Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Online Trust Failing Overall

Zonk posted more than 9 years ago | from the bungling-lowers-confidence dept.

Privacy 197

twitter writes "The BBC and ZDNet are reporting on an RSA poll of 1,000 users about failing confidence in ecommerce. 43% of respondents were reluctant to give details to online sites and 70% said that firms were not doing enough to keep their data secure. The BBC goes on to quote experts who back up the perception, ZDNet claims that action is being taken and is well."

cancel ×

197 comments

Sorry! There are no comments related to the filter you selected.

Online trust? (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11780784)

You mean like editors named Zonk that delete stories with comments [slashdot.org] to cover their mistakes?

Re:Online trust? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11780821)

I see we've all agreed on a new editor to hate after michael

Re:Online trust? (0)

Anonymous Coward | more than 9 years ago | (#11780882)

Yeah, timothy is going to be so pissed. That spot was all his until Zonk came along and stole it.

asdfadsf (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11780790)

asdfasdfadsf

Is well what? (3, Funny)

WVDominick (860381) | more than 9 years ago | (#11780795)

ZDNET is well?

Re:Is well what? (2, Funny)

SmokeHalo (783772) | more than 9 years ago | (#11780886)

They just wanted to let you know, in case you were worried.

I dont mind (3, Funny)

Anonymous Coward | more than 9 years ago | (#11780798)

I was born in 1984, a body builder making over 250k a year. Female and my occupation is the fist item in the drop down list. Whats the problem you guys have?

Re:I dont mind (0)

Anonymous Coward | more than 9 years ago | (#11780818)

The "fist" item? I think that we've got the problem right there.

Re:I dont mind (0)

Anonymous Coward | more than 9 years ago | (#11780828)

Stoopid. you were supposed to wait until it got modded funny to catch that.

Re:I dont mind (2, Funny)

Anonymous Coward | more than 9 years ago | (#11780871)

I should wait for the crackheads to find it first? It'd probably get a couple of Insightfuls and a Flamebait, then some chickenshit would chip in an Overrated, and it would be right back to where it started. Depend on the moderators? Have you gotten into their crack supply?

Re:I dont mind (3, Funny)

bradkittenbrink (608877) | more than 9 years ago | (#11780822)

Female and my occupation is the fist...

I stopped reading right there, start over please?

Re:I dont mind (2, Funny)

nacturation (646836) | more than 9 years ago | (#11780937)

Female and my occupation is the fist item in the drop down list.

So... you're "Flat"? Perhaps "-1: 40 comments"? Or would you rather be "Oldest Fist"?

Re:I dont mind (1)

Tackhead (54550) | more than 9 years ago | (#11781113)

> > Female and my occupation is the fist item in the drop down list.
>
>So... you're "Flat"? Perhaps "-1: 40 comments"? Or would you rather be "Oldest Fist"?

I was going to pay homage to Hunter S. Thompson by writing an article on the fist post phenomenon. I started with a Google Image Search for "gonzo fist".

Heh. Not quite what I was expecting. But it'll do.

NFP (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11780800)

The penis is mightier than the sword

Sheesh... (5, Insightful)

14erCleaner (745600) | more than 9 years ago | (#11780801)

Most people who distrust internet commerce will gladly hand their credit card over to minimum-wage waiters, who disappear into the back room of the restaurant with it for ten minutes. It's all a matter of image and perception.

Re:Sheesh... (3, Insightful)

Tony Hoyle (11698) | more than 9 years ago | (#11780824)

In any good restaraunt this does not happen. You are invited to follow the waiter to the till whereupon he swipes the card and invites you to sign for it.

I'm not sure I'd want to eat at a place where the waiters were allowed to disappear with credit cards for several minutes - they should be in view at all times.

Re:Sheesh... (0)

Anonymous Coward | more than 9 years ago | (#11780873)

I don't know where you live, but I've NEVER ate at a restaurant where I was invited to follow the waiter / waitress.

Re:Sheesh... (2, Informative)

donnyspi (701349) | more than 9 years ago | (#11780885)

In most restaurants, even nice 4 and 5 star ones, they disappear with your CC. I have never seen people get up after putting their CC in the black leather folder thingy and follow the waiter to the register. I'm sure you are legally allowed to, but never really invited to.

Re:Sheesh... (1)

DrinkingIllini (842502) | more than 9 years ago | (#11780895)

Where are you going to eat then? I don't think I've ever been to a restaurant where you follow the server. Oh and what about gas stations? The one I worked for printed the full account number right on the receipt, so I could have taken about 50 or 60 account numbers a day if I really wanted to, not to sure what I'd do with them though.

Re:Sheesh... (0)

Anonymous Coward | more than 9 years ago | (#11781054)

you can follow them sure, but that doesnt mean they wont swipe it on that premise.

they have automatic readers, battery operated that will storethe info pretty much instantly. how do you know they dont have one of those under their appron./

Re:Sheesh... (0)

Anonymous Coward | more than 9 years ago | (#11781071)

In a really good restaurant, you're invited to the back room for an after-dinner blowjob.

So... (0)

Anonymous Coward | more than 9 years ago | (#11781088)

Denny's is your idea of a good restaurant? Could you give an example of a bad restaurant? Um, wait, I don't really want to know. Never mind.

Re:Sheesh... (1)

nacturation (646836) | more than 9 years ago | (#11781100)

In any good restaraunt this does not happen. You are invited to follow the waiter to the till whereupon he swipes the card and invites you to sign for it.

I've never seen this, and I've eaten at some very expensive places. What restaurants have you been to that do this?

At any rate, I can see this being a benefit to the customer. Not only can they verify that the waiter isn't going to copy down the number or scan the front and back of your credit card (even though it's still possible to write down the info from the store's copy of the receipt) but it also has the side benefit that if you're near your limit and the charge gets declined, you can use another card or payment method without the waiter having to come back and embarass you with "Uh, sir... your card wasn't accepted". You can run down the road, hock your boss's laptop at the pawn shop, and then pay the bill in cash without any embarassment at all.

Re:Sheesh... (0)

Anonymous Coward | more than 9 years ago | (#11781135)

I agree. The waitresses should be in view at all times. In fact, they should be naked, so that we can be sure that they're not hiding a card-swiping machine under their clothes. Women are so sneaky!

Re:Sheesh... (1)

qray (805206) | more than 9 years ago | (#11781139)

And even if you walk back there, how do you know the thing that's reading your card is on the up and up? Is it really calling a real clearing house? You've been living under a false sense of security if you believe watching everything makes it more secure. Do you believe magicians really saw people in half?

--
troctu nustric motrim grocknor

Re:Sheesh... (5, Insightful)

BitwiseX (300405) | more than 9 years ago | (#11780864)

You beat me to this one. I would GLADLY use my CC over the internet before I would give it to a waiter, cashier, etc. There is little or no difference. Do you have any idea of knowing what happens to those CC slips your local Mom & Pop restaurant process daily? About as much as you have of knowing what happens to your CC# once you buy something at amazon.com. Why all the paranoia? 6 of 1, half a dozen of the other. Put your faith in your CC company and their fraud prevention.

Why should we trust them with our CC? (2, Interesting)

Acer500 (846698) | more than 9 years ago | (#11781017)

Put your faith in your CC company and their fraud prevention

I think we shouldn't, or at least, I don't want to.

There should be a method of paying that was time-sensitive, say a two-level authentication method that consisted of a PIN and a randomly generated number that changed with time that could only be authenticated by you and your CC company... just like we do with some sensitive computer passwords (and I'd say that Credit Cards ARE a sensitive password for the users). It could one-transaction only.

That would cut the timeframe and opportunity for frauds.

Now that I think of it, I might be able to market this to someone...

Re:Why should we trust them with our CC? (1)

Stonehand (71085) | more than 9 years ago | (#11781091)

Sounds like that would serve the same purpose as Citibank's "virtual credit card number" service; for an online transaction, it'll generate a one-time-only CC number with a user-specified transaction limit so that the Other Side (or whoever's listening) can't use it again or for more money than you're inclined to authorize.

Re:Why should we trust them with our CC? (1)

Acer500 (846698) | more than 9 years ago | (#11781148)

I thought it was already invented.

BTW, BBC's article seems to suggest this:

RSA has a deal with internet provider AOL that lets people pay monthly for a one-time passcode generation service.

Users get a physical token which automatically generates a code which stays active for 60 seconds.

Many companies use a token-based method already for employees to access networks securely already.

Activcard's method is more complex. It is currently trailing its one-time passcode generation technology with UK banks.

Re:Sheesh... (4, Insightful)

nacturation (646836) | more than 9 years ago | (#11781037)

You beat me to this one. I would GLADLY use my CC over the internet before I would give it to a waiter, cashier, etc.

Same here. I think for most people, though, it's really just a fear of the unknown. Their credit card gets whisked off to some magical technological storage and they can't see what's happening. Even though they don't understand what really happens, their concerns are somewhat justified. There's a different scale of fraud possible when your credit card number gets stored in an online database vs. a waiter writing down the number.

In the case of a waiter, barring organized crime rings, your card might get used to order a couple of items and that's about it. With an online database, if that site gets hacked your number is now likely circulating amongst various hacker groups and could easily be used to rack up a lot of charges.

However, in either case your remedy is the same. Contact your credit card issuer, dispute the charges, then they go after the merchants who have to prove that a transaction was made by the owner. If they haven't swiped your card through their terminal and obtained your signature, then the merchant loses that money. Unfortunately, it's always the merchants who take the largest risk in accepting credit card payments.

Re:Sheesh... (1)

D-Cypell (446534) | more than 9 years ago | (#11781138)

Unfortunately, it's always the merchants who take the largest risk in accepting credit card payments.

Not so anymore. At least not in the UK. There are schemes in place that will move the vast majority of fraud liability on to the card issuers. It will mean a few more hoops for e-commerce transactions (specifically the entering of a password by the card holder) but I can tell you that there is a LOT of interest in this scheme.

Re:Sheesh... (4, Insightful)

ArmchairGenius (859830) | more than 9 years ago | (#11780891)

Very good point. The credit card companies are responsible for fraud, so while I obviously am careful about who I give my CC info to, I am not all that worried about it being on some company's database out there in cyberspace.

Everyone should look at their monthly bills and notify the CC company of any erroneous/fraudulent charges. Then the CC company can take that up with the vendor that made the charge. It's the beauty of using a credit card.

Re:Sheesh... (1)

nsasch (827844) | more than 9 years ago | (#11781058)

I keep track of all CC receipts seperately from all other receipts. Then, when the bill comes in, I carefully require each receipt to match up perfectly with the itemized bill.

Re:Sheesh... (1)

blowdart (31458) | more than 9 years ago | (#11780903)

Actually in the UK now they have wireless machines into which you slot your card, the chip in the card authorises itself and the machine, then you type in a pin after confirming the amount.

Re:Sheesh... (1)

Ford Prefect (8777) | more than 9 years ago | (#11781035)

Actually in the UK now they have wireless machines into which you slot your card, the chip in the card authorises itself and the machine, then you type in a pin after confirming the amount.

It's still possible to get by with just a signature, as before - I only know this because I can never remember my PIN.

Still works in continental Europe as well, fortunately, where they've had the PIN system for a while. :-)

Re:Sheesh... (2, Informative)

gambit3 (463693) | more than 9 years ago | (#11780906)

I agree. I also think of all those times people give their SSN to work-study college students because that's what the university uses as ID. I know some of that is changing, but in some places it is still widely in use.

Like the parent poster said.. it's all a matter of perception.

Re:Sheesh... (0)

Anonymous Coward | more than 9 years ago | (#11780988)

What exactly can someone do with your ssn? Applications and forms are the only place I've ever used mine. I guess some places use it as a secondary form of id (like web sites asking for your last 4 digits). What else could someone do with it?

Re:Sheesh... (1, Insightful)

Anonymous Coward | more than 9 years ago | (#11780911)

An excellent point, however there's a fine disctinction to be made here. If a local waiter lifts your card number, said person is probably going to be a lot easier to track down and deal with than if some script on a webserver harvests your number and emails it to who-knows-where.

Don't get me wrong, I use my card on the net with condifence all the time - but the fact still remains, that there is a difference.

Re:Sheesh... (1)

Scoria (264473) | more than 9 years ago | (#11780914)

You're right. On a related note, the better Web interfaces can also ensure trust. This trust, I believe, is often false; unfortunately, as a general rule, card numbers that are being "remembered" by the transaction server are being "remembered" insecurely. Although Verisign would have you believe otherwise, the transaction information must be decrypted at some point. In this case, the chain really is only as strong as its weakest link.

Catalogs (1)

cybercobra (856248) | more than 9 years ago | (#11781039)

Also, people order things from catalogs all the time. And they require you to give your credit card # over the phone to some operator. What's stopping them from scribbling down a couple #s for their own use. Like you said, It's all about how one looks at it. Honestly, SSL/HTTPS is at least as secure as a phone line and a site is about as trustworthy as a sales assistant. As long as you order from a reputable company, one should have no problems.
However, with phishing becoming more prevalent, we might have a problem. Honestly people, check the freaking URLs and apply the security-related updates!

Re:Sheesh... (1)

jacquesm (154384) | more than 9 years ago | (#11781118)

yep, you're on the money.


The rules and regulations an IPSP has to put up with border on the draconian, whereas a department store has as much or more vulnerable information lying around and don't even have minimum oversight.


It's interesting to see VISA and Mastercard do everything they can to push responsibility away from themselves whereas they are the *only* party that has the information to stop online fraud in its tracks.

A lot of the problem is bad design (4, Interesting)

hsmith (818216) | more than 9 years ago | (#11780825)

or not taking the security concerns seriously. If you are saving peoples Social Security Numbers and CC Numbers then you should be encrypting that data. Venture to guess how many places actually encrypt that in a database?

But then again i would say most larger places do take these steps. More often than not I won't buy from somewhere I am unsure of or if they are not in the http://www.bbb.org/ [bbb.org] . Plus, how many people know how to always use SSL when sending sensitive stuff? I would venture my grandparents and mother have no idea.

On a side not to the last statement, i would like to say, office depot does NOT use SSL for their secure communications when you order something from in store.

Re:A lot of the problem is bad design (1)

rdavidson3 (844790) | more than 9 years ago | (#11780938)

hmmm. iDownload (one of my personal favorite spyware companies) is listed on the www.bbb.org

I wouldn't give them a Credit Card # / Personel information / Time of day if my life counted on it.

Re:A lot of the problem is bad design (0)

Anonymous Coward | more than 9 years ago | (#11781016)

what is wrong with iDownload. Didn't you read the legal notice they are not spyware.

Re:A lot of the problem is bad design (2)

14erCleaner (745600) | more than 9 years ago | (#11780958)

About SSL: when was the last time you heard of somebody's credit-card info being abused by a bad guy who intercepted it in transmission?

The real problems tend to be mass loss of data from insecure servers, and I'll bet most of them are inside jobs. The Internet isn't really much different than the real world, just more spread out and anonymous.

I'm personally more worried about somebody tapping into my saving and investment accounts than my credit-card transactions anyway. I try not to have any of those (investment accounts) enabled for online access, since the losses could be pretty big if somebody gets at them. I'm probably whistling in the dark here... :)

Indeed (2, Insightful)

ArbitraryConstant (763964) | more than 9 years ago | (#11780982)

When knowing a number is sufficient to use it (credit cards, SSN), security is impossible.

It is a fact of life that your important numbers hang around indeffinitely in various databases. Unless more than a number is required to use them, it will become impossible to maintain your identity.

Re:A lot of the problem is bad design (3, Informative)

EnronHaliburton2004 (815366) | more than 9 years ago | (#11781046)

or not taking the security concerns seriously.

In my experience during the last few dark years of the dotcom bust, too many of the people responsible for security were canned. I had to quit my last job after 6 months because my suggestions on security -- Simple things such as "Don't use Telnet. Use SSH." and "You really shouldn't 'chmod -R 777' everything", were seen as a barrier to progress.

I speak to too many technical managers who don't understand why opening non-anonymous FTP is a bad thing, when everything else is done over SSH or a secure VPN connection. When I discuss SFTP, they scratch their head and drool a little bit, and it's clear they don't understand the threat of cleartext passwords ...

Scary...

just a different front-end (1)

a11 (716827) | more than 9 years ago | (#11780834)

The problem is the concept of ecommerce. Online transactions are just a different , cheaper frontend for a store. It's cheaper to maintain and market, there are less startup costs, but you still have to sell something: goods or services. The common misconception is the web front-end alone will create some kind of revenue flow.

Not just online (2, Interesting)

Turn-X Alphonse (789240) | more than 9 years ago | (#11780842)

I think society as a whole doesn't trust any companies any more. Everyone is so sick of the Government screwing them over and companies ignoring the laws these Governments got paid (by other companies usually) to put in place. Lets face it, I don't trust anyone I can't blackmail or back stab and get back whatever I've give them. The world has become like that and it's getting worse and worse.

Re:Not just online (1)

Shadow Wrought (586631) | more than 9 years ago | (#11780904)

Lets face it, I don't trust anyone I can't blackmail or back stab and get back whatever I've give them.

"Thank you, thank you very much. As I accept this award tonight, I'd just like to say that I am only as good as all the people I stepped on to get where I am today. Thank you!"

Re:Not just online (2, Insightful)

LibrePensador (668335) | more than 9 years ago | (#11781095)

This country must have gone down the drain if cynics like you are moderated "+4 Insightful".

If friendship or loyalty are not real to you in any tangible form, one day you may realize that you have nothing left to go on for, hence, you will not.

Get out into the world. Do a bit of community service, create LTSP installations out there, build stuff that people can use and along with the stuff you build, you will build bonds and friendships that will last you a lifetime.

You appear to be the epitome of capitalism's alienation. It doesn't have to be that way!

Re:Not just online (3, Insightful)

Turn-X Alphonse (789240) | more than 9 years ago | (#11781151)

You miss the point. I trust the guy nextdoor, I trust the lady down the road, I trust my friends. I don't trust the world outside of this because it's clearly put "we want your money, heres a brainwashing so we get it".

Take it how you want it.

What's not to trust? (3, Funny)

Anonymous Coward | more than 9 years ago | (#11780850)

I just got a really nice email from a DR. VICENTE A. SOUSA from the DEPARTMENT OF OIL & DOWNSTREAM SECTOR in ANGOLA.

Very polite, humble (he even SAYS so) and ... you know, the email was really long with all sorts of details (kind of like those agreements when you put a CD in the computer) so I just said yes because it's supposed to be easy money. :)

lots of large scale compromises lately (5, Interesting)

ArbitraryConstant (763964) | more than 9 years ago | (#11780851)

While I'm somewhat surprised the average user pays attention to such things, I'm not surprised trust is failing in light of recent large scale compromises.

Until the industry as a whole adopts a strategy of preventing compromises, this is not going to improve. Most companies would rather pay a PR guy to fix their image after the fact than a security consultant to keep it from happening in the first place. That's certainly not how I want my information taken care of.

Re:lots of large scale compromises lately (0)

Anonymous Coward | more than 9 years ago | (#11781103)

Most companies would rather pay a PR guy to fix their image after the fact than a security consultant to keep it from happening in the first place.

With good reason! Because we all have such short attention spans, it's cheaper to get people to forget a security breach than it is to prevent one. The only way to change this situation is to make having a security breach VERY expensive. We can either ask our government(s) to dole out fines, or we can organize ourselves such that things like this are NEVER forgotten. I don't know how we'll do either. 1) Corporations have more money, and therefore have better lawyers and more control over the government. 2) Life today seems to be moving so fast that our brains need short attention spans to cope with the information overload. Maybe it's just all that MTV...who knows...maybe it's always been this way.

Re:lots of large scale compromises lately (1)

Stonehand (71085) | more than 9 years ago | (#11781122)

The whole ChoicePoint shebang has been mentiond in both mainstream newspapers (the NYT, for instance) and television news programs (e.g. NBC mentioned it IIRC). Very high-profile mess. I understand their share price has even dropped something like 9% over this.

It wouldn't surprise me much if the compromise of Ms. Hilton's phone book, etc were also widely known at this point; it's only been joked about on late-night for instance...

Change? (2, Insightful)

Bender0x7D1 (536254) | more than 9 years ago | (#11780858)

From the article: "This survey demonstrates that awareness and action are replacing fear," Robert Holleyman, BSA's chief executive, said in a statement.

How is awareness and action replacing fear when people are afraid to shop/bank online but don't handle their passwords any differently?

Oh, wait... It was an executive who made the statement so all meanings should be reversed.

Quotes from the BBC article: (5, Interesting)

TripMaster Monkey (862126) | more than 9 years ago | (#11780879)

Some [users] resort to using the same one for all their online accounts. Those who use several passwords often write them down and hide them in a desk or in a document on their computer.

Dear God, ain't this the truth??? I'm a network admin at a large company (please don't ask which), and the password situation here would be laughable if it weren't so sad. I ran LC5 on our hash file here, and was shocked and dismayed at the number of passwords cracked within 10 seconds. I'm constantly finding passwords on sticky notes on monitors and under keyboards, and many users haven't even bothered to change the default Lotus password ('password') to something else! >:(

Last year, a street survey found that more than 70% of people would reveal their password for a bar of chocolate.

That seems to be about the right figure for users in my company.

Re:Quotes from the BBC article: (0)

Anonymous Coward | more than 9 years ago | (#11780929)

My first hand experience indicates it is closer to 90%. I've gotten rid of more chocolate this way!

Re:Quotes from the BBC article: (1)

A beautiful mind (821714) | more than 9 years ago | (#11781004)

You know what this means.

Users need to stop blaming companies and start doing what THEY should do to protect THEIR own data. Security is a process, not a product and it includes securing someone's computer too. I bet the majority of cc thefts are from a virus/trojan not because someone played MitM with the user over TLS/SSL or hacked the bank.

The users are mostly not aware of this, they need to be educated. Sadly windows makes people believe there are no knowledge required to use a computer and thats not even true in the case of that particular operating system.

Re:Quotes from the BBC article: (0)

Anonymous Coward | more than 9 years ago | (#11781085)

At a certain Phillips unit, it's the policy of the IT dept to write your password on a post-it and hide it under the keyboard. And I'm NOT kidding.

Re:Quotes from the BBC article: (1)

Fahrvergnuugen (700293) | more than 9 years ago | (#11781097)

strong passwords on sticky notes are better than weak passwords that aren't written down. the physical location of the sticky note is probably secure.

Your the admin, do something about it. (1)

byronmiller (861060) | more than 9 years ago | (#11781107)

If you don't bother to set security standards for everything that uses or is linked to your network - this includes PEOPLE then your not doing your job. Every place i work has a clean desk policy and weekly walkthroughs that happen to verify shutdown pc's at night, all drawers are locked and desk is clean and nothing with numbers, address, emails or unmarked notes are left out. Your network is only as secure as those who are entrusted to it. If people take security this lightly then create an environment that disciplines for such.

Re:Quotes from the BBC article: (2, Insightful)

Sycraft-fu (314770) | more than 9 years ago | (#11781153)

Ya the LC thing is always enlightening. Where I used to work when we ran it it found 50% of the passwords instantly, as in not even trying a dictonary attack, just things like variations on usernames and so on that it always try. It was up to about 90% after the dictonary attack, and had all but three with the dictonary + varations.

Fortunately, the passwords didn't really get you in to much other than the computers, however it was still a sad situtation, and not one the management had any intrest in rectifying.

This is why we really need to get some kind of dual authentication system that uses like a smart card and a PIN. People will NOT use good passwords. A PIN + smartcard system would be pretty hard for people to get around. You'd have to find out the PIN and physically steal the smartcard, then use them before access was revoked. Certianly not impossible, but much easier than finding out a stupidly simple password and using it covertly.

I want some. (2, Funny)

dauthur (828910) | more than 9 years ago | (#11780888)

I think the mistrust comes from people who never receive their Free Vi.a.gra Cheep! in the mail. It's such a shame, that M.ale_Enhanc3ment_P1ll sounded good to me.

Isn't this good news? (1)

sp3tt (856121) | more than 9 years ago | (#11780889)

If people trust the web less, then maybe it is a step forward for anti-spyware. Most spyware is after all installed on the computers of people who trust the new shiny sexy pr0n toolbar far too much.

Who Cares? (1)

EspressoMachine (815675) | more than 9 years ago | (#11780893)

I'm not liable for any $$ amount on my credit card or my debit. I'll say, though, I use debit card rather than my credit card. Why? Cause the bank doesn't have as much to lose as the CC company. With the bank it's all your money, with the CC company, it's their's until you pay it back, which means you have one more person in your corner - and with better lawyers, probably ;).

Re:Who Cares? (4, Funny)

ArsSineArtificio (150115) | more than 9 years ago | (#11780976)

I'm not liable for any $$ amount on my credit card or my debit. I'll say, though, I use debit card rather than my credit card. Why? Cause the bank doesn't have as much to lose as the CC company. With the bank it's all your money, with the CC company, it's their's until you pay it back, which means you have one more person in your corner - and with better lawyers, probably ;).

Ladies and gentlemen: this is why you shouldn't trust any legal advice obtained from Slashdot.

Re:Who Cares? (2, Informative)

EspressoMachine (815675) | more than 9 years ago | (#11781055)

I use debit card rather than my credit card.

Oops. I'm dyslexic. Make that vice versa. I use my credit, rather than my debit.

Re:Who Cares? (1)

mcc (14761) | more than 9 years ago | (#11781110)

The BBC and ZDNet are reporting on an RSA poll of 1 about failing confidence in ecommerce among Slashdot user ArsSineArtificio (user 150115). 100% of the respondents were reluctant take legal advice obtained on slashdot.

Another fact for the timid (3, Interesting)

14erCleaner (745600) | more than 9 years ago | (#11780898)

I recently heard that 50% of identity theft is done by somebody who knows the victim.

Kind of like the great majority of child kidnappings involve a non-custodial parent. But that's not a scary enough story to draw viewers, so doesn't get reported much.

(at this point the child-kidnapping activists will rise up and smite me with their negative mod-point hammers, I'm sure. :)

online trust is like (0)

Anonymous Coward | more than 9 years ago | (#11780899)

oxy-moron

It's not just online businesses we distrust ! (2, Insightful)

javaxman (705658) | more than 9 years ago | (#11780913)

Plenty of folks distrust most any business, and often with good reason. I'd link to recent examples of businesses not taking proper care of customer data, or otherwise breaking trust and committing fraud, both online and off ( ChoicePoint certainly comes to mind, as does T-Mobile... then there's Enron, WorldCom, Tyco... ), but the instances are almost too many to list.

If businesses want people's trust, they need to earn it.

Should online businesses be trusted ?

I myself give out accurate personal data only when I really, really have to, and even then am pretty picky about the companies I work with - both online and offline. If confidence has declined, maybe people are learning...

I trust online purchases... (2, Funny)

SmokeHalo (783772) | more than 9 years ago | (#11780918)

...as long as Claria says it's okay.

Proxy CC# (4, Interesting)

donnyspi (701349) | more than 9 years ago | (#11780920)

I like using MBNA bank's credit card number proxy feature whereby you create a onetime use CC# with a limited spending limit to give out online. It's a great feature for paying at Sam's Shady Online Store with a CC# that has a $30 limit and expires in a month.

Nooo confidence (3, Funny)

imrec (461877) | more than 9 years ago | (#11780922)

I TOTALLY know! I saw a video of this girl who had confidence that this guy WASN'T going to do this thing to her... AND HE DID! I was like, "I SO don't have confidence in the net anymore!" ...I'm sorry, I don't know where that came from. It must be time to go home...

Re:Nooo confidence (0)

Anonymous Coward | more than 9 years ago | (#11780959)

ROFL. You made my day!

Worrying about that right now myself... (2, Interesting)

Pengunea (170972) | more than 9 years ago | (#11780934)

...As I'm currently working on three sites that have a variety of eCommerce worked into them. One is linking to a ridiculous third party all-in-one shopping cart package the client repeatedly insisted on using. I'm having the damndest time trying to ensure that everything is secure and that items being paid for are being flagged properly when they are fully paid for. Because of the hopping back and forth from our server to theirs I'm using browser cookies and I'm not fond of it at all.

I have to ask how does one inspire confidence and secure feelings in visitors to the site? It helps to make sure the site looks nice and has a minimum of spelling errors, but there isn't anything I can think of that will suggest "Hey! We're really a legitimate business and won't just take your money and run" to people who don't know what SSL is.

As someone who likes to buy things online I only trust a handful of sites to accept and process my transactions properly. I know what will keep me from using an online store (no SSL at payment, no multiple protected ways to pay, ridiculous things like having to get a Yahoo! account just to be able to checkout my shopping cart). But I can't put my finger on what keeps me feeling secure in making my transactions after that.

Re:Worrying about that right now myself... (1)

m50d (797211) | more than 9 years ago | (#11780993)

A discreet logo. Something equivalent to those W3C validated buttons people use. Something that says you're using SSL and someone halfway competent has taken a look at it and it seems set up ok. I'm not sure if such a thing exists, but if it doesn't it should do. That's the sort of thing I'd want.

Re:Worrying about that right now myself... (1)

NardofDoom (821951) | more than 9 years ago | (#11781070)

The world would be so much better if it weren't for clients. And users.

Of course not (0)

Anonymous Coward | more than 9 years ago | (#11780936)

They'll just sell it all to ChoicePoint and their den of thieves.

It's not the Internets, it's the boxen... (1)

ites (600337) | more than 9 years ago | (#11780945)

It's not just the scammers and phishers and 419 letters. The basic infrastructure for most people is their precious box, and that is falling apart.

Look: if one of my PCs gets a problem, I start to get sympathetic symptoms. If my notebook crashes, I get really ill too. When it's fixed, I feel much better.

I run Linux, we all do in this company, but people who run Windows are contaminated from something akin to a epidemic of the plague.

It's not surprising they are reluctant to trust much else.

Online trust (2, Insightful)

vurg (639307) | more than 9 years ago | (#11780955)

I lost my online trust when I fell victim to a particular .cx site.

Case in point: ChoicePoint (5, Insightful)

PHAEDRU5 (213667) | more than 9 years ago | (#11780965)

Here in GA we have ChoicePoint, a company which recently allowed a criminal gang to make off with something like half-a-million IDs.

Only people in California were notified of the leak, because CA has a law requiring notification. Everyone else is going to have to wait 'til their identity gets stolen.

The GA legislature is taking up a bill to require notification of GA residents when their personal information is stolen or accidentally leaked.

Part of the problem, IMHO, is that companies won't tell you when they've shared your information with a non-trusted third party. So, a good first step would be voluntary disclosure.

Re:Case in point: ChoicePoint (1)

mkarpinski (409464) | more than 9 years ago | (#11781024)

Not to defend them but ChoicePoint has voluntarily agreed to notify everyone that was involved inthis issue.

I actually think that there should be Federal legistlation for disclosure of this type of crime.

Re:Case in point: ChoicePoint (1)

PHAEDRU5 (213667) | more than 9 years ago | (#11781073)

I didn't know they'd volunteered to notify everyone. Last I heard, it was just CA residents.

I'm happy they're notifying everyone affected.

Just trust us? (1)

saur2004 (801688) | more than 9 years ago | (#11780969)

Like hell.

Ive had this little link in my bookmarks for a very long time Toysmart [ftc.gov]

I site this link alot when I deal with any online purchases and ask for some assurances, not just what is put in thier online agreements.

So people don't trust sites online... (1)

bskin (35954) | more than 9 years ago | (#11780972)

Good?

Let the banks bear the burden (3, Interesting)

/Wegge (2960) | more than 9 years ago | (#11780987)

In Denmark we have very good consumer protection on online trades. Whenever the card holder challenges a withdrawal, the issuing bank shall reverse the transfer immediatly. Afterwards, the burden of proof for actual goods delivery lies with the bank. The banks of course passes the burden on to the online merchants, so we have very few fradulent online traders here in denmark.

I'm not sure how it works for foreign trades, but as the banks must make the refund, no matter what, the general confidence in denmark is pretty high.

Re:Let the banks bear the burden (1)

popo (107611) | more than 9 years ago | (#11781067)


Yeah... and by comparison, you also have almost no e-commerce.

Re:Let the banks bear the burden (1)

/Wegge (2960) | more than 9 years ago | (#11781102)

Yeah... and by comparison, you also have almost no e-commerce.

No, and so ... I can still shop with Amazon, Dell or who else has something to sell that I want. Even popo's slightly suspicious frech bum store. I'm still guaranteed that I'm not scammed.

Sensational (2, Interesting)

the0ther (720331) | more than 9 years ago | (#11781042)

This is a bunch of hoohey. It is not in the sense that this is really how people feel, but those people are actually very ill informed. All they listen to is the news reports about identity theft, or they listen to their banks who are touting improved protection against identity theft. What people don't consider is that online transactions probably lower the risk for identity theft. If these banks actually offered an alternative to their competitors perhaps they could curtail their alarmist advertising.

The Problem isn't the Internet (3, Interesting)

popo (107611) | more than 9 years ago | (#11781044)


The problem is that Credit Card companies, banks and anyone else whose revenue is generated by transaction volume have a vested interest in making transactions easier and more frequent.

As big a problem as fraud is, the reality is that there is far more to be gained from lowering barriers to credit card use than there are to raising barriers. The other sad corrolary is that the real losers when it comes to fraud are the consumers.

We have voluntarily traded security for convenience. Now it seems we want our cake too.

Re:The Problem isn't the Internet (2, Insightful)

taustin (171655) | more than 9 years ago | (#11781083)

The only problem with your whining is that credit card fraud is many times more likely to happen when you use your credit card in a brick-n-mortar store, face to face, than when you use it online. And if the number is stolen, the amount fraudulently charged to it will be several times as much.

This isn't news, or especially obscure. While online credit card fraud may be the "fastest growing category," it's still minor compared to disgruntled cashiers who copy down details on the sly.

Re:The Problem isn't the Internet (1)

popo (107611) | more than 9 years ago | (#11781132)


Uh... next time you call someone a whiner, try reading their post first.

My post was titled "The Problem isn't the Internet", and I pointed the finger at credit cards and gateways in general.

Your post on the other hand was redundant and didn't even make sense as response to mine. Go away.

Ummm... (1)

Gruneun (261463) | more than 9 years ago | (#11781051)

43% of respondents were reluctant to give details to online sites
Apparently filling out a survey about online security doesn't qualify. Perhaps, 57% of respondents don't mind giving info and the other 43% give it anyway.

People need to cheer up (1)

t_allardyce (48447) | more than 9 years ago | (#11781061)

I don't see the problem, there are major sites like Amazon which are obviously not back-alley enterprises and its unlikely someone is going to get your credit card number on an encrypted connection - its just not worth the effort to thieves when there are so many easier ways they can do it. Other non-global sites often use well established credit card processing systems like world-pay - as long as there's no phishery involved, the site you are buying from never sees your credit card, they just get a yes or no from the bank, of course if there is some dodgy browser scripting going on then they can do what they like, but at the end of the day the bank is involved and isn't going to want dodgy sites on their books. If people are scared about their details being shared around then they should check that the company is on the data protection register (for Europe) and if not then report them, if a company starts 'loosing' your personal information they're going to end up in trouble.

Good... (1)

fitten (521191) | more than 9 years ago | (#11781076)

The BBC and ZDNet are reporting on an RSA poll of 1,000 users about failing confidence in ecommerce. 43% of respondents were reluctant to give details to online sites and 70% said that firms were not doing enough to keep their data secure.

This means that the populace is getting edumacated about online activities over time.

Back in the Day (tm), we all knew that the 'net was filled with wierdos and perverts and knew what not to do. Then came this wave of n00bs who hadn't a clue and we see all the scams and stuff. This just means the n00bs are getting more informed.

Hold it (1)

varmittang (849469) | more than 9 years ago | (#11781117)

I could have told you years ago that anything that is connected to a larger network can get stolen. But its only when something happens to a celebrity does it make it in the news and is seen as a problem that needs to be fixed. Damn it, put Justin Timberlake in charge of Home Land Security, then we might get something fixed over there.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>