Making online purchases

[VinnyBarb]

PayPal only for me, one needs only once to supply credit card details to PayPal, any other purchases are paid via PayPal. No more credit cards details to send anywhere else, so a seller never needs to know these.

Pretty secure this way for dealing on the internet me thinks

Plus, if something should go wrong, there is always a refund policy by PayPal for certain web site transactions and in the end, my bank which issued my Visa card can also deal with money missing issues, should any arise. This saved my bacon a couple of times before I switched to PayPal.

EBay, Amazon books and most electronic dealers as well as AURAN etc. have PayPal payments accepted, if one company does not, stiff cheese, there are others that have.

Btw, this irritating moron posting at the start of this thread is who I think it is, the former Z..........r, yes?

Cheers

VinnyBarb

 

[john259]

Maybe I'm wrong but I get the impression that most people at least in Britain would regard making an online purchase with a credit card as an extremely routine activity. The same holds true (I think) for other financial transactions such as using online banking facilities.

John

 

[SuperFudd]

I have used credit card. Would a debit card be a better idea?
Frankly, I find the whole internet payment security thing confusing.
Perhaps Auran could post information, sort of Buying On Line For Dummies? It might help sales.

 

[builder300544]

Maybe I'm wrong but I get the impression that most people at least in Britain would regard making an online purchase with a credit card as an extremely routine activity. The same holds true (I think) for other financial transactions such as using online banking facilities.

John

Hi,

Yes I too am puzzled by the apparant mistrust on this forum of online payments.
All my freinds use online payments as a matter of course and most do their banking online.
I should point out that my friends are not high flying computer whiz kids, but run of the mill people mostly 60+.
I personaly use the internet and online banking for 90% of my purchases (including groceries) and all heavy and bulky items.
Never had a problem up to now, and I,ve been doing it for some years now.

Regards, John

 

[PerRock]

I think I have something that is appropriate for this thread (Even if it isn't funny, you'll get the idea) :

Train Railroad Simulator 2009 (pre order): £20

RailDriver controls: £100

Watching Tony Hilliam put up another bizarre poll that attracts some bizarre posts on the TRS forums: Priceless!

Some things money can't, for everything else, there's Mastercard.

LOL WEN...that is priceless!

peter

 

[johnwhelan]

Maybe I'm wrong but I get the impression that most people at least in Britain would regard making an online purchase with a credit card as an extremely routine activity. The same holds true (I think) for other financial transactions such as using online banking facilities.

John

Hi,

Yes I too am puzzled by the apparant mistrust on this forum of online payments.
All my freinds use online payments as a matter of course and most do their banking online.
I should point out that my friends are not high flying computer whiz kids, but run of the mill people mostly 60+.
I personaly use the internet and online banking for 90% of my purchases (including groceries) and all heavy and bulky items.
Never had a problem up to now, and I,ve been doing it for some years now.

Regards, John

OK I retired about a year ago so my information is a little out of date but at that time in the security forums there were discussions about what to do about the 45% of web sites that were being used for credit card transactions that did not meet the updated security requirements that the credit card association had for securing web sites. A major concern was smaller companies who had written their own code for web sites for collecting credit card information. They basically didn’t have the resources to keep everything up to date and to ensure that their sites were not vulnerable to the latest attack vectors. Those that did not run scripts or use JAVA were noticeable more secure than those that did.

As criminals turn to more automated tools it becomes much easier to reap the credit card numbers.

There have been recent cases where more than a million credit card numbers have been stolen from computer sites. In some cases by tapping into the network through a wireless connection, WPA2 by the way is the only secure wireless connection these days, WEP is too weak and WPA has been recently compromised. Back ground here:
http://www.linksys.com/servlet/Sate...nksys/Common/VisitorWrapper&lid=1753391212L02 If either your PC or router is more than 2 years old it almost certainly doesn’t support WPA2 so any wireless communication should be considered compromised. Dlink, Belkin are among the wireless router companies that are still selling non WPA2 wireless routers by the way.

WPA2 initially was difficult to configure securely by the way until Linksys came up with automated configuration. Even if your side is correctly configured if the company you are dealing with has one wireless router on its network that is not WAP2 or incorrectly configured their entire network and all the data in any databases on the network should be considered compromised. Many compromised networks are because some one plugged an unathorised wireless connection into the wall so they could use their laptop. The network administrators were unaware it was even attached to the network.

A number of bank sites online web sites have been hacked. Banks really don't like talking about it because internet banking is very profitable for them.

One problem is who are you talking to when you connect to the bank's site? You type in www.bank.co.uk but behind the scenes your computer talks to a server that has a list of addresses. These computers are the backbone of the Internet. There was a report that noted more than a third of these servers did not have up to date security patches supplied. Many of these servers are UNIX based which means weaker security than Windows based servers.

Having pointed you at the wrong web site the bogus web site then uses your login and your password information to logon to the real site feeding the real site responses back to you and capturing your userid and password at the same time.

There are many other attack vectors.

Banks such as HSBC in the UK will check credit card purchases and will refund charges if you can prove your computer has up to date patches, and software and has antivirus software on as well. Note the use of IE6 or below is not covered. HSBC accepts no responsibility for debit card purchases.

Hopefully people in the UK are better than those in the states where Microsoft found that 90% of the cases when SP2 would not install it was because the machine was already infected with malware. One of the Microsoft techies I talked to found 24 different nasties on his uncle’s machine. He was 60+ and commented when told “I thought it was running slow”. One ISP survey by summer students came up with the figure of the home machines inspected 89+% had some sort of malware infection. My ISP is amongst those who now include a free subscription to I think it’s Norton antivirus to lower the load on technical support and reduce the network traffic.

I’ve sat through a number of presentations on security, there are a large number of holes and more are discovered each day. Personally my bank has been instructed not to accept instructions by phone or form a computer and my account is marked in this way.

You may not have been mugged on your local high street that doesn't mean it doesn't happen.

Cheerio John

 

[johnwhelan]

Some indication of how big the problem is from a fairly respected source.

http://news.bbc.co.uk/1/hi/technology/7742455.stm

Cheerio John

 

[IsambardKingdomBrunel]

post deleted

 

[wmmeyer]

PayPal only for me, one needs only once to supply credit card details to PayPal, any other purchases are paid via PayPal. No more credit cards details to send anywhere else, so a seller never needs to know these.

This worked fine for me for a number of years, but PayPal recently informed me that the amount it would transfer from my credit card was exhausted. In order to continue to pay with PayPal I would need to give them complete info on my bank accounts, in addition to the credit card info. That ain't happenin'.

 

[VinnyBarb]

This worked fine for me for a number of years, but PayPal recently informed me that the amount it would transfer from my credit card was exhausted. In order to continue to pay with PayPal I would need to give them complete info on my bank accounts, in addition to the credit card info. That ain't happenin'.

Are you sure this was not a phishing web site using the PayPal tag and looks of their web site? Why would PayPal tell you your credit card funds are exhausted if your credit card is not overdrawn? As well, PayPal has all your info re the credit card/bank account there already, why ask for these again? They do not need the info of ALL your accounts, it looks very suspicious to me about this email.

Was this particular PayPal email addressed to you by your name or just something like "Dear PayPal user" or such? Why not report this email to PayPal and see what happens. Often you can pick on the browser address displayed that something is wrong, should you answer such email before giving away any details, like no secure web site icon displayed or the URL displayed in your browser has something else suspicious displayed in the link and no "https" instead of "http" prefix which would also show a secure web site.

I used PayPal for the last 5-6 years already for quite a lot of internet transactions, never ever did I get anything wrong done to me. I might have been lucky so far but for me it is the least "evil" option to deal with internet payments.

Cheers

VinnyBarb

 

[StorkNest]

This worked fine for me for a number of years, but PayPal recently informed me that the amount it would transfer from my credit card was exhausted. In order to continue to pay with PayPal I would need to give them complete info on my bank accounts, in addition to the credit card info. That ain't happenin'.

Anytime you get something like this from...well, anywhere on the Internet, first thing to do is go to the compnay home page and find the section for reporting Spoof/Abusive/etc. emails. Had this with eBay and a couple of other places. Check FAQs, reputable sites will have in their FAQs or similar statements that they will never ask for collection of certain personal information through emails.
What you are describing sounds like a Spoof email. It looks authentic, even the email address but there is code in the email that identifies it as a lie.

 

[johnwhelan]

Perhaps Tony would care reassure people by to elaborating how safe the Auran site is and how Auran handles and stores credit card numbers so we can make a more informed decision?

Thanks John

 

[wmmeyer]

Anytime you get something like this from...well, anywhere on the Internet, first thing to do is go to the compnay home page and find the section for reporting Spoof/Abusive/etc. emails. Had this with eBay and a couple of other places. Check FAQs, reputable sites will have in their FAQs or similar statements that they will never ask for collection of certain personal information through emails.
What you are describing sounds like a Spoof email. It looks authentic, even the email address but there is code in the email that identifies it as a lie.

This scenario was relayed to me from the PayPal website when I originally signed up. They offered me a choice of getting certified by submitting all the bank account info or just the info on one credit card. They warned that if I only opted to submit info on one credit card the amount they would transfer for me would be limited and non-renewable. I never even open email from senders such as ebay or paypal.

 

[johnwhelan]

Perhaps Tony would care reassure people by to elaborating how safe the Auran site is and how Auran handles and stores credit card numbers so we can make a more informed decision?

Thanks John

Would anyone else at Auran care to comment on how safe their web site is for handling credit card numbers?

Thanks

Cheerio John

 

[seeseeme]

Would anyone else at Auran care to comment on how safe their web site is for handling credit card numbers?

Thanks

Cheerio John

I remember the time when Auran servers had been attacked and we lost the forum (and DLS I think) for about 2 weeks while they repaired the damage and put in some more security features.

At that time they advised us that the Credit Card area was separate to all other areas of their systems (or payment methods) and was not touched. So hopefully they have this area under control.

Craig

 

[Tony_Hilliam]

Our online systems have never been compromised. We don't store your credit card details at all so there is no way people can hack the Auran serves to get your details.

They way it works is that we send your card info to our Payment Gateway provider via a secure link and they talk to the banks directly to verify the card information.

The funny thing is, the link to the Payment Gateway is as secure as the phone line that your local store uses to contact the bank when you hand your card over the counter.

In fact, when you pay at a restaurant and they disappear with your card, you are far more likely to have your card details retained by unscrupulous waiters (or worse, have a physical copy of your card made).

 

[johnwhelan]

Our online systems have never been compromised. We don't store your credit card details at all so there is no way people can hack the Auran serves to get your details.

They way it works is that we send your card info to our Payment Gateway provider via a secure link and they talk to the banks directly to verify the card information.

The funny thing is, the link to the Payment Gateway is as secure as the phone line that your local store uses to contact the bank when you hand your card over the counter.

In fact, when you pay at a restaurant and they disappear with your card, you are far more likely to have your card details retained by unscrupulous waiters (or worse, have a physical copy of your card made).

Thank you. I was hoping for something along those lines.

Cheerio John

 

[Bitstorm]

Wow ... that was fast. Having doubts already about the company strategy of not selling by retail?

Studies have shown that selling software over 'Digital Download' is much more cost effective for the company publishing the software. Reason to that is that it costs almost 20 - 30 % of the entire retail value to print out and manufacture the materials for a retail box package, add on shipping costs and the ever rise in fuel costs adds more money that is lost to the developing company.

I think Auran and its sub companies are going the right route by offering a digital download version.

Just need to have a faster server online than what is currently on. I am having to download the RRS 2009 build using a program that lets me download 4 concurrent downloads at the same time just to max out my internet bandwidth ability.


Brendan H.

 

[johnwhelan]

Studies have shown that selling software over 'Digital Download' is much more cost effective for the company publishing the software. Reason to that is that it costs almost 20 - 30 % of the entire retail value to print out and manufacture the materials for a retail box package, add on shipping costs and the ever rise in fuel costs adds more money that is lost to the developing company.

I think Auran and its sub companies are going the right route by offering a digital download version.

Just need to have a faster server online than what is currently on. I am having to download the RRS 2009 build using a program that lets me download 4 concurrent downloads at the same time just to max out my internet bandwidth ability.


Brendan H.

I think the customer gains as well with faster time to market and lower costs on shipping or bus fare to the store.

Cheerio John

 

[JCitron]

I purchase with both credit card and debit card as well as do my banking online. Before I make a purchase however I check for the https:// link to come up.

Whenever I receive an email from ebay or Paypal, I check the source using the options in Microsoft Outlook, or view the source in a browser if the message is in my online mail account. This brings up the sender's details about their whereabouts. It's interesting to receive an email from supposedly Bank of America (I don't even have an account with them), but the source says that it comes from a host in the Czech Republic.

John