Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
weak links in online shopping security
Old 05-23-2006, 08:45 PM   #1
Thinks s/he gets paid by the post
wabmester's Avatar
 
Join Date: Dec 2003
Posts: 4,459
weak links in online shopping security

Given the "secure data" incident du jour, I figured you might want to know how secure online shopping really is.* *I've been out of the loop for years, so please feel free to correct me if my picture is stale.

Here's where your credit card and personally identifying information goes when you buy something online:

1) The connection between your computer and the shopping site.

As long as your browser initiates a secure connection to the host (and you see that little lock icon in your browser), this is pretty secure.* *I wouldn't worry about a breach at this level.

2) The shopping site's internal network.

Once you submit your credit card info to the host, it travels from their public front-end to their private back-end.* * This is a potential vulnerability, but most big name sites will do this right.* * Smaller sites probably won't get it right and may store your sensitive data on a machine accessible from the internet.* * Many security breaches happen on these smaller sites all the time.

3) The shopping site's transaction database(s).

Assuming your data makes it securely to a firewalled back-end, it's stored in their database.* * *There are *many* internal security holes at this level, even for the big name sites.* * For example, they may store the data unencrypted.* *Or they may give access to low-level customer service employees with no security audits or criminal background checks.* *Or they mirror the transaction database for data mining by other low-level employees or a QA crew.

4) The connection between the shopping site and their payment gateway.

Your credit card info is passed to a payment gateway which handles a variety of payment types.* * This connection is usually secure, but you might be surprised to learn that it's often less secure than the connection from your PC to the online store.

5) The payment gateway's databases.

You'd think that payment gateways would be super-sensitive about security.* * You'd be wrong.* *Although things have improved in recent years due to several reported breaches.

6) The connection between the gateway and the card processor.

The gateway talks to various card processors depending on which card you're using.* *This connection is generally secure.

7) The card processor's databases.

Now we're deep down in the bowels of the payment processing system.* *You'd think things were REALLY secure in here.* * You'd be wrong again.* *Google "CardSystems" for example.

8 ) The connection between the card processor and VISA/MC, etc.

The card processors talk directly to VISA et al.* *These guys understand security, but I wouldn't be surprised to hear about a breach at this level.

9)* Credit card reporting agencies.

Your issuing bank reports your credit card transactions to Equifax, Experian, TransUnion, etc.* * *You'd think that this process was *very* secure, but again, you'd be wrong.* * I think it was Citibank who recently "lost" a bunch of *unencrypted* tapes enroute to one of these guys.

10) Your online credit report.

Probably pretty secure, but we're talking about very sensitive information available over a public network.* *Assume it will be breached someday.

Bottom line: there are *many* weak links in the chain.* *If you shop online, check your credit card records often, or use one of those one-time card number generators that many of the issuing banks support these days.* *(I usually use the version available from DiscoverCard.)
__________________

__________________
wabmester is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Re: weak links in online shopping security
Old 05-23-2006, 09:46 PM   #2
Moderator Emeritus
Nords's Avatar
 
Join Date: Dec 2002
Location: Oahu
Posts: 26,616
Re: weak links in online shopping security

Scott Adams had a Dilbert cartoon about secure online shopping. Dilbert and his friend/date were discussing the topic at a restaurant and Dilbert was paying for the meal with a credit card.

Around the panel where he was making the point how secure online shopping really was, their waitress came back with his credit card... and was also wearing a new mink coat.
__________________

__________________
*
*

The book written on E-R.org, "The Military Guide to Financial Independence and Retirement", on sale now! For more info see "About Me" in my profile.
I don't spend much time here anymore, so please send me a PM. Thanks.
Nords is offline   Reply With Quote
Re: weak links in online shopping security
Old 05-24-2006, 06:07 AM   #3
Thinks s/he gets paid by the post
Outtahere's Avatar
 
Join Date: Sep 2005
Posts: 1,677
Re: weak links in online shopping security

My company does online sales, the credit card companies and processors take security very seriously.
__________________

Dogs aren't our whole lives, but they make our lives whole. - Roger Caras
Outtahere is offline   Reply With Quote
Re: weak links in online shopping security
Old 05-24-2006, 09:10 AM   #4
Recycles dryer sheets
wompo's Avatar
 
Join Date: Jul 2005
Location: Sierra Vista
Posts: 53
Re: weak links in online shopping security

I have been shopping online for 11 years now. (First purchase online was in 1995) I have never had a problem with online purchases in that time. My wife and I have had our numbers stolen while at restaraunts durning that time. We check our credit cards daily for activity and also have an alert on our credit so if someone checks we are notified.

If you have a credit card you should keep a very close watch on it no matter where or how often you use it.
__________________
FIRE may actually be attainable
wompo is offline   Reply With Quote
Re: weak links in online shopping security
Old 05-24-2006, 09:56 AM   #5
Thinks s/he gets paid by the post
Leonidas's Avatar
 
Join Date: May 2006
Location: Where the stars at night are big and bright
Posts: 2,847
Re: weak links in online shopping security

Quote:
Originally Posted by wompo
If you have a credit card you should keep a very close watch on it no matter where or how often you use it.
That's good advice and I watch mine closely. But I think that identity theft is like termites are around here, it's not "am I going to get hit" but "when I get hit". A couple of years ago I went to in service training on investigating ID theft and the head of the unit asked for a show hands from the audience (all cops) for who had already been victimized. About 30% raised their hands, including the instructor and he commented "it's just a matter of time before they get the rest of you."
__________________
There is no pleasure in having nothing to do; the fun is having lots to do and not doing it. - Andrew Jackson
Leonidas is offline   Reply With Quote
Re: weak links in online shopping security
Old 05-24-2006, 11:27 AM   #6
Moderator Emeritus
Nords's Avatar
 
Join Date: Dec 2002
Location: Oahu
Posts: 26,616
Re: weak links in online shopping security

Well, Leonidas, you've been here a couple weeks and, as the man said to Dirty Harry, "I gots to know".

I can see why someone in law enforcement would choose a centurion as an avatar. But of all the centurions who went on to lead happy & productive lives, what made you settle on Leonidas? Especially considering where you're at in life now?!?
__________________
*
*

The book written on E-R.org, "The Military Guide to Financial Independence and Retirement", on sale now! For more info see "About Me" in my profile.
I don't spend much time here anymore, so please send me a PM. Thanks.
Nords is offline   Reply With Quote
Re: weak links in online shopping security
Old 05-24-2006, 11:44 AM   #7
Thinks s/he gets paid by the post
wabmester's Avatar
 
Join Date: Dec 2003
Posts: 4,459
Re: weak links in online shopping security

Quote:
Originally Posted by Leonidas
it's just a matter of time before they get the rest of you
True. And probably the biggest risk is from somebody stealing mail from your mailbox. Get a PO box.
__________________
wabmester is offline   Reply With Quote
Re: weak links in online shopping security
Old 05-24-2006, 05:34 PM   #8
Thinks s/he gets paid by the post
BigMoneyJim's Avatar
 
Join Date: Feb 2003
Location: DFW
Posts: 2,627
Re: weak links in online shopping security

As Nords alluded to with the Dilbert strip, real-life CC transactions have over half those troubles, too.

It's ridiculous, but I do the best I can and deal with large merchants, make sure the lock icon is there and do other things to protect my PC.

For many users, their own PC may be the weakest link in the chain. If it's infected with spyware then it doesn't matter how secure the rest of the chain is; it's like somebodys looking over your shoulder with a videocamera to be double-sure.
__________________
BigMoneyJim is offline   Reply With Quote
Re: weak links in online shopping security
Old 05-25-2006, 12:46 AM   #9
Thinks s/he gets paid by the post
Leonidas's Avatar
 
Join Date: May 2006
Location: Where the stars at night are big and bright
Posts: 2,847
Re: weak links in online shopping security

Quote:
Originally Posted by Nords
Well, Leonidas, you've been here a couple weeks and, as the man said to Dirty Harry, "I gots to know".

I can see why someone in law enforcement would choose a centurion as an avatar. But of all the centurions who went on to lead happy & productive lives, what made you settle on Leonidas? Especially considering where you're at in life now?!?
Fair question, and one that runs with the general tone of conversation around here.

Actually, Leonidas was a king of Sparta who took a few hundred men to the pass at Thermopylae and faced off against Xerxes and the Persian army. The odds were something like 100,000 to 1 but Xerxes decided to give the Spartans a chance and ordered them to give up their weapons. Leonidas replied “Molon Labe” (Come and get them) and then proceeded to hold the Persians off for days. Everything the Persians threw at them was repulsed and the battle was fought on a mountain of Xerxes’ dead soldiers. In the end it was only because a traitor showed the Persians how to outflank the Spartans that they were able to surround them.

Leonidas and the Spartans continued to fight until their spears broke and they then used their swords until those broke and they resorted to sticks, rocks, fists and teeth. Leonidas was killed, but his troops fought by his body until the bitter end.

The Spartans held the Persians long enough for the rest of the Greeks to get their act together, defeat Xerxes’ fleet and eventually send him packing. It saved the nation that became the cradle of democracy.

What's not to admire is what I say.

Why I’m feeling so much affinity for brother Leonidas at this stage of my life is a little more complicated.

After I semi-retired I figured I had grabbed the brass ring financially and knew that I had everything I could want in family life. But I wanted a little more so I explored briefly with what I’ll call “government sponsored adventures” far from home. The risks weren’t that different from anything I had years of experience at, it just tended to be a little more compact spatially and chronologically. Yet, there was one moment when I thought we were in a real tight spot and all I could think of was “why am I here doing this?” That and the realization that since I wasn’t a government employee the G wasn’t going to ship my carcass home and I wondered if my wife would spring for FedEx “Next Day Delivery” or would the body come home on a slow freighter.

After my commitment was complete I turned down offers to stay and I shook the dust of that place off my heels. On the way home I reflected on my experience and at first I just chalked it up to that fact that the joys of being an adrenaline junkie had faded with age. And there is a grain of truth in that because the whole near death experience thing loses its glamour very quickly, and if you do it long enough it really starts to suck after a while. But I kept coming back to the same thought, what a stupid way that would have been to die. A violent death a year earlier would have been a sad consequence resulting from what I did for a living, but what had changed was that I didn’t do that job anymore. I didn’t need the money, my presence provided a little moral support and sense of security for a few people but not that much, and the adrenaline monkey could have been fed closer to home so I could sleep in my own bed each night. Being there for the reasons I thought I went for was just dumb.

I kept imaging my family and friends at the funeral all saying the same thing: “What a moron.”

After I was home I began to worry about my mistake and wondered if my pre-retirement way of thinking had created similar disconnection with reality in my retirement planning. I tore the plan apart looking for flaws by running numbers and wargaming a hundred different scenarios. There were a few things that I made some improvements on, but I couldn’t find anything really wrong. And that bothered me because by then I had convinced myself that I had to have screwed up somewhere. The fact that I couldn’t find the flaw was just proof that I was too stupid to start with.

Again, I had visions of everyone calling me a moron when I wound up flipping burgers at Mickey D’s in order to pay rent and buy cheap wine. Equally disturbing was the prospect of being the too cautious old guy sitting on more money than I can spend and living a life of regret for opportunities not taken.

It got kind of crazy after a while and I decided I needed to take a break because I couldn’t see the forest because of all the darn trees in the way. I grabbed a cigar, made a cocktail and snatched the first fiction book I found that looked interesting. It was a fictionalized accounting of Leonidas and the battle at Thermopylae.

The astounding thing about Leonidas’ plan was that while it was brilliant it required total commitment. He could only hope that his move would buy the Greeks enough time to get their act together. But, regardless of that outcome his head was going to wind up on a spike outside Xerxes’ tent. When he left home he told his wife to go find a good husband because he was not coming back.

Talk about an amazing degree of confidence.

And that is what my problem was. A minor glitch caused me to doubt the plan and myself and it sort of got out of control for a while. No doubt I would have figured it out soon enough for myself, but the handle is in honor of Leonidas and the luck that caused me to pick that book rather than the Harry Potter novel I was eyeing.
__________________
There is no pleasure in having nothing to do; the fun is having lots to do and not doing it. - Andrew Jackson
Leonidas is offline   Reply With Quote
Re: weak links in online shopping security
Old 05-25-2006, 01:24 AM   #10
Moderator Emeritus
Nords's Avatar
 
Join Date: Dec 2002
Location: Oahu
Posts: 26,616
Re: weak links in online shopping security

Excellent, thanks. Among Leonidas, Harry Potter, and Ted Geisel you have all the literary classics covered...
__________________

__________________
*
*

The book written on E-R.org, "The Military Guide to Financial Independence and Retirement", on sale now! For more info see "About Me" in my profile.
I don't spend much time here anymore, so please send me a PM. Thanks.
Nords is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Breach for Online TurboTax samclem Other topics 0 04-12-2007 07:18 PM
Former Military Social Security credits - interesting Fireup2020 FIRE and Money 1 04-10-2007 10:24 PM
Maximizing Social Security Benefits eyenitnoy FIRE and Money 20 06-18-2006 09:29 PM
security and online brokerage accounts Martha FIRE and Money 13 11-17-2005 05:24 AM

 

 
All times are GMT -6. The time now is 06:52 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.