Page 1 of 2 1 ... LastLast
Results 1 to 50 of 55
  1. #1


    Slow Traveler

    Join Date
    Jan 2006
    Location
    The Best Coast: The West Coast
    Posts
    1,183
    I want to rent an apartment in Florence on VRBO,that has over 15 good reviews.
    The owner takes credit cards, but wants the numbers of the card by email or fax .
    She says to send in 2 or 3 separate messages for safety.
    Can you tell me your experiences with doing this?
    I would prefer Paypal, but this seems to be her way.
    I'm not at all sure about the security of doing it this way.
    Thanks!.

  2. #2


    Slow Traveler

    Join Date
    Jan 2006
    Location
    The Best Coast: The West Coast
    Posts
    1,183
    I want to rent an apartment in Florence on VRBO,that has over 15 good reviews.
    The owner takes credit cards, but wants the numbers of the card by email or fax .
    She says to send in 2 or 3 separate messages for safety.
    Can you tell me your experiences with doing this?
    I would prefer Paypal, but this seems to be her way.
    I'm not at all sure about the security of doing it this way.
    Thanks!.

  3. #3


    Slow Traveler

    Join Date
    Dec 2003
    Location
    mahwah, new jersey, usa
    Posts
    4,398
    I have done it this way and, knock on wood, have not had any problems.

    I do send three different e-mails with the numbers, and a forth with the expiration date.
    ellen

  4. #4

    Slow Traveler

    Join Date
    Jun 2008
    Location
    Spring City, Utah
    Posts
    318
    Hi SJ, we have sent partial credit card numbers several times. It has worked for us but do not send numbers in sequence. Let them figure out how they go together. Usually, the credit card numbers are not used until it is time for you to pay.

  5. #5


    Slow Traveler

    Join Date
    Oct 2005
    Location
    Urbino, Le Marche, Italy
    Posts
    2,329
    Usually the cc details are kept in case you cancel your stay (if a cancellation policy is available), otherwise I don't see the reason to send your cc data since the normal way to pay is inserting your card in the POS machine once you arrive or leave and let you pay that way.

    If this is the case, Gina, sending numbers in the wrong sequence will have the only effect of not allowing the owner to get the money in case you cancel your stay.. I don't know of anybody who would try different orders of the numbers you sent...
    Giulia
    Locanda della Valle Nuova
    ST Classifieds: Locanda della Valle Nuova apartments and [URL=http://www.slowtrav.com/cl/detail.asp?l=1887] organic

  6. #6
    Moderator Premium Member
    Moderator

    Slow Traveler
    Roz's Avatar
    Join Date
    Aug 2004
    Location
    Napa, CA
    Posts
    9,258
    Here is a previous discussion on this topic. Basically I think it is a personal decision as to whether you want to take the risk. If you choose to do so, I'd advise that you monitor your credit card account online to be sure there are no unexpected charges.

    - Roz

  7. #7
    Fax and phone are always better than Email as far as security goes. I usually use fax.

  8. #8


    Slow Traveler

    Join Date
    Oct 2005
    Location
    Urbino, Le Marche, Italy
    Posts
    2,329
    I was about to suggest the same: fax or phone the information and you'll be sure that the only person who gets your data is the owner/agent.
    Giulia
    Locanda della Valle Nuova
    ST Classifieds: Locanda della Valle Nuova apartments and [URL=http://www.slowtrav.com/cl/detail.asp?l=1887] organic

  9. #9


    Slow Traveler

    Join Date
    Jan 2005
    Location
    Venezia, Italia
    Posts
    3,365
    I send split up e-mails and have never had a problem.

  10. #10


    Slow Traveler

    Join Date
    Oct 2005
    Location
    Urbino, Le Marche, Italy
    Posts
    2,329
    I often send my cc details in just one e-mail and never had a problem and my guests send it in either one or split e-mail and nobody ever reported any problem either.
    Giulia
    Locanda della Valle Nuova
    ST Classifieds: Locanda della Valle Nuova apartments and [URL=http://www.slowtrav.com/cl/detail.asp?l=1887] organic

  11. #11


    Slow Traveler

    Join Date
    Jul 2006
    Location
    Austin & Casperia
    Posts
    894
    I have used multiple (2 or 3) emails to email credit card details over the years, without a problem. I do use a non-preferred card, however, just in case. That way if there is a problem, especially while we are abroad, my primary card is not impacted.
    Chris Phillips
    il sogno a Casperia

  12. #12


    Slow Traveler

    Join Date
    Jan 2006
    Location
    The Best Coast: The West Coast
    Posts
    1,183
    Thanks, everyone;
    I think I might just find another apartment that deals in SecureServer Credit , or PayPal.
    That long previous discussion conviced me not to email or fax, or phone my details.

  13. #13


    Slow Traveler

    Join Date
    Apr 2006
    Location
    Burlington, ON, Canada
    Posts
    3,834
    I agree that it is a personal decision. Over the past 4 years I have faxed and e-mailed cc information without any problems. Having said that, I'd be more comfortable with PayPal.
    Jerry

    The traveler sees what he sees. The tourist sees what he has come to see. ~G.K. Chesterton

    Blog: A Life, Lived
    [URL=http://www.slowtrav.com/tr/tripreport.asp?tripid=1062] Taste of the Windy City Trip

  14. #14


    Slow Traveler

    Join Date
    Mar 2005
    Location
    Western Australia
    Posts
    1,332
    I email separate advices and never had a problem. Have also faxed when requested.

    Elly

  15. #15


    Slow Traveler

    Join Date
    Jan 2005
    Location
    Venezia, Italia
    Posts
    3,365
    <BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by SJ:
    Thanks, everyone;
    I think I might just find another apartment that deals in SecureServer Credit , or PayPal.
    That long previous discussion conviced me not to email or fax, or phone my details.
    </div></BLOCKQUOTE>
    You'll pay more, fund Paypal (ewe), and limit your choices.

  16. #16


    Slow Traveler

    Join Date
    Jan 2006
    Location
    The Best Coast: The West Coast
    Posts
    1,183
    Well, Jerry: if you have done it and felt okay about it, maybe I might.
    You always have such definite opinions about things!
    I really do want this particular apartment.

  17. #17
    Premium Member

    Slow Traveler

    Join Date
    Jan 2004
    Location
    Tallahassee, FL
    Posts
    5,409
    <BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">I really do want this particular apartment. </div></BLOCKQUOTE>

    Live dangerously! Do it.

    I always just send my cc details--no separate emails. I know I'm flirting with disaster but that's what I've done. I think I'll switch to separate emails now, but I wouldn't let fear be the factor for loosing an apartment.

    jan

  18. #18


    Slow Traveler

    Join Date
    Nov 2003
    Location
    Houston, TX. Soon to be Beaufort, SC
    Posts
    2,375
    Call me crazy, but I have always sent our cc information in a single email and in our nine years of traveling to Italy and France, we have never had a problem.....knock on wood!

    Sharon J
    Attached Thumbnails Attached Thumbnails dog11.gif  

  19. #19
    I like the idea of sending a cc number out of sequence, ie: wrong number.

    The hotels in Milan that I have been looking at for a one night stay on arrival have a draconian cancellation policy--either one night's cost or no refund at all if cancelled at any time, even 3 or 4 months early.

    I suppose that the only hitch would be if they billed your card immediately. In that case, you are prevented from paying in cash as, I always do, to avoid the various transaction and conversion fees.

  20. #20


    Slow Traveler

    Join Date
    Nov 2002
    Location
    Culver City, CA, USA
    Posts
    8,842
    It is far safer than handing a credit card to a restaurant,or anywhere else it is out of your sight 100% of the time. It takes one sec to clone a card.

    No worries about e-mail or web. I never use cards in places where it is out of my sight RR

  21. #21


    Slow Traveler

    Join Date
    Oct 2005
    Location
    Urbino, Le Marche, Italy
    Posts
    2,329
    <BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">I like the idea of sending a cc number out of sequence, ie: wrong number </div></BLOCKQUOTE>

    jhdflyer, I'm not sure if my point was not clear or if I'm missing something... how would the owner be able to charge your cc if they have the wrong number? If I were that owner I would not try every possible combination of the numbers you sent and thus would think that you sent the wrong number on purpose for preventing me to charge your card and I'd be VERY upset...
    Giulia
    Locanda della Valle Nuova
    ST Classifieds: Locanda della Valle Nuova apartments and [URL=http://www.slowtrav.com/cl/detail.asp?l=1887] organic

  22. #22
    Premium Member

    Slow Traveler
    Americana in Parigi's Avatar
    Join Date
    Mar 2007
    Location
    Paris, France
    Posts
    7,943
    Isn't sending a number out of sequence in effect sending the wrong credit card number?
    Call me old-fashioned and naive. I believe that if we do not agree with the policy of sending card info, the thing to do is to refuse to do so, and not to send wrong info deliberately.

  23. #23


    Slow Traveler

    Join Date
    Mar 2006
    Location
    Medio Vastese
    Posts
    3,109
    Fax is hardly safe. Hit one wrong number and who knows where it goes. A few years back a large Canadian bank had the wrong number programmed into the machine. Every fax sent to head office was going to some auto wrecking yard in the Carolinas ( I think)

    Doesn't the card have a security number on the back? Normally you send the front number in one email. The security number (CCV? I forget what it's called) in a second.

  24. #24
    Premium Member

    Slow Traveler

    Join Date
    Jun 2001
    Location
    San Diego, CA
    Posts
    8,173
    For years we have used the "split the number" routine and it has worked well. But then, one could probably for years send the whole number with out a problem so who knows if splitting can back fire or not. We still do it and feel safe. We send some of the number in one e-mail and then wait a while and send the rest of it. We don't divide by number and security code as I believe there are ways for a charge to go through without that code.

    I prefer this to fax which is a hard copy which anyone can pick up before it gets to the intended person.

  25. #25


    Slow Traveler

    Join Date
    Oct 2005
    Location
    Urbino, Le Marche, Italy
    Posts
    2,329
    In Italy if you have a POS machine you can charge a card with the number and expiry date (no security number needed).
    On the other side, rest assured that if your card is charged not accordingly to the cancellation policy or by someone who's not ment to, your bank will draw the money back and refund you.
    Giulia
    Locanda della Valle Nuova
    ST Classifieds: Locanda della Valle Nuova apartments and [URL=http://www.slowtrav.com/cl/detail.asp?l=1887] organic

  26. #26
    Hi Giulia--my point is that charging the full amount of the rental, as some Milan hotels do, regardless of the notice given, is an extremely severe business practice.

    Some hotels that I looked at say they will charge one nights fee regardless of when you cancel--say 3 months ahead--others say the full amount is due when you make the reservation, it could be 4 nights at E220 per night.

    I have never seen this practice--not in Rome, or anywhere in the US. Most hotels allow you to cancel with no penalty up to 48 or 24 hours notice and will charge you one nights rental which seems to be the generally accepted practice.

    So, I am not reserving a hotel room in Milan for October close to the train station. Rather, I am staying at the Villa Malpensa near MXP--more expensive but they have only a 48 hour cancellation notice requirement.

    Of course, if one reserves a hotel room in, say, October and they charge you immediately, this will not work. However, if they do not charge your credit card until you cancel it will.

    I had a 3 night reservation at a Rome hotel a few years ago and changed my plans and forgot to cancel until the day before. The hotel said they were going to charge me one night's fee, in accordance with their cancellation policy which they certainly had the right to do. My mistake--when I couldn't talk them out of it I should not have cancelled but just been a no-show which is the same penalty and tied up the room for 3 days.

  27. #27

    Slow Traveler

    Join Date
    Nov 2008
    Location
    Nashville, TN
    Posts
    236
    My thoughts:

    jhd, while I agree that hotel policies like those you mentioned are onerous, it would seem your approach carries significant risks to yourself... namely that the hotel could run your number at any time to check its validity. They may or may not give you a chance to correct it. What if they checked it just days before your arrival, found it invalid, and immediately cancelled your reservation? I could be wrong, but I would guess they have the right to do this in this situation. That could seriously negatively impact your vacation plans.

    Maybe I'm naive and uninformed, but it seems to me there is excessive paranoia about CC info falling into the wrong hands. Most banks assess the card owner little or no liability for fraudulent charges. No one can prevent their CC info from passing through a multitude of total strangers on its journey to the bank. Are some of you saying you never charge anything online? Personally, I couldn't function like that.

    I study my CC bill every month to verify the charges. Beyond that, I don't concern myself with this as long as I feel reasonably certain I'm dealing with a legitimate business.

  28. #28


    Slow Traveler

    Join Date
    Mar 2005
    Location
    Western Australia
    Posts
    1,332
    I always let my bank know if there are any overseas payments to be made. I also check my accounts on a daily basis via internet.

    I have never had any problems and the bank has contacted me on a couple of occasions to verify my transactions.

    Elly

  29. #29
    Moderator Premium Member
    Moderator

    Slow Traveler
    Andrew's Avatar
    Join Date
    Feb 2004
    Location
    Midwest U.S.
    Posts
    8,075
    Some card issuers, including Citi and Bank of America, can generate one-time use card numbers for the amount you authorize. Using this would be an occasion to make clear how the payee plans to use the number and what to authorize. If it's one night in case of no-show, authorize a maximum charge of a little more than that amount, allowing for what might happen to the exchange rate by the time of the stay.

  30. #30


    Slow Traveler

    Join Date
    Feb 2006
    Location
    St Paul, MN
    Posts
    5,417
    Before Paypal one would pay sellers on ebay in credit card numbers sent in to different emails at least 30 min apart.

    Italians seem to think FAXes are safer. Maybe the transmission is safer, but who knows who might be hanging around the FAX machine when it gets there or how many people see it in the bin before the destinee comes to pick it up. Where I work, I have often been hanging around the FAX machine waiting to make a transmission or waiting to see one. In doing so I have found out that my fellow employees have had restraining orders filed on them from their wives and/or girlfriends. Or involved in shadey sales deals or that their insurance company is questioning them about that "unknown" rock (not on ANY of the fishing/sailing maps) in Lake Superior that sank their boat.

  31. #31


    Slow Traveler

    Join Date
    Feb 2006
    Location
    St Paul, MN
    Posts
    5,417
    <BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Hi Giulia--my point is that charging the full amount of the rental, as some Milan hotels do, regardless of the notice given, is an extremely severe business practice. </div></BLOCKQUOTE>
    Yeah be careful about this. I rented an apt in trapani though Booking.com. I did not realize that the cancellation policy on arrival was the whole amount, not jsut one night. It is stated, but I did not think to check. We got there and a lot of things were not as we were lead to believe and on top of it the office initially told us that they had no record of our reservation. We were halfway back to Castellammare del Golfo when a different person at the office calls us obn our cell and tells us to come back, and then tells us that we will be billed the full amount anyway if wer do not return.

  32. #32

    Slow Traveler

    Join Date
    Jun 2008
    Location
    Spring City, Utah
    Posts
    318
    I did not mean to imply that one should send credit card numbers scrambled. What we do is send several e-mails, with one group of numbers that belong together. As in an AMEX card, there are 3 groups of numbers. The group of numbers stay intact but they are sent out of sequence, i.e., first group first, last group next, middle group last. It just takes a little longer to figure out and is not available to the casual observer.

  33. #33

    Slow Traveler

    Join Date
    Jan 2006
    Location
    Washington DC
    Posts
    467
    As far as I can tell, the security weakness in sending CC numbers is at the receiving end, not in the means of transmission -- you do not know how the recipient handles incoming emails or faxes. Either you trust the person on the other end or you don't.

    Has there ever been a documented case of thieves snatching cc numbers out of the ether during transmission of an email or fax? I have never seen such. (Just to be extra safe, I do divide the number between two emails.)

  34. #34


    Slow Traveler

    Join Date
    Oct 2005
    Location
    Urbino, Le Marche, Italy
    Posts
    2,329
    Gina, I understood that the number was not completely scrambled, but I guess that you also somehow inform the recipient about your technique... otherwise if I receive the sequence I would only try it as I receive it and the result would be terrible!

    As someone already pointed out, in my experience, big problems with cc usually arise when paying in restaurants or markets, not when sending your data through the internet or fax... the only friend that had her cc cloned doesn't even use the internet!
    Of course do make sure that the people you're sending your data to is a legitimate business and have a reputation to defend, but that's something you want to be sure about when booking an accommodation anyway, isn't it?
    Giulia
    Locanda della Valle Nuova
    ST Classifieds: Locanda della Valle Nuova apartments and [URL=http://www.slowtrav.com/cl/detail.asp?l=1887] organic

  35. #35

    Slow Traveler

    Join Date
    Jun 2008
    Location
    Spring City, Utah
    Posts
    318
    Giulia, We have never had a problem with our credit cards in the many years we have traveled. However, I am a bit paranoid. You are correct in assuming that we always inform the recipient of our strategy. The sequence information always goes with the security number (3 digit, sometimes 4 digits) in our first e-mail. I also spread the e-mails several days apart.

  36. #36


    Slow Traveler

    Join Date
    Oct 2005
    Location
    Urbino, Le Marche, Italy
    Posts
    2,329
    Gina, I didn't mean to question your strategy, just trying to understand! It sounds like a lot of work but if you feel it's safer then I think it's a great idea!
    Giulia
    Locanda della Valle Nuova
    ST Classifieds: Locanda della Valle Nuova apartments and [URL=http://www.slowtrav.com/cl/detail.asp?l=1887] organic

  37. #37
    Moderator Premium Member
    Moderator

    Slow Traveler
    Doru's Avatar
    Join Date
    May 2002
    Location
    Toronto
    Posts
    11,563
    Regarding the safety of fax machines: fax machines have memory. When sending a fax message, two machines have that memory where the information of the fax message is being stored for a variety of reasons.

    Here is a link to HP's website. The information on the purpose of fax memory is self-explanatory.

    Of course, I would also add the issue of fax security: who has access to the fax machine.

    Plus, fax machines usually double as photocopiers and it is a well known issue that most makes of photocopiers have hard disk storage.

    Food for thought.

  38. #38
    Premium Member

    Slow Traveler

    Join Date
    Oct 2001
    Location
    Edmonds, WA
    Posts
    12,561
    Regarding security on the sending side or while sending via email - one item to keep in mind is your sent mail folder. Several years ago, I happened to have had my Yahoo email account and eBay account hacked. I used the same password for both accounts. Yes, that is not a smart thing to do. I noticed it when I suddenly couldn't log into Yahoo email and the password had changed. Fortunately, I was able to change the password immediately using the security question. The next day I had 'bought' several expensive watches on eBay. I notified eBay right away and was able to work with eBay security to cancel the purchases and eventually delete my eBay account.

    I thought that was the end until about 2 weeks later I got a call from my credit card company. They had two unusual purchases that came to the attention of the fraud department. One was for a mobile renewal in England and the other was for a small amount of gas in Biloxi Mississippi. Both of which I did not make. We immediately canceled my credit card and got a new one. I also changed passwords.

    I assumed it was all related and I thought for a while that they must have gotten my credit card from eBay although I didn't remember saving my credit card number at eBay since I never made a purchase. Several months later, it crossed my mind that my credit card number might be in an old email that I sent to reserve a hotel the previous year. Sure enough, I checked through my sent email and there was the email with my credit card number in my sent folder. I now think that who ever hacked into my email immediately searched for items like credit card numbers and found it that way.

    So if you do send your credit card number via email, don't forget to remove it from any sent folders or replies. Just to be safe. *And* do not use the same password for all sites.

  39. #39


    Slow Traveler

    Join Date
    Feb 2006
    Location
    Laguna Beach, CA
    Posts
    2,126
    Marta, good point! I never though about someone hacking into e-mails and getting credit card info. In the future, I'll make sure I delete them pronto.

    Carole

  40. #40

  41. #41


    Slow Traveler

    Join Date
    Jan 2006
    Location
    The Best Coast: The West Coast
    Posts
    1,183
    Well, I have now booked using the split email method; and I've received confirmation for the apartment from the owner.
    Just have to watch my credit card account now!
    Keep your fingers crossed for no problems!
    Thanks for all the good advice.

  42. #42


    Slow Traveler

    Join Date
    Apr 2008
    Location
    West Coast
    Posts
    718
    <BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by dragonpat:
    Italians seem to think FAXes are safer. Maybe the transmission is safer, but who knows who might be hanging around the FAX machine when it gets there or how many people see it in the bin before the destinee comes to pick it up. Where I work, I have often been hanging around </div></BLOCKQUOTE>

    I think they're just stuck in the '80s or '90s. Lot of these family-run hotels are charming but not really current with the tech. They may have Wifi but they probably paid some consultants a one-time fee awhile back to set up a turnkey system for them.

    A couple of years ago, I remember some of the Venice apartments listed ISDN lines. Holy early '90s, Batman!

    I booked a hotel near Cinque Terre and they asked for email or fax. I just chatted with them on Skype and gave them the number that way. Skype is encrypted, email is not.

    I would have more trust in faxes since the transmissions are point to point. True you don't know how secure the fax machine in the other end is but the biggest hassle I have is using an international calling card. But I've done it.

    Then I made a reservation with Hotel Du Lac in Varenna and they had me fill out a Word doc and return it to them. My Schwab Visa has ShopSafe which lets yo generate temp. numbers with limits you set. So I sent them that but they haven't even charged or checked to authorize it yet. They confirmed my reservations.

    Last hotel was Hotel Bernina in Milan. They offered a 5 or 10% discount if you prepaid so I did it on their online site. Of course the Euro has come down relative to the dollar since but it was only for a couple of nights.

  43. #43
    <BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by SJ:
    Thanks, everyone;
    I think I might just find another apartment that deals in SecureServer Credit , or PayPal.
    That long previous discussion conviced me not to email or fax, or phone my details.
    </div></BLOCKQUOTE>
    Glad you chose this option. We phone if we can't have a locked secure site to put cc's on.
    DH has had his cc comprised twice in Europe, so watch your statements carefully after using cc's online.

  44. #44


    Slow Traveler

    Join Date
    Oct 2005
    Location
    Urbino, Le Marche, Italy
    Posts
    2,329
    I had my Paypal account hacked twice (didn't loose any money but who knows what they did with my identity), and now they do not accept my telephone invoice as a proof that my identity is fine, so I no longer have a Paypal account... and I'm not even so worried since I don't trust it much any longer.
    If you split your cc data into various e-mails (with or without extra security mix and match strategies), telephone your number (I often offer my guests that I call them so that they don't even pay for the phone call), give your number through skype (voice!) or fax your details if you can make sure that the fax machine is not in an unsafe place, there is no need of using Paypal (that is EXTREMELY expensive for the owner... this is why it's not used and also I really prefer not to receive any money before my guests arrive and ONLY deal with the occasional cancellation if needed...).

    BTW wco811... the point with Italian family-run hotels is not that we're stuck in the '80 but that in Italy (and elsewhere) Paypal or a Secure Server cost AN AWFUL LOT OF MONEY that small businesses can't afford, BTW, LOTS of small businesses in the US ask exactly for the same kind of data through the same methods!
    Giulia
    Locanda della Valle Nuova
    ST Classifieds: Locanda della Valle Nuova apartments and [URL=http://www.slowtrav.com/cl/detail.asp?l=1887] organic

  45. #45


    Slow Traveler

    Join Date
    Feb 2006
    Location
    St Paul, MN
    Posts
    5,417
    <BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">there is no need of using Paypal (that is EXTREMELY expensive for the owner... </div></BLOCKQUOTE>
    Make the renter pay the extra cost of using Paypal. For Items on ebay from the UK all the time I used to see: buyer agrees to pay the extra cost of using Paypal. X pounds for International money order, x+y pounds for using paypal.

    In the US I have never been asked to pay my lodging bill with cash. In fact when searching on VRBO or other sites for a place to stay in the US, I jsut automatically eliminate any place that doesn't take my credit card.

  46. #46


    Slow Traveler

    Join Date
    May 2009
    Location
    Sierra Nevada foothils, California
    Posts
    898
    First my credentials:
    Many years managing credit card applications for various banks, including Bank of America and Visa International
    Several years in Internet security consulting

    Sending the card number in parts does not protect it. The number is check digited, meaning one of the numbers is a calculated value based on the other digits. If someone has broken into the transmissions a simple program available on the net can figure out what the sequence must be to arrive at the correct digit (I'm not going to say which digit or what web sites). The availability of this info is one reason (of at least two) that there is now a "security code" on the back of the card (more technically called a CVV and you can figure out on your own what that stands for). This is also a calculated value intended to help verify the validity of the account number.

    In regard to the safety of fax versus online transmissions---fax is actually a bit more secure since the data is not a digital representation of the numbers but instead is a "picture" of the page. This is only marginally more secure than e mail though, as it would not take much to reassemble an intercepted transmission.

    E mail (unless encrypted with something like PGP) is not secure at all. In fact, you should view anything you do online, and especially e mail, as public information. I don't want to bury this discussion with techno-trivia about things like SSL for online purchases, so I am mainly addressing e mail.

    BUT...in reality there is little likelihood of either a fax or e mail being intercepted by "bad guys." By far the bigger risk is loss of information at merchant databases (and banks)...or the recipient carelessly leaving the fax or printed e mail someplace where it can be picked up by someone else...or the recipient being a crook and using your information negatively. This latter risk, however, is just as great when you shop at a physical location, and in fact is greatest in some sense when you provide your card at a restaurant, virtually the only place the card is processed out of your sight at some places.

    Bottom line: the system works on trust, and 99.93% of the time there is no problem (this figure is likely outdated by now as I've been out of the business for awhile)

    So do whichever makes you comfortable (e mail or fax). IMO Paypal historically has not had a very good security record relative to other commercial processors. I try not to use them at all, and remove my card information after every transaaction (assu

  47. #47


    Slow Traveler

    Join Date
    Sep 2001
    Location
    Sunset Beach (Haleiwa), Hawaii
    Posts
    2,330
    Thanks for this info, Tessmar, it's very helpful. It also confirms what I've always read, that your c/c number is most likely to be stolen when the card is out of your sight, as at a restaurant. I suppose we'll never adopt the European PIN system, though, because of the cost???
    Aloha, Ann



  48. #48


    Slow Traveler

    Join Date
    May 2009
    Location
    Sierra Nevada foothils, California
    Posts
    898
    Actually you can get a PIN number with a credit card (or at least you could when I was in the business)...but it wouldn't do much good in the examples we have been talking about (fax and e mail). And the last thing you'd want to do is provide it to a third party.

    Also, the move to WIFI and internet connected merchant systems has unfortunately reduced the security of PIN numbers. You may recall a theft of hundreds of thousands of card numbers and PINs from TJMaxx, Marshall's, and Barnes and Nobles. This was done by bad guys in the parking lot with a simple radio scanner, because the card and PIN numbers captured at the register were being sent by WIFI unencrypted to the store's backend computer!In the early (pre-world wide web) days of my career PIN numbers were encrypted by hardware, not software, at the terminal, and account numbers were never transmitted unencrypted.

    BTW, the biggest mess was with debit cards, not credit. These do not carry as strong legal protection, and think of the hassle in getting back the money (and straightening out bounced checks and debits) to all those checking accounts. I personally never use a debit card attached to my main checking account, and unless something changes, never will

  49. #49


    Slow Traveler

    Join Date
    Sep 2001
    Location
    Sunset Beach (Haleiwa), Hawaii
    Posts
    2,330
    Tessmar, I thought the PIN that goes with the credit card enables you to obtain cash, not to charge (unlike a debit card). I'm not aware of a bank in the U.S. that offers a card that uses a PIN to charge (by means of a chip, I guess, rather than the magnetic stripe used by U.S. banks).
    Aloha, Ann



  50. #50


    Slow Traveler

    Join Date
    May 2009
    Location
    Sierra Nevada foothils, California
    Posts
    898
    Ann asked me a question that relates to cards in general, and perhaps there is some value in sharing it more widely, though it is only peripheral to this specific thread.

    "Marty, I just read your response on ST. I think the PINS for our credit cards are to get a cash advance, not to charge, as in Europe when they bring that little machine to your table and you punch in your pin. Am I missing something?"

    Disclaimer:
    I've been out of the business for a few years and things might have changed somewhat, but this information should at least trigger some questions you might want to ask before grabbing "any old card."

    The diversity of card products has muddied things a great deal. As of my consulting stints with Visa, here's how I understood things worked in the US:
    There were no "Check Cards" (more in a minute)
    In the beginning:
    There were "Visa Debit" cards (such as Elektron)
    The latter required a PIN number and went against your checking account. There were only a limited number of merchants than accepted them.
    There were Visa Credit Cards
    You could request a PIN number for a credit card. This allowed you to use it in places requiring a PIN (such as Europe I would guess, but I'm not an expert on that)...or for cash advances at ATMs. The key is that it does NOT go against your checking account, but instead against your credit account (which in reality is simply an unsecured credit line).

    Enter the check card. This is simply an ATM card (possibily but not necessarily also a debit card)with a Visa "bug" (logo) on it. The key is that it can be used at any merchant accepting Visa credit cards, not just those that took the old Visa debit product. In the network it was recognized as a debit transaction and was re-routed to your checking account. Obviously an ATM card does have a PIN associated with it...but it is not required at a VISA credit terminal. Just to muddy things more, most ATM cards could also be used as true debit cards, connected through a separate processor such as PLUS (now owned by Visa). If used with a PIN at a debit merchant this (usually) will result in a transaction fee, and the transaction (again) is routed to your checking account.

    Confused? So is much of the world. The key thing is to be sure you know which card you are using for what. If it is a credit card don't use it to get cash from an ATM as this is a cash advance and you will pay interest on the entire balance of your account from that date with no grace period. If it is a Visa Check Card (I think they now call it Visa Debit in their commercials..and I think they have done away with the old "true" debit cards, but this may indeed be a different product) don't use it with a PIN at any merchant that takes credit cards or you will likely pay a transaction fee.

    With the new attempts to rein in the credit card cowboys (one of the worst historically is CITI, BTW, although Providian started the stampede) there is more of a push on debit cards. But if you are a "convenience user" like I am, and pay the balance every month, there is NO reason to use a check card other than to get cash from an ATM. And when traveling I transfer money from my "real" checking account to a second account with its own check card attached to it to protect the "real" account from pilfering.

    We'll see where fees go in the future on people with excellent credit who are convenience users. For example, I was willing to pay a yearly fee on my new "British Air" card (actually these are called "affinity cards" and are just variants on the normal credit product with some side benefits by the "affinity" provider) because the travel perks to me are worth much more than the fee.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •