Online business: do you? (No spam)

[fable]

I've been leery of conducting much business online, but that's to be expected, given the fact that when I was young abacuses were still common and we all spoke Ancient Sumerian. Nowadays I buy things on sites labelled as "secure," and since we're on vacation in Hungary, I've had to set up an account to pay my credit card online. It leaves me twitching, but we don't want to accumulate interest. That's Dubya's method of governing: leave it to your children to pay off tomorrow the bankruptcy you accumulate, today. I'm not built that way.

What about you? How do you view doing transacted business online, involving all the money you've got saved over your lifetime, knowing it could be spirited away in the wink of an eye by some suave, Orson Welles-like character who would spend it all in 24 hours on drinks, alone?

[Xandax]

I buy anything I can online, and then I often have it delivered to me at work, thus saving me the trouble of having to get the stuff at the postal office.
CDs/DVDs, computergames, books, movietickets, toys, clothes, flowers and soon spareparts for my vacuumcleaner .... these are some of the things I've purchased online.
It is easy and it is most often cheaper and the product supply is immensly larger then what you'd be able to find if having to walk the stores.

I also do my banking via the Internet, meaning paying bills, stockstrading, moving money between accounts etc. I futhermore use it to keep up with my pension and my juggle my study-debt such as changing the monthly payment. I use it to book appointments with sport and doctors and so on.

I have no fear of safety on the web, because it works as in "real life". If you think about things and keep your head, you'll rarely end in trouble.

[DaemonJ]

I develop ecommerce web sites for a living and therefore am very aware of the possible dangers out there.

Even with that I still purchase about 90% of my items online. Movies, music, books, and entertainment items are all purchased online without question.

[Coot]

I've always tried to stay away from on-line purchasing but sometimes it was the only way to get a certain CD or book or whatever. I only bought stuff on-line a few times though.
Then my daughter was born and I was still a teacher which meant there was no money left to spend on anything except diapers .

[Moonbiter]

Funny, I recently got the exact same question in a public survey. Personally I got online relatively late compared to my friends. I am still insecure regarding certain aspects of the internet, and I've seen a lot of nasty stuff go down. Since my favourite bookshop closed down early this year, certain books and comics have become practically unavailable up here on the reef, so I've started to purchase a lot of them online, and only from secure places. I guess it's a psychological thing, and a bit of a rebellion on my part, but I still prefer to go out and buy stuff in the store. Most of my friends are completely barmy when it comes to online shopping, they even buy all their groceries online because they can't be bothered to walk down the stairs to the shop on the corner. I can't quite understand why anyone would do that. Food is a major part of my life, and I enjoy picking my own vegetables, talking with the staff at the meat or fish counter, to get sudden inspiriation by something on display... The same thing goes with practically everything else. Physically browsing for cd's or books or games is one of the greatest pleasures in life for me. Why would I do that online if I don't have to? As for the security issue, I've had some nasty scares even from supposedly "safe" sites, so I'm extremely careful each time a place an order online.

[Mr_Snow]

I don't do any business on-line, and hopefully I never will, I don't even own a Credit card (got rid of it cause I never used it) so if i can't buy it with a bank cheque/money order I don't buy it and that's only after I've checked I can't buy it in a store

[Magrus]

I tend to buy things online that I want for the simple fact I do not own a car or drive. Carrying home a new PC for 20 miles is just not going to happen. It is easier and more conveniant for me to pay the shipping charges and have it delivered instead. I haven't had problems yet, aside from problems with the SHIPPING companies. Those are another matter entirely. The websites I have dealt with haven't cheated me out of money or stolen all of my money out of my account or anything.

In all honesty, I am of the opinion I am safer dealing with most online sites than I am at a store in person. Online, I can save and print of screen shots of what I paid, what as requested, complete with times and dates and website links and all. At a store? They hand you a little tiny reciept that I can stuff into my wallet, which blurs into an unreadable smudge by the time I do my laundry next as your only record of the transaction. I bought a computer from a store, and they said "keep this reciept, you have a 2 year warranty. If you lose the reciept, nothing can be done about it." Two weeks later, I made sure it was there, and what do you know? The receipt was illegible.

[Chimaera182]

A year ago, I bought my PS2 from eBay. I buy pizza all the time from the store's online site. I was leery about the PS2 and haven't bought anything from eBay since, but the pizza thing seems so natural (although I hate it with a passion, because I order pizza rather frequently much to my physical/financial detriment). I tend to shy away from buying other things online, as I'd rather buy whatever I need to in person, that way I can give it the scrutinizing I feel it deserves. Although I do sometimes wish I could order groceries online, so that would mean one less thing I'd have to do myself.

[Vicsun]

I shop online for anything more expensive day-to-day groceries and less expensive than, say, a car.

Reputable online retailers won't con you out of your preciously earned money. Setting up a secure online store is relatively trivial - especially for a large business - and the chances of Amazon keeping your money and not shipping your order are pretty much the same as the clerk in Barns and Noble accepting your cash but refusing to scan your purchase.

As far as eBay goes, the buyer faces enough protections to guarantee he'll either get his product or his money back . Selling is a different, much riskier, matter, largely duo to the extreme (often "unreasonable") protection eBay offers buyers.

[fable]

Reputable online retailers won't con you out of your preciously earned money.

But what about scams that search out card numbers stored at reputable sites? Or reputable sites that are "kidnapped" by referrals?

[Xandax]

But what about scams that search out card numbers stored at reputable sites? Or reputable sites that are "kidnapped" by referrals?

If a webshop stores credit card information in such a manner they are not reputable. Most of the time stores use a 3rd part service to handle payments, such services are specialized in authorizing(sp?) credit card payments.
If you do not trust a payment provider, then one should not shop at the given site. If you do not trust a shop, then you should take your buisness else where. Just as if a store in "real life" looks suspecious, then I'd not shop there. It is the excat same mechanics which should govern behaviour.

But then again - it is dangeorus to walk around with money as you can loose them, get mugged etc and it is dangerous to use your credit cards at all real life shops as the details on them can be misused.
If looking that "nervously" at online transactions then there are similar risks with "real" transactions.

[fable]

If a webshop stores credit card information in such a manner they are not reputable. Most of the time stores use a 3rd part service to handle payments, such services are specialized in authorizing(sp?) credit card payments.

With respect, reputable government websites can be "kidnapped," despite having the finest, latest equipment; does this mean the webshops that can afford less and still do the best they can, are therefore disreputable?

But then again - it is dangeorus to walk around with money as you can loose them, get mugged etc and it is dangerous to use your credit cards at all real life shops as the details on them can be misused.
If looking that "nervously" at online transactions then there are similar risks with "real" transactions.

Again, I wold have to disagree. The risks of having your identity stolen at a "real shop" is relatively minor compared to having your identity stolen online, for fairly obvious reasons: it's easier to steal and fake an identity online than it is in real life. I recently interviewed a leading expert in biometrics technology, who said that it was the explosion of online use that was the making of his business.

[Xandax]

With respect, reputable government websites can be "kidnapped," despite having the finest, latest equipment; does this mean the webshops that can afford less and still do the best they can, are therefore disreputable?
<snip>

Oh they can be "hacked" or "kidnapped" as you suggest, however the chance is vastly overexcaggerated as you might as well have your credit card compromised when shopping "real life".
Most online payment services with respect for themselves do not store creditcard information in direct connection with personal information so even in case of security breaches it will be difficult to bring together creditcard information.
And in case of such breeches it is the companies and banks who get stuck with the bill. At least in Denmark.
Also strict demands exists for online buisnesses, you can't just throw up a webshop, there are rules and regulations which exists.

I work amongst other things with e-commerce, both Buisness to Buisness and Buisness to Consumer, and online trading is in explosive growth. That would not happen if every other credit card was compromised.

In my book it is much like comparing the dangers of flying with driving. The accidents with planes are propotional larger then with cars, yet the quantity is much more limited.

Again, I wold have to disagree. The risks of having your identity stolen at a "real shop" is relatively minor compared to having your identity stolen online, for fairly obvious reasons: it's easier to steal and fake an identity online than it is in real life. I recently interviewed a leading expert in biometrics technology, who said that it was the explosion of online use that was the making of his business.

Actually it is extreemly easy to get your credit card compromised in real life as the traffic (so to speak) is "unsafe", meaning human eyes and human handeling are basically unsafe. If your credit card number gets read by a scrupelous person the card is compromised, and could in theory be misused online because many payments are done via the card number. Then it is simply a matter of deducting the expire date (and control number if that is the issue), by brute forcing it if you haven't read it. And if then the scrupelous person also sees the expire date and possible control digits, then your card is fully compromised, which can happen in seconds.
If you hand your card to a waiter at a resturant for paying for a meal, the card is basically compromised, if you do not save the talons and are sure what happens with the talons your card is basically compromised.

Even with just a portion of the card number a mediocre mathematician would be able to deduct/calculate the possible remaining numbers of the card.

Futhermore we have had cases in Denmark where "clever" criminals have installed card scanners in credit card payment machines and ATMs which would read the magnetic strip and combined with camerars they were able to read the pinnumber as well. This is real life and it is "invisible" until withdrawls are made.

Identity thefts exists in numerous situations "real life" as well as online situations which are totally unrelated to webshops and credit card transactions. So it is not an issue which is limited nor connected to trading online. This can happen by somebody reading your mail if you accidently throw it out as well as somebody hacking into a payment service.

No doubt that you must be wary of where you trade online but one must so in "real life" as well, and by using common sences you minimize many issues. But due to cryptated and secure transactions, I actually trust my creditcard and information is kept (much) more safe online then they are "real life".

It might be because it is my chosen field of profession, but I've never been afraid of my data online (when I shop, I shop at trustworthy sites ... mostly ), yet I try to keep an extra eye on the waiter when I pay with card at a resutrant, and would depending on the place, follow the waiter when he makes the payment on my card.

The "dangers" of online activity are vastly over excaggerated in my view.

[Vicsun]

Xandax already gave a pretty detailed response to the questions directed at me, so I'll toss out a more general statement:

The best way to feel at ease about online shopping is to read a little bit about different techniques used in protecting customers and defeating protections. To put it simply, stealing money online is hard. Much much harder than what Hollywood will have you believe. The difficulty with arguments like this is the fact that it's quite hard to attest to the security of online commerce without going into mathy technicalities. Most fraud and theft online is by far due to human error on the part of the victim.

[The Z]

Like Vic said, everything Xandax said sums it all up.

My brother and I have done a fair bit of shopping on eBay and their third party is PayPal. You could always go to their site and study them for a bit if you're wondering how these services are like.

[fable]

Oh they can be "hacked" or "kidnapped" as you suggest, however the chance is vastly overexcaggerated as you might as well have your credit card compromised when shopping "real life".
Most online payment services with respect for themselves do not store creditcard information in direct connection with personal information so even in case of security breaches it will be difficult to bring together creditcard information.

I have not encountered a single instance in the news or personal life here in the US where a credit card was compromised while shopping retail. Admittedly, we're just arguing personal experiences, here, but the technology section of larger, more reputable newspapers will sometimes feature stories about online credit card scams and such. Perhaps it is a case of the most "exotic" being reported while the other goes unmentioned; but until I have access to some statistics, I'm going with the statements of the few people I've encountered with some reasonable pretensions to knowledge in the business. And they all agree that online transactions are more often subject to attack, to identity theft, and to a lack of transparency from the user's perspective to leaves me (at least) wondering when one site is extremely secure, and another is borderline.

And in case of such breeches it is the companies and banks who get stuck with the bill. At least in Denmark.
Also strict demands exists for online buisnesses, you can't just throw up a webshop, there are rules and regulations which exists.

I'm not sure of the legal situation in the US, but I think many of us are aware of online "businesses" that pop up just long enough to scam a few credit cards before suddenly vanishing. The rules and regs apply to thieves, but you have to catch them, first. This is proving a very serious problem in the US, at least.

Actually it is extreemly easy to get your credit card compromised in real life as the traffic (so to speak) is "unsafe", meaning human eyes and human handeling are basically unsafe. If your credit card number gets read by a scrupelous person the card is compromised, and could in theory be misused online because many payments are done via the card number. Then it is simply a matter of deducting the expire date (and control number if that is the issue), by brute forcing it if you haven't read it. And if then the scrupelous person also sees the expire date and possible control digits, then your card is fully compromised, which can happen in seconds.

I think that's why most credit card transactions are done in front of you in the US, with the card taken, placed through the reader, and returned in seconds. It can be stolen, of course, but what reputable company wants to risk this? After all, if they've been aruond for a while, they don't want to leave a thriving business and jump town to avoid legal apprehension. They're also heavily insured against employee theft. By contrast, you can start up a faux shop online and close it in a day, leaving nothing behind--not even a cash register.

Futhermore we have had cases in Denmark where "clever" criminals have installed card scanners in credit card payment machines and ATMs which would read the magnetic strip and combined with camerars they were able to read the pinnumber as well. This is real life and it is "invisible" until withdrawls are made.

I'm writing Denmark off the list of my places to vacation in the near future. More seriously, I wasn't aware of this.

[Xandax]

<snip>

I'm not sure of the legal situation in the US, but I think many of us are aware of online "businesses" that pop up just long enough to scam a few credit cards before suddenly vanishing. The rules and regs apply to thieves, but you have to catch them, first. This is proving a very serious problem in the US, at least.<snip>

Hence why you shop at reputable sites which aren't just "popping up", given your own very next point....

<snip>
I think that's why most credit card transactions are done in front of you in the US, with the card taken, placed through the reader, and returned in seconds. It can be stolen, of course, but what reputable company wants to risk this? After all, if they've been aruond for a while, they don't want to leave a thriving business and jump town to avoid legal apprehension. They're also heavily insured against employee theft. By contrast, you can start up a faux shop online and close it in a day, leaving nothing behind--not even a cash register.

I will pull out the following from the quote initially: but what reputable company wants to risk this
If you choose reputable shops online, you minimze the risk as you'd do "real life" by choosing reputable real shops.
As for the card, it needs not be stolen to be compromised. Given the card number which for somebody just a tad skilled with numbers or some practice can be read and memorized as fast as the transaction takes to be verified. And then presto, you have your account drained just as "easy" as it is to "hack" into online payment providers and steal the relevant data.
The difference is that online transactions are secure links and encrypted. Real life transactions are not.


As for your initial premise, I think it is simply because - again my "plane vs. car" comparison that there is more "news" value in somebody having their data stolen online then real life. My own experience with webshops as well as my colleagues is that I've never once heard of somebody getting their data compromised.
The human aspect is much higher in real life transactions and thus I view thoese as more unsecure then online. Especially because I've been behind and infront of the payment both "in real" and online during my life so far.

I can not give a count on how many times I could have stolen card information when I was working at a gas station with the card owner right infront of me.

[fable]

I have a distinct feeling that we're just talking past each other at this point. I feel that online businesses inherently run the risk of losing control of their web addresses to identity thieves, based on frequent reports of this in the US; and that the reputability of the business does not guarantee escaping this. To you, online businesses are at least as safe as realworld ones. These viewpoints are not likely to change. I suspect we will only agree to this: that a reasonable consumer puts some time and effort into making certain the businesses they deal with are to be trusted, and transactions handled by these businesses are reasonably safe.

[Xandax]

What I fail to understand is how you belive that shops can "loose control of their addresses" to "identity thieves", and how this can be such a problem in the US?

[Vicsun]

I feel that online businesses inherently run the risk of losing control of their web addresses to identity thieves, based on frequent reports of this in the US; and that the reputability of the business does not guarantee escaping this.

You've fallen pray to sensationalism, fable

What do you consider to be frequent reports? Time permitting, I try to keep up with tech news, and because breaking in to a major website is big news (this alone should tell you something - would it really be reported if it was a common occurrence?), it stays in the headlines for several days which is enough for me to notice. That said, off the top of my head, I can think of a single instance of a sensitive information being stolen from a large, "reputable business" in the past half a year and that was when records got compromised at AT&T. AT&T paid for credit monitoring of the victims, and the case is still occasionally mentioned in the news.

I'm also going to snidely point out you're using all your buzz-words incorrectly