you pay for.
Secure your PC
It's true that having a secure PC is also important. You should use a good anti-malware app and firewall that are proven in benchmark testing to score very highly, and ABSOLUTELY NOT base your choice on advertising or image. Good software is often available free, only missing the support option and extra widgets that most people don't need anyway. For example Avast and AVG score very well as an anti-malware choice, and Online Armor is a real firewall that actually works in both directions. A one-way firewall is not as good because it cannot stop the malware 'phoning home' with your data. These apps are all free; or you can upgrade and get support plus extra bells and whistles.
The drawback to good security is that it involves extra work and hassle. But it's your credit card, and your choice. Just please don't blame everyone else until you have locked down your own system. Spyware is a major industry and they want YOUR data, off YOUR PC.
For more information consult the community's expert resources, for example at Gizmo's Freeware (basic security software and advice) and Wilders Security Forums (detailed advice). Of course, if you can instruct someone in the detail of running HijackThis tests, interpret the results, and remove their rootkits, then you won't need any up-to-date advice on this subject. Most other people do.
You and your credit cards
Staying safe involves some hassle - because that is the definition of security. Use one or more of the tips below and you can eliminate most or all card fraud. The fact is, things can very difficult indeed for online
ecig vendors due to the fact that very few merchant partners* will accept them because of the issues (association with
tobacco, which is blocked by some of the major processors; and the volume of chargebacks, many fraudulent). Some of the partners they have to use may not be the most efficient in the business.
* The companies that act as middlemen between the vendor and the banks - 'checkout processors' if you like.
Security tips
The advice that ECF has been given is that you should
NOT use a card for online purchases that is associated with your main bank account. Instead, you should use one of the options below:
- Use a one-time prepaid card.
- Use a pre-pay/pre-load card, and only load it when you are about to buy.
- Use a Paypal virtual one-time card number.
- Get a bank account with a card that allows you to generate a 'virtual card number' - this is a card number that can only be used for a single purchase and is useless after that.
- Have a separate bank account just for online purchases. This is easier to check out for fraudulent activity.
Also:
- Use a solid credit card company who are known to be strong on security. Cheap or minor-name cards may not be so good for the back-up you need.
- Always read your CC bill very carefully, and check ALL the items.
- Check your CC bill online regularly, if that service is available to you.
- Watch out for a small test purchase on your card. Fraudsters often test it out with a small buy that can be hard to spot in your bill - $9 for a book, or $14 for flowers? Call your CC company and check it out.
- Go to your card provider's website and sign up for the email alerts. You get an email on every use of the card. It adds to email volume - but you'll see a fraudulent use immediately.
Resources
http://www.techsupportalert.com/pc/security-tools.html
Wilders Security Forums - Powered by vBulletin
----------------------------------------
Vendors
Please use specialist ecommerce hosting - these are the only people who really qualify for your online store's hosting account. Security is the main thing you pay your hosts for, and many of them simply don't measure up. Ecommerce hosting protects you and your customers.
This is not referring to hosted ecommerce by the way - a proper ecommerce host supports your choice of ecommerce app, has a heavily-firewalled checkout area for your use, updates its servers daily, and scans them for malware regularly. They actually know how to set up PHP and MySQL correctly. Fraud involving sites on such hosts is virtually unknown.
We came across a server running PHP3 not too long ago, and it was a malware farm. Hosts cause exploits - don't use cheap hosting as it can work out expensive. Don't try and host your own site as you are just contributing to the problem.
for vendors:
Computer Security Guide
SEO Hosting - 3
Choosing Ecommerce Software
I would consider very carefully the implications before I made a credit card order for ANYTHING over the phone.
