credit card details on consumer websites

hertz

Hi

I have been purchasing various things off various websites for a while now, things like books, DVD, flight tickets etc and I have noticed that some websites retain part of your credit card numbers. An example is Amazon. I noticed these sites have blocked out most of the numbers except the last 4 digits.

How safe is this? Is it not easy for other people to crack your password and log into your account on that specific website and then place orders to another address? For example.

hertz

Tim M-U

Amazon and most other websites ask if you would like your credit/debit card information stored on their website for your next custom.

Nearly all websites that you give personal info to (like address,, creditcard info) have SSL secure certs. This is what the Padlock is to the right of the url address in your browser (on IE anyway!). Any websites that dont have a secure cert and request credit/debit card details will result in your browser reminding you that website hasn't a secure cert.

How safe is this? Is it not easy for other people to crack your password and log into your account on that specific website and then place orders to another address?

As i way saying, websites having secure certs are nearly impossible to crack passwords (unless you have a password like 'password'). Another way is if the hacker has your email info and is possible to brake your email password if it is not SSL secure.

seamus

hertz wrote: »

How safe is this? Is it not easy for other people to crack your password and log into your account on that specific website and then place orders to another address?

The primary issue here is how safe *you* keep your password.

As the above poster mentions, you have the option for these sites to not retain your credit card details.

Most fraud which occurs when an account is compromised occurs for the following reasons:

1. The person uses the same password for all or most of their online accounts (shops, email, etc)
2. They sign up to a lot of sites unneccesarily, many of whom store this password in plain text.
3. They have no qualms about sharing their password out or clicking "remember me" when surfing in public or sending their password via email to people.

Generally what happens is that hackers intercept a password, for example for your account on WAYN.com. So they log into your WAYN account, and look at your email address. Then they log into your email account and find out what sites you've been using (such as Amazon or eBay). They then use your email address and password to log onto those sites and do whatever.

The advice from some quarters is to use a different password for every site. This is not a real option and studies show that it actually makes people less secure because they simplify or increment their passwords (such as "pwd01", "pwd02", etc) to avoid forgetting them.

Best practice would be to maintain 3 password:

1. A "good" password for any sites where you make financial transactions - banking, buying, etc.
2. Another "good" password for sites which are important, but non-financial, such as email, facebook or photo sites.
3. A third password for everything else, such as web forums or blogs.

I would also maintain a second junk email account for things like web forums. If that email account is compromised, they won't see any useful information.

Also, if you ever get an email from a site, telling you what your password is, cancel your account or use a password you'll never use anywhere else. If they can email you your password, that means the password is unencrypted on their server, and anyone who has access (lawfully or otherwise), can see that.

hertz

thanks for the feedback, some things to think about and possible change!