Slashdot Mirror

Can't be done. Visa, Mastercard, and Amex all have clauses forbidding those cash discounts, which can cause a merchant's account to be pulled.

What are you talking about?

It is being done right now in the majority of the States.
https://www.creditcards.com/cr...

And even in my State, which bans sur-charges, this issue is still being litigated as we speak.

So I was about to dispute the parent from knowledge of a class action lawsuit (settled circa 2012) against the big CC players, but it appears that that the settlement was thrown out in 2016. Prior to the 2012 settlement, I recall the "cash discount" angle being treated as against the terms prohibiting surcharges.

I remember following it closely at the time due to my personal interest while at a mom&pop store. A small bit I recall is Discover getting excused from the class by removing those terms from their merchant agreement. The blog WayTooHigh covered/followed it quite well, and appears to still be up, though not maintained.

http://www.waytohigh.com

2012 class action settlement: https://www.classaction.org/bl...

2016 reversal: https://www.creditcards.com/cr...

I expect it is like most credit cards, where they are contractually agreed to charge the same amount with the card

Dodd-Frank specifically prohibits payment card networks "from inhibiting the ability of anyone to provide a discount for payment by cash, checks, debit cards, or credit cards." Some states have laws prohibiting the addition of a surcharge for credit card use, though court decisions are piling up against such laws.

https://www.creditcards.com/cr...
https://www.paymentsjournal.co...

It appears that none of the major cards are requiring signatures any more:
https://www.creditcards.com/cr...

So instead of Chip+Signature, it's just Chip vs. Chip+PIN.

In the US, a loan that is "forgiven" by the lender counts as income to the borrower, generally. https://www.creditcards.com/credit-card-news/1099-c-tax-form-questions-answers-1282.php

For #8, it's important for Americans to remember that they're not the only country in the world, and a great deal of why Apple Pay isn't accepted everywhere is because American payment infrastructure is woefully outdated and still apparently relies on signatures on pieces of paper in a great many instances.

The signature requirement is not a requirement anymore. And plenty of merchants have the technology but cannot be bothered to activate it or got to the trouble. Even some that do aren't actually aware that it works. I was in a Little Caeser's recently and they actually do accept ApplePay but there was no signage and none of the staff were aware it worked. Hell I see retailers all the time that don't even have their chip reader activated and still require the magnetic strip swipe.

Apple Pay is accepted anywhere that tap-to-pay works, so that means here in Canada that a huge and growing number of merchants accept it.

Sadly not true. There are quite a few major companies that are not willing to work with ApplePay even though there is no technological barrier to doing it. Walmart, lots of gas stations, Home Depot, Costco, Lowes, Target, and countless others don't take ApplePay. Maybe one out of 4 merchants I interact with actually can do ApplePay, and very few sit down restaurants. And they wonder why I do most of my shopping online now... (top tip for retailers: if you want me to visit your store I suggest taking the form of payment I prefer and making it easy to do business with you)

Apple Pay isn't really specifically some sort of tech magic that needs Apple specific merchant hardware to work, it just needs run-of-the-mill tap-to-pay terminals.

I'm afraid they need hardware that many of them haven't installed and even some that have just aren't willing to cooperate with Apple for various reasons.

Isn't that a violation of their merchant contract?

https://www.creditcards.com/cr...

Signatures aren't required any more.

https://www.creditcards.com/cr...

And when they are required, you can scribble nonsense and it doesn't matter.

Signatures aren't required any more.

https://www.creditcards.com/cr...

Why does the bank care (or have any say in) whether I buy $10k of cyptocurrency or a $10k diamond ring that I mail to my Russian fiance?

Because until you have paid the bill, it's the bank's money on the line, and too many people are short-sighted, scam-prone, or plain untrustworthy, and ain't nobody got time for that nonsense.

If you don't want them to have a say, use a debit card.

But their money is on the line when I buy jewelry, a jet ski, or whatever frivolous purchase I want to make, why do they draw the line at cryptocurrency? They gave me a credit limit because presumably they expect me to be able to pay it back, why do they think I'm less likely to pay them back when I buy $5000 in cryptocurrency than when I spend $5000 on airfare+hotel+tickets to go see a Justin Bieber concert?

Why does the bank care (or have any say in) whether I buy $10k of cyptocurrency or a $10k diamond ring that I mail to my Russian fiance?

Because until you have paid the bill, it's the bank's money on the line, and too many people are short-sighted, scam-prone, or plain untrustworthy, and ain't nobody got time for that nonsense.

If you don't want them to have a say, use a debit card.

But technically nothing stops you from making a cash withdraw and buying bitcoins with it or buying gold and selling that to buy bitcoins or buying your groceries on credit while spending your cash on bitcoins.

Besides the initial ~3% fee on the cash advance, the different interest rate (1.5-2.0x the "credit" interest rate), and the substantially lower cash advance limit on the account? Besides the fact that now you have cash, but no way to electronically transmit that cash to a remote cryptocurrency exchange without arranging to wire the cash, deposit the cash into a bank account and wait out the funds clearance time, or mail a money order? Well, technically... quite a lot is preventing you from doing so.

What they approve is a credit limit, it shouldn't be whether I use it to buy groceries or beers at the local pub.

It does matter, and it should matter.

The fact that you can devise increasingly byzantine and expensive ways to partially overcome their limits does not mean that the limits fail to serve a function and are unjustified.

the simple fact remains that it's against Federal law for credit card companies to do business with casinos.

Citation required. I find a lot of online information saying that some casinos won't accept credit cards for chips, and that some credit card companies won't deal with casinos for the same thing, but no federal law that prohibits credit card companies from dealing with casinos. In fact, the local casino is quite happy to accept credit cards for various things other than gambling chips.

If you are referring to Unlawful Internet Gambling Enforcement Act (UIGEA), then you need to consider that this act deals with "illegal internet gambling". While credit card companies may take the safe approach and just not deal with any online gambling operation, they are only legally prohibited, as far as the information I see about UIGEA, from dealing with the illegal sites. If this new site is legal, then UIGEA doesn't apply to them.

From here: "To be clear, the UIGEA does not make Internet poker playing illegal," Pappas says. "It simply says that banks must block 'unlawful Internet gambling' transactions, and therein lies the rub."

Credit card companies care a lot more about pissing off the Feds than they do about doing business with what they admit is a shady, untested casino scheme.

Yep. Banks, too. In Oregon there is a significant issue with banks refusing to deal with pot dispensaries, which are legal under Oregon law but not under Federal. This has created a huge cash-only business system, and created a problem for the state when it collects the taxes. They're getting boxes of cash, and dispensaries are having to tote that cash to Salem to pay the taxes. They can't just write a check -- banks won't handle the account.

and get him to put a pet bill through a Republican-controlled Congress.

If Trump proposes a bill, neither Reps or Dems will want to deal with it. He's neither one, and neither side shows him any allegiance.

This is a good opportunity to talk about why security through obscurity is bad:

Your typical credit card number has a theoretical 16 digits that are available. That's a huge number (9,999,999,999,999,999) that makes it look effectively impossible to guess. Let's pare that number down to size.

First, you aren't guessing anywhere near 16 digits. It turns out there's a lot you already know (1st digit is 4 for visa, 5 for mastercard etc.). That reduces the typical address space from 16 to 15 digits. That first number turns out to actually just be part of the bank identification number which is typically 6 digits long. All of the rest of it except for last digit is the actual account number. The last number itself is used for a checksum (Luhn) that is used to verify the number is good.

In other words to get the account number right you've only got an address space of 999,999,999. That's a significant reduction in magnitude to start with. Now let's go back to that Luhn checksum (it isn't a hash). Due to this detail you can easily validate the number to make sure that you haven't mistyped it (Luhn precedes using magnetic tape for credit cards).

The Luhn check uses a Mod 10 algorithm that excludes 90% of the previous address space. You now have 99,999,999 numbers to guess against. Your malicious actor isn't starting work in a quadrillion space number, they're working in the millions. All of that is just from the industry standards themselves. Now remember that each bank is going to have their own formulas for generating credit card numbers and that card thieves have data sets of the tens of millions - old dumps are good for providing data that can show patterns. This is a good example of how data at the aggregate level carries risk that it doesn't at the micro level.

Chances are the account number for the card itself isn't at all random. Chances are really good that the formulas used to generate these numbers for a number of large popular banks have been reverse engineered by any number of parties. You also have policies at many banks such as never reusing a number that also reduce this address space. All the malcious actor has to do is look for patterns. Patterns have a way of reducing the order of magnitude once you learn them.

The expiration dates themselves are typically within 2 years giving a range of only 24 to pick from for the typical transaction. Guess a valid account number, try it at 24 websites and chances are really good one of them will work. That leaves the CVC2 number itself, which of course isn't random either.

The system is broken, it's just a matter of time before industry must recalibrate how it works.

More below for those who are curious:
http://www.creditcards.com/cre...
http://datagenetics.com/blog/j...
http://www.darkcoding.net/cred...
http://blog.opensecurityresear...
http://www.ibm.com/support/kno...

I'm creating one software about this Subject and need good places to search...

Roger
Blog Programa de Reconstrução Capilar
http://dhtequedadecabelo.quetudo.com.br

This is a good opportunity to talk about why security through obscurity is bad:

Your typical credit card number has a theoretical 16 digits that are available. That's a huge number (9,999,999,999,999,999) that makes it look effectively impossible to guess. Let's pare that number down to size.

First, you aren't guessing anywhere near 16 digits. It turns out there's a lot you already know (1st digit is 4 for visa, 5 for mastercard etc.). That reduces the typical address space from 16 to 15 digits. That first number turns out to actually just be part of the bank identification number which is typically 6 digits long. All of the rest of it except for last digit is the actual account number. The last number itself is used for a checksum (Luhn) that is used to verify the number is good.

In other words to get the account number right you've only got an address space of 999,999,999. That's a significant reduction in magnitude to start with. Now let's go back to that Luhn checksum (it isn't a hash). Due to this detail you can easily validate the number to make sure that you haven't mistyped it (Luhn precedes using magnetic tape for credit cards).

The Luhn check uses a Mod 10 algorithm that excludes 90% of the previous address space. You now have 99,999,999 numbers to guess against. Your malicious actor isn't starting work in a quadrillion space number, they're working in the millions. All of that is just from the industry standards themselves. Now remember that each bank is going to have their own formulas for generating credit card numbers and that card thieves have data sets of the tens of millions - old dumps are good for providing data that can show patterns. This is a good example of how data at the aggregate level carries risk that it doesn't at the micro level.

Chances are the account number for the card itself isn't at all random. Chances are really good that the formulas used to generate these numbers for a number of large popular banks have been reverse engineered by any number of parties. You also have policies at many banks such as never reusing a number that also reduce this address space. All the malcious actor has to do is look for patterns. Patterns have a way of reducing the order of magnitude once you learn them.

The expiration dates themselves are typically within 2 years giving a range of only 24 to pick from for the typical transaction. Guess a valid account number, try it at 24 websites and chances are really good one of them will work. That leaves the CVC2 number itself, which of course isn't random either.

The system is broken, it's just a matter of time before industry must recalibrate how it works.

More below for those who are curious:
http://www.creditcards.com/cre...
http://datagenetics.com/blog/j...
http://www.darkcoding.net/cred...
http://blog.opensecurityresear...
http://www.ibm.com/support/kno...

There is no reason to upgrade to chip cards except to benefit the card cartels.

Do you realize that most of the rest of the world, including places like Africa, Latin America, and the Caribbean, has been using this since 2005? Hell, France was doing it in 1992. The only reason the US switched at all is because credit card fraud had finally reached the tipping point around 2012 when banks finally figured out that it was going to be cheaper to switch everything than it would to cover the increasing cost of the fraud.

Here you go:

Most card fraud occurs in the United States. In fact, a 2015 research note from Barclays stated that the U.S. is responsible for 47 percent of the world’s card fraud despite only accounting for 24 percent of total worldwide card volume.

The high level of debit and credit card fraud in the United States also impacts other countries. Among U.K.-issued cards in 2015, 35 percent of fraud-related losses occurred in the United States, compared to 10 percent in France and Australia, 9 percent in Canada and 6 percent in Germany.

Cross-border fraud occurs when criminals use a consumer's credit or debit card data in one country to make fraudulent transactions in another country. In 2014, 47 percent of fraudulent cross-border transactions on U.K. credit cards took place in the United States.

U.S. credit card fraud is on the rise, too. About 31.8 million U.S. consumers had their credit cards breached in 2014, more than three times the number affected in 2013.

That fraud isn't cheap. Nearly 90 percent of card breach victims in 2014 received replacement credit cards, costing issuers as much as $12.75 per card.

Most experts believe that the reason the U.S. has a disproportionately high amount of fraud is because it has been slow to adopt EMV, a global standard in which credit cards carry computer chips that cut down on counterfeiting by dynamically authenticating card transactions. Countries that have deployed EMV have enjoyed a decrease in counterfeit fraud as a result -- 70 percent in the U.K., for example, between 2005 and 2013.

The story is not about PIN-numbers, but rather about those additional 3-digits of the "security code" on the back (usually) of your card, which are increasingly required for transactions, where the vendor's representative (such as cashier) can not verify the card personally.

I want DRM'd money to spend on DRM products.

That already exists. Credit card payments are subject to chargeback, and PayPal payments are subject to PayPal's purchase protection policy. Both give the buyer several months to report a seller who refuses to correct issues with a product that is not as described.

Credit card companies like two kinds of customers. The first are people who spend a lot and pay it back every time.

Credit card companies don't really like this type of customer, internally they call them deadbeats.

Since when are banks that issue payment cards no longer willing to let a cardmember add a joint account holder?

Why would I want to become an authorized user and have her card show up on my credit report? The current system works very well.

Then perhaps that bank needs to Discover some cardmembers that aren't you.

LOL...with as much money as I've made off them? Not a chance. They've done many things to annoy me, but I've made about $2500 off them in the last 6 months alone. I can deal with separate accounts.

Very convoluted trail you are leading me down to avoid cookies.

And there's no way most banks are going to let me pay her card from my account.

Since when are banks that issue payment cards no longer willing to let a cardmember add a joint account holder?

Hell...Discover, for example, won't even let me manage my own two cards from the same account...I need a separate online account for each card.

Then perhaps that bank needs to Discover some cardmembers that aren't you. Facebook gets a lot of things wrong, but separating auth and auth is one thing it gets right: each person has one account, and that account is connected to resources.

But thanks for clarifying. Now I have a sound bite to use against cookie haters: Basic auth is broken because logout in long-running browsers is broken.

Not quite RSA type, but one time pads.

http://www.creditcards.com/cre...

What smart phone can do that? (unless you mean contactless payment, but that has nothing to do with magstripe cards

Here you go...

http://blogs.creditcards.com/2...

I would love to get some confirmation otherwise.

See Four for information about how the EMV transition will work. Basically there are two entities involved in determining whether to use chip and pin for each transaction. The card issuer has to issue a PIN for the card. The payment processor has to have hardware and infrastructure to verify the PIN in order for the chip and PIN portion to work. The payment processor works on behalf of the merchant accepting the transaction. Everyone wants to pass the financial responsibility of fraud up the chain from merchant to the card issuer. Eventually the US will transition to chip and PIN just to avoid liablity.

Thanks for the confirmation, and additional info about the bike rental stations. I don't think the Target breach had anything to do with the move to chip cards. There was a deadline established years ago for everyone to move to the new system by October 2015 (in most cases). This article has some pretty good information on this shift, and current progress.

Let us know which banks you've found so far that are issuing chip and pin cards. I've been following this for a while and looked a few months ago and they were very rare. However, someone commented further down that Wells Fargo cards are both signature and pin, which is pretty cool.

Those exorbitant interest rates credit card companies charge are to pay for deadbeats who don't pay back their credit card accounts, not fraud. (Empasis added.)

FYI: In credit card parlance, a deadbeat is someone who pays off their card every month. The people who don't pay it back are customers [citation needed!].

Since 1/2 of all fraud is card-not-present fraud (that is internet/ phone purchases) the maximum reduction in fraud rates is 1/2. And in the future even more transaction will occur on line. Furthermore at present a lot of card cloning fraud is low tech not massively organized. internet fraud can be automated. If you cut off the low tech hustlers from their quick cash opportunities they will just sell the credit card numbers online to the organized crime operations providing even more fraud.

The real problem is that now the end user is responsible if their card is somehow used. You are now presumed guilty because you did not protect your pin. (which can easily be scooped with a video camera or a rigged terminal.)

http://www.creditcards.com/cre...

I guess it comes down to how difficult it is to load the stored value card, doesn't it? I view this as tantamount to the amount of cash I'm carrying vs the cash I have in my ATM-linked account. I'm willing to carry several hundred in cash. By the same token, I would be willing to carry several hundred in stored value. More than that and cash gets unwieldy. I blame the government for refusing to issue larger denomination bills despite inflation.

What stored value cards can give you is a way to purchase things anonymouslyespecially online purchases, which is otherwise a nigh-intractable problem. Yes, some places take money orders, but you have to go get one, mail it across the country to the merchant, wait for it to clear due to fraud paranoia, etc. Bitcoin is really a non-starter for commerce, comparatively speaking.

It's generally easier to replace a lost/stolen/destroyed stored value card than it is to try to reassemble fragments of cash. Yes, you should keep your documentation for the card, but we are comparing that to scotch tape + fragments of cash. And this is with *existing* technology, not some purpose-designed reloadable smart card stored value thing.

I think you are strongly underestimating the amount of tracking and profiling that happens when you make purchases using a credit card. I presume you're familiar with Target's "pregnancy detection" profiling that caused an uproar a few years ago. What about Facebook linking the purchases you make in brick & mortar stores to ads they have shown you while you're browsing? Yeah, that one surprised even me: directly linking in-person purchases to online browsing done elsewhere. Grocery stores/Walmart know exactly what you buy when you swipe, and they log all that... I bet a person's alcohol/tobacco purchase profile over the years would be quite valuable data for an insurance company. Furthermore, this kind of "third/fourth party" access is how the government works around a lot of 4th amendment impediments: they just buy the data from a broker when they couldn't constitutionally obtain it otherwise.

Like I said, I use credit cards. Hell, I probably use them for the majority of my purchases. I am just aware of the fact that each time I use one it is adding data to databases that are used to build profiles. And data in databases never dies; perhaps today's "creepy tracking" is fine, but I don't know what kind of innovations they will come up with in the future.

So, I protect my privacy as I deem appropriate through the judicious use of cash or stored value cards. I suppose this is also a matter of perspective: I consider the risk of database purchase profile data to have a larger potential for adverse consequences for me than the risk of losing the amount of cash/stored value I carry.

Just a quick link for more details here

Never own a credit card. They are all scams and are far more likely to ruin your credit than help it.

That's basically lowest-common denominator advice -- a better piece that is still a simplification is to ensure your credit card use is always backed by cash (your accounting tips may help in tracking that independently of the banks). A majority (admittedly not a vast majority) of people pay in full every month, and thus do not lose and typically gain from credit cards (other than possible cash-only discounts which aren't super common and imply no debit card either). cite: http://www.creditcards.com/cre...

I agree that it's exceptionally rare that doing anything other than paying in full every month is a good idea, *especially* when you need that cash to eat because that starts a death spiral.

[...] and why paying off your house before retirement is bad.

Also an oversimplification, this one dangerous. There was a time when mortgage rates were higher than some credit card rates...

This style of card is becoming more common in Europe right now, and a lot of automated terminals won't take a card that only has a magnetic stripe, apparently.

It is almost universal in Europe (95% of terminals, 85% of cards, two years ago), and plenty of other countries. A card with a chip is almost essential if you travel to Europe -- I can't remember the last time I saw a ticket machine (or similar) accept a magstripe.

http://www.creditcards.com/credit-card-news/american-travelers-guide-emv-chip-cards-1271.php is informative. I'm not convinced by '"In fact, as a late adopter of EMV, there's a great upside for the industry in the U.S. because we can avoid much of the cost and complexity involved in deploying older-generation chip cards, while still reaping all of the benefits of reduced counterfeit fraud,"' -- the US industry has had 10 extra years of fraud! (I have to phone my bank before using my card in the US, and give them the dates I will be travelling. Numbers are stolen in Europe, and used on fake cards in the US.)

then use a debit card. or did you not read the part where this is for credit card fees, not debit card fees?

There might not be fees associated with the Debit card.. but legally you don't have the same protections that you do with a credit card .. That said .. I'll be walking out leaving stuff at the register if they attempt to charge a fee..

Legally does not matter when you contractually are offered the same protections: http://www.creditcards.com/credit-card-news/herigstad-debit-cards-consumer-security-1294.php The only real difference now a days is rewards.

Then by your argument loan sharking and preying on the elderly with scams should be 100% legal, after all they should know better, right? Ponzi schemes, pyramid scams, ALL of that should be legal, is that what you are advocating?

And by your definition adjustable rate mortgages and credit cards would be illegal, is that what you're advocating? After all they should know better then to sign up for that $600 mortgage that's going to jump to $2,000 a month in a year or get that 79% interest rate credit card that they'll never be able to pay back.

The credit card companies in the U.S. could take more measures to prevent the credit card fraud in the first place. The fact that they don't implies to me that they just accept the fraud as a cost of doing business, passing that cost on to their customers.

http://www.creditcards.com/credit-card-news/outdated-smart-card-chip-pin-1273.php

Merchant accounts generally forbid minimum purchase amount policies

This used to be true, but no longer is.

http://www.creditcards.com/credit-card-news/credit-card-minimum-payment-purchases-law-1282.php

The credit card companies don't like this of course and in fact the agreement that merchants sign with Visa and MasterCard specifically prohibit them from setting a minimum transaction amount. Theoretically if enough people complained Visa could cut the merchant off.

That used to be the case, but not anymore.

Sorry, but I don't buy it. I posted something similar above, but please explain how pushing transaction speed from 50 microseconds to 44 microseconds actually benefits any normal person. I honestly don't believe it does. But, the HFT who has that faster algorithm becomes tremendously wealthy while the 10% slower algorithm is put out of business.

You can state that you are providing liquidity to the world, which you are, but compared to the liquidity we had perhaps 10 years ago, I really don't see how you're work makes anyone's life better except perhaps your own. And it all brings with it the risk that my own stock holdings may be decimated in literally the blink of an eye. The fact is, your line of work is looked down on because you are essentially gaming a system. Comparing it to cars used in traffic is not accurate. HFT is more similar to the people who used their credit cards to buy $1 coins for the frequent flier miles, and then deposited them in the bank.

http://www.creditcards.com/credit-card-news/mint-closes-loophole-ends-credit-card-coin-sales-frequent-flyer-flier-miles-1263.php

It's called a "Prepaid Card".

Several are listed here. but you should be able to walk into walmart, kmart, target, and many grocery store chains and buy a prepaid MasterCard or Visa card.

And if you can buy the card there, you can walk back in there with the card and a handful of cash and say "Put this money on here." and have them do it for you.

In November 2008 there were 28.8 million credit cards in Mexico and 10.7 million debit cards (source).

The population of the country is about 110 million.

The US has the highest usage of "plastic" money in the world, so data linking between service purchases and card registered addresses work very well there. It doesn't necessarilly work in other nations.

In my experience (all of it outside the US, but including Canada which is some regions has a similar commercial-culture), anywhere in the world one can easilly get a pre-paid mobile phone account and top it up with cash only.

I don't know a single business, be it 7/11, the grocery store, auto parts store or whatever, that does not accept a debt card,...

You need to get out more. Countless businesses don't accept credit cards and debit cards. Heck I OWN a business that doesn't take credit cards for non-internet transactions. Many don't accept checks, and even a (very) few don't accept cash. The transaction fees on debit and credit cards are too high for many low dollar transactions. Many government transactions prohibit using credit/debit cards by law.

BTW there is a LOT more to direct debit than debit cards. You'll notice I never mentioned debit cards because the issue is larger than just debit cards. Debit cards are not a viable substitute for checks by themselves because you need a merchant account to accept payment.

Huh? Where are these bank accountless people you speak of? Surely they are in a tiny minority.

By some accounts as many as 25% of Americans lack banking accounts as of 2001. Even the most conservative estimates put it in the millions. In any case it's a very significant number. You don't have to take my word for it either.

There's lots of compelling reasons to switch.

I agree there are reasons but the fact that folks haven't converted is proof positive that they aren't compelling. Bear in mind the word "compelling" because that's the important bit - and I don't mean compelling to me or you - I mean compelling enough even my 90 year old grandmother will care. To her a direct debit is something new and complicated which does not improve her life in any meaningful way.

Everybody I know uses debt cards first, credit cards next then cash and by last resort a check!

You must have a small group of associates since Visa cardholders alone accounted for over $1 Trillion in purchases in 2006 and there are over 450 million credit cards being carried in the US alone. That's 1.5 cards per-capita. Personally I don't even have a debit card, I buy everything possible with a credit card which I pay at the end of the month, and use checks or cash when required. I'd rather earn interest on the float plus I get a percentage back. Debit cards are useful but can be an unnecessary risk if you are responsible with credit.

Especially when dealing with people like you who seem to have no foresight and are quite content to remain behind the times based on irrational and unfounded assumptions... The rest of us have moved on long ago....

Well aren't you the clever little troll who knows what is best for everyone else. I'm just a certified accountant with masters degrees in finance and engineering so clearly I have no idea what I'm doing when it comes to managing money.

When you grow up and get out into the real world come on back and if you can be civil for a change we'll have a nice little debate.

The people arrested were in several nations. What is unusual and a bit frightening is that it seems like they were able to get arrest warrants or whatever was needed crossing international lines really quickly. It almost seems like some uber government organization was at work on this affair.

Only seems to be the case if they happen to cross over into a pro-western country. If you want to break the law, appearently it's relative safe in the former Soviet states.

Suspects seem to be relatively safe so far in much of the former Soviet Union. From the cases I've read, the only ones caught were entrapped somehow (convinced by the feds undercover to come to the US or elsewhere) or in this case, on vacation.

Then, you have cases where the feds try to make an arrest in former soviet states and this happens They capture the guy, know it's him and then two most likely corrupt members of their paliament "vouch" for him, lol. Pretty certain he had or was working with mafia connections. Most likely, he's back in the scene now stealing more credit cards. In many ways, this is exactly like the war on drugs.

The moment I ask "how much?" and they tell me, they have entered into a contract to supply the goods at that price or a lower price if they can't make change.

Probably the hacking didn`t target the database itself, but used more conventional ways of getting into the system. In any case, even firewalled and password protected ssl dbase connections can`t stop someone from getting in if he has enough knowledge about the system and it`s protocols. And usually this can only be the case if someone lets a security fish out of the box for some reason..

Isn`t it ironic that the affiliates of the company are listed under "e-commerce solutions : success stories".. if I would be a customer, that would certainly bug me. What REALLY bugs me, is that this story is allready 4 months old + that the news came from the hacker, not the company. I would certainly think #NAN times again before using one of their 'success story affiliates' again, because a bankcompany that doesn`t even warn me that my creditcarddata might compromized is ranked much much lower than one that does at least have the guts to tell me, at least in my book.

The list includes such e-nobodies as "iKnowledge", "eCashier", "SpyGate", and the "Christian Concert Authority." And those are the more plausible-sounding of the bunch...

They've got a funny logo on their homepage

"We make hackers go Ka - Chingg"

- [grunby]