Ask Slashdot: How Safe, Really, Is Paying For Things Online?

An anonymous reader writes: Due to the rash of intrusions into electronic payment systems lately, I've decided to go back to paying cash for everyday purchases, groceries, fuel, and anything else I pay for in person (which also has the positive effect of making balacing my checkbook every month that much easier). The question I have is: For the monthly bills it's just not practical to pay in person (utilities, for instance), how safe are those?

Five minutes of research is telling me that mailing paper checks isn't any more secure than online electronic payments and in fact may be even less secure, but short of literally showing up at the electric company, phone company, ISP, and so on, and paying them cash in person, I can't see any other way to pay them. So how safe is it right now, honestly?
I'm always interested in how Slashdot readers secure their own personal finances -- but how high is the danger that a remote malefactor will hijack and then drain your bank account? Leave your best answers in the comments. How safe, really, is paying for things online?

old movie

[turkeydance]

"Is It Safe?" https://en.wikipedia.org/wiki/...

Re:old movie

[MangoCats]

Been paying for stuff online since 1999, frequency of CC number changes is about the same pre and post... occasional bogus charge shows up, call the company, charge is reversed and we get new card numbers... no drama, minor hassle, way better than mailing checks.

Re: old movie

[dougdonovan]

https is fdic safe to $250k.

Re:old movie

I don't know why anybody in the US even cares about credit card theft at all. Unless you're with a downright crappy bank, you aren't liable for even one cent worth of fraudulent charges. You get people who fret over buying those ultimately useless contactless credit card shields and trying to go back to checks (seriously?) for nothing.

In the EU I could see avoiding it because they have no concept of zero fraud liability and the banks are allowed to stick it up your ass. But EU is so poor that restaurants charge money for water and don't even give free refills, so this behavior is expected.

Re: old movie

[Gay+Boner+Sex]

Or do the obvious.

First many banks pay to open accounts so open an account at a bank that is paying those rewards, Every month simply transfer enough to pay your bills to your new PAY OUT ACCOUNTS. For example you can have an account just to pay your electric bill. Leave the required residual in the account so it is not closed. This way if the account is hijacked all you can lose is the electric bill payment. i also use PayPal a lot. So imagine that you set up ten accounts at banks offering sign on bonuses. Mine pay anywhere from $50 to $500 to open an account. Assuming your are all $50. reward accounts you will still quickly and easily earn $500 for a few minutes work. Meanwhile your funds earn interest in your regular account and you never, ever, pay bills from that account so you earn more interest. On most accounts with rewards you are free to change at the $90 day mark. So you can do this many times a year. Also you can earn referral fees for steering others to open accounts so work with a friend and refer each other frequently. Currently some people can actually earn a living simply opening and closing bank accounts.

Re:old movie

[Spazmania]

Paying for things online is perfectly safe. Any reversible transaction is safe for the payer.

Receiving payments online is much less safe. Transactions without effective non-repudiation offer risk for the seller.

Re:old movie

[cheesybagel]

Just use a credit card, set a low limit on the volume of outstanding transactions, and check the if the expenses listed are legit before you pay up. If not then report it.

Re: old movie

[aaarrrgggh]

Well, if you travel, generally you try to have three or more cards: one in wallet, one in sock or other hidden place, and one back at hotel. A new card can generally be at the hotel within 48 hours when you contact your issuer.

Re: old movie

[Khyber]

" i also use PayPal a lot."

Ha! Hahahahaha! HAHAHAHAHAHAHAHA!

They're one of the worst.

Re: old movie

[Shalian]

You open 10 accounts taking 10 hard credit pulls in a single year, your rating is going to be in the sub 500 range. Good luck buying a house or car in the next half dozen years. You'll probably be declined by card 5 or so from just the speed the hard pulls are coming in at.

Re: old movie

European restaurant not taking credit cards ? I soooo doubt so. I paid by credit card even in romania. Well , unless you're using american express, that one is rarely accepted anywhere. (I'm french).

Re:old movie

[Calydor]

But EU is so poor that restaurants charge money for water

At least they don't fill the water jug from the broken toilet out back.

Seriously, how did you turn this discussion around to bashing the EU? Got an agenda going there?

Re:old movie

[rtb61]

The law is fairly clear, the onus of credit card purchases is upon the person who accepts the card. It is their legal responsibility to ensure the person entitled to use the credit card is the person attempting to use the card. How this is done is pretty hairy fairy ie they pretend to check properly but it is nearly impossible to do, unless cards come with pictures and thumb prints and the those items are secured. Now as that security is pretty much hairy fairy make belief, the credit card companies came up with the lie of identity theft, implying you the card holder as the victim, which is a lie, because the person who accepted the use of that card is the victim.

Properly legally speaking, in the event of any credit card dispute, the person who accepted the card must prove the authorised card holder used the card, where that fails, the person who accepted that card should be charged with fraud, until they can prove they were cheated ie they did not just attempt to wilfully defraud you and they were in fact defrauded. This of course puts a huge legal onus on the acceptors of credit cars, hence the PR=B$ lie about identity theft. They never ever cheat you, they defraud those who accept the false details and those who accepted the false details have committed a crime against you and should be charged with fraud until they can prove they were cheated.

So the credit card companies will lie to you face, will spread lies via main stream media, will endeavour to cheat you (keep in mind they hold the money from the claimant and you, whilst the collect interest), so the major financial institutions can not be trusted. Cash is pretty much the safest, apart from one thing, use to much and meth addicted law enforcers might kick down your door and empty their pistols into their chest because too much cash, means 'er' maybe drug dealer but anyone steal all the cash anyhow and if they are dead they wont complain.

Cash is still king in Japan though, so safest on the planet is cash in Japan. Technically least safe is cash in the US (raid and being shot risk factor), weird huh ;D.

Re: old movie

[dknj]

When you have a 30 year mortgage, you don't really need to care about your credit rating. A mortgage will bring a 500 back up to a 700 in 6 months

Re: old movie

[John.Banister]

Paypal may suck for receiving money. They're great for hiding my plastic when I'm spending it.

Re: old movie

Lol... please do stay in your parents basement and never do any type of traveling...

Last year i visited 6 countries in the Europe.. 2 of those where eastern europe that's not part of the EU..
Only place where i had an issue with paying by card was in Ukraine in some tiny kiosks and some of the local "uber" like services..

Last time i was in the US i had more issues when paying by card. (card randomly refused but accepted the other card, or it worked the second time around / problems the uplink and no offline-purchase allowed and so on)

Re: old movie

I have lived in Europe for all my life and I've never, ever been in a restaurant that only takes cash. Some may not take credit cards (I've never tried to pay with a credit card in a restaurant in Europe), but so far they have always, without exception, accepted a normal bank card.

Re: old movie

[BlackPignouf]

Paypal can suck a lot if you're the developer of a suddenly well-known game and receive too much money in a short time. It can suck if you're responsible for a charity whose goals don't fit Paypal's.

But for the average Joe (including myself), it's pretty much perfect, easy to use and free.

Re: old movie

LOL Amex, if you travel much you would know how fucking useless that card is as most of the world don't accept it. regardless plenty of places people go overnight shipping just aint possible and losing a couple of days of your holiday just because you didn't put a 2 dollar shield over your card seems moronic (FYI from my travel experience the most likely item to be lost or stolen is your fucking phone not your wallet).

Re: old movie

I actually live in the EU and what you sais is complete bullshit. If there are fraudulent charges on my credit card *or* I don't receive goods ordered paid for by my credit card, I will get a full refund.

This is the law, and I can't waive these rights even by signing a contract that would say so.

Re: old movie

[jellomizer]

However if you lose your credit card chances are you will also lose you cash. As most of us usually keep them in the same place. However with things like Apple Pay, you have a secondary access your card services. As you normally don't keep your cell phone in your wallet. For people who carry purses, then that is still a problem.

Even with all the Cyber-attacks. You are still safer using your credit card, Vs having to carry around a set of paper and medal disks. Where they can get lost, or just tossed out (Pennies) just because the inconvenience of having it is greater then its value.

Then these physical currencies can get destroyed from fire, where if it cannot be collected. Sure the US will try to refund damaged currency. But only what it can prove. If you give them a box of ashes then you are out of luck.

Finally your money is at risk all the time. The paper is just a note saying the government IOU, for these services. When your money goes into the bank. It is all digital just a number, which gets moved to different banks, pays for peoples loans, even the cash will be used to cash the next guys paycheck. In this digital form it is at risk of digital attack again.

Re:old movie

[Lehk228]

the person who accepted the card must prove the authorised card holder used the card, where that fails, the person who accepted that card should be charged with fraud, until they can prove they were cheated

+4 insightful? really? maybe +4 Weapons Grade Retarded

Re: old movie

[nukenerd]

... Amex as a corporate card. Maybe 50% chance it'll be accepted in Europe. It's crap.

Nowhere near 50%. In the UK I still have an AMEX card in theory, but not used it for 5 years. I used to use it for the Brownie points cash-back it gave, but now you need to spend about a billion pounds a day to get any cashback at all, and more and more places now refuse it anyway (I gather it costs retailers much more than other cards); those that do tend to be hotels and up-market restaurants.

Re:old movie

[nukenerd]

EU is so poor that restaurants charge money for water

In the UK there is an old law that you can go into any public house and be given a free drink of water if you ask for it, and then leave. AFAIK that law still exists but I have never seen anyone invoke it.

Children used to in olden days. Charlie Chaplin described (in memoirs?) doing so in The Crown pub in Borough High Street (just south of London Bridge) c1900. The significance was that the landlord turned out to be one of the great poisoners, and one of his poisoned wives was dying in the room above Chaplin as he drank.

Re: old movie

[Shoten]

When you have a 30 year mortgage, you don't really need to care about your credit rating. A mortgage will bring a 500 back up to a 700 in 6 months

This isn't exactly true. 1, it depends on who's FICO score you're looking at: two of them ding you for having a mortgage that is, essentially, too new. Another also dings you for having too much of a mortgage balance...so if you've put down less than a 20% down payment (if you can, why do you have a FICO of 500?) that will also actually lower your score, not raise it. The concept that FICO is some standardized, monolithic, and consistent measure is false; creditors refer to them as "fake-o" scores. Another way to look at it: if the FICO score were a reliable, end-all measurement, then creditors would only rely on it, and not require an actual credit report for things like opening credit cards, auto loans, or mortgages.

And I get the sense that you don't know what you're talking about on a broader scale...because suggesting that someone with a FICO score of 500 get a mortgage is like suggesting that a registered sex offender get a job at an elementary school. Creditors aren't going to give someone the time of day with that score.

Re: old movie

[reboot246]

Better yet, my bank offers a loadable debit card. Just put what you're going to spend on it and then after you spend that amount the balance drops to zero. Loading the card can be done from your phone and it's instantly available. I've loaded mine right before checking out at a store. Your phone notifies you immediately when money is put on the card or removed from it.

If somebody does steal the card, there's no money to steal and the card can't be used to empty your checking account.

Re: old movie

[ls671]

What do you mean free? They charge me ~4%. I don't recall the exact percentage.

Re: old movie

[orlanz]

Where do you travel? I have traveled all over the US and over 5 years, I have come across THREE locations that didn't accept plastic. Plenty of places that won't take Amex, & Discover. A few that didn't take MC, but that's about it.

Re:old movie

[Swave+An+deBwoner]

I don't follow your gist about CC companies making up "identity fraud" to cheat their customers, but when I've had bogus charges on my CC they were either rapidly picked up by the CC company and reported to me to allow or disallow or else I noticed them when I did a periodic online inspection of charges and called the CC company. The result in every case was that I was not charged a penny and the CC company express mailed me a new card.

Every time I have been robbed of cash or accidentally dropped cash from my wallet, on the other hand, it was gone forever.

Re: old movie

[fahrbot-bot]

When you have a 30 year mortgage, you don't really need to care about your credit rating. A mortgage will bring a 500 back up to a 700 in 6 months

Having a mortgage can help, but isn't necessary. I paid off my mortgage in 2011 and now my credit report only lists 3 active items -- 3 credit cards, which I pay off every month (and always have), though I only use 1 routinely. My credit score is 840. Things may change in 2021 when the paid-off mortgage expires off the file -- I'll let you know :-)

Re: old movie

[BlackPignouf]

They charge the seller, not the buyer. And if you want to send money to family/friends, it's free as well.

Re: old movie

[Rakarra]

They charge the seller, not the buyer.

The buyer pays for it either way, in the guise of charges from the seller.

And if you want to send money to family/friends, it's free as well.

Be careful not to abuse that -- plenty of people use that for commercial transactions, then get butt-hurt when they find themselves banned.

Re:old movie

[mjwx]

Been paying for stuff online since 1999, frequency of CC number changes is about the same pre and post... occasional bogus charge shows up, call the company, charge is reversed and we get new card numbers... no drama, minor hassle, way better than mailing checks.

My cards last 3-4 years... because that is when they expire.

I've only ever needed to replace one card before the expiry date, if you're frequently needing to dispute charges and replace cards, you're not being very safe with them.

How secure your online spending is, depends on how secure you are. If you put your card number into anything and everything, don't be surprised when someone else starts using it.

Some people may call me paranoid, but I wont use my card on any system I don't expressly trust. This includes my work computer, gaming computer and Windows OS on my laptop. I have a separate install of Linux Mint on my laptop I use exclusivity for purchases and sensitive operations. I don't use it for general media consumption or dicking around on the internet. I keep it patched and updated. I will also occasionally use my phone, but that's another device that is treated with care and runs a secure OS.

Re: old movie

[BlackPignouf]

It depends. Many buyers ask the same price for all payment options, some add a fee for Paypal.

I only use family/friends payments for family & friends :)

Re:old movie

[KingBenny]

i prefer bancontact mister cash in any case but im not sure what the equivalent in america would be ... the digipass requires 3 codes to be entered and it gives two codes back to enter to the website, i think that should be pretty safe
i have acquired a credit card not too long ago but its pre-paid . I dont see how that thing could be considered safe since all you need is the numbers ... any keylogger, local access, you forget your wallet for five minutes anything at all where anyone can simply read it, backdoor screenshot, whatever and its done , no extra control, nothing, the three numbers on the back are supposed to be the safety, right?
i havent charged it since i went to venice in february, its gathering dust
paypal has fracked me out of my account asking like "when did you start it" ... how the hell am i supposed to know that so i havent used paypal since and okpay (if you know that) which is a great system but more aimed at people with money than it is at me hasnt let me log in since it was bought by moneypolo. A big deal is a relative thing since i keep like $200 in there but a cent is a cent, its been eight days , support hasnt replied and the moneypolo interim page says i "will have to login several times for my account to migrate" funny thing is day one i could, one week before i had my email changed, now i cant
so what's safe huh ? id prefer cash money in supermarkets too since for some reason in 2017 i dont trust banksys not to link my purchase history to my profile (which they ofcourse dont keep) and when im out i definitely prefer not to carry more cash than 20 or 50 at once (not in the habit of buying bottles in the VIP)
and the baker and the butcher dont accept bitcoin , so ...

ApplePay FTW.

[jcr]

One-shot accounts work for me. I go to a site, hit the Applepay button, my phone asks for my thumbprint, and i'm good to go.

-jcr

Re:ApplePay FTW.

[93+Escort+Wagon]

It doesn't seem like many websites support this option, though.

its not

[Bite+The+Pillow]

Not all that safe. But my credit card gives me a window to dispute charges, and a level of indirection I'm comfortable with.

Re:its not

[murdocj]

Not to mention my CC company seems to detect fraud attempts almost instantly.

Re:its not

Agreed. Most of the major CC providers are more than helpful with security breaches. Having said that, my formula for banking security is:

1. Credit card for online purchases.
2. Debit card for ATM transactions with my main bank account. Generally debit cards have the same kind of protections as credit cards these days, but better safe than sorry--assuming I don't run afoul of a compromised ATM. Most of my cash withdrawals and deposits occur face-to-face with a bank teller, however.
3. Cash for in-person transactions.
4. Separate bank account for my savings with no access via any type of card and never used for any kind of transaction other than in-person withdrawals and deposits.

Re:its not

[MachDelta]

3. Cash for in-person transactions.

Unfortunately, I find that this is steadily becoming more of a hassle. I tried to pay for something with cash at Best Buy recently, and the poor young teller looked at me like I had just asked her what color her underwear was. Instead, I had to go to customer service to pay with cash like some kind of paleontology museum escapee... which was fine with me because the girl working at customer service was downright gorgeous. But next time when Bill the balding floor manager is on shift, then it's going to be an inconvenience.

Re:its not

[skids]

Watch those change-in-term notices from your bank and CC provider. Recently mine reduced the standard of liability on debit card transactions. And online bill pay has less protection than the cards do... though supposedly they are limited as to how hard they can shaft you by Federal Reserve Regulation E. At least until the Fed gets seeded with cleptocrats.

I actually sacrificed a bunch of interest income to deactivate online banking, as it cannot be deactivated while keeping electronic statements, and you don't get the better rate if you are getting paper statements. That and the upside-down rate structure of that checking account has me occasionally browsing around for a different bank, but they all pretty much suck with what appears to be the same re-branded package deals from some upstream providers.

Re:its not

Nope nope nope.

US credit cards are basically stupid. Use Apple Pay, never use the physical card if you don't have to.

1. Credit cards for online purchases if possible. Do not use ACH
2. Debit cards in the US have similar protections to credit cards, however that is only true for the US.
3. Never use cash in person, that makes you a target.
4. Put your savings into a brokerage account or a high-interest savings account that can not be accessed via the debit card.

Outside the US, Tap-to-pay and Chip+pin actually works, so you you can use Apple Pay effectively everywhere, though most debit cards in Canada have yet to jump on board, most credit cards have.

The US however is still ass-backwards and instead of chip+pin they went with chip+sign which is barely any better than before since it doesn't require authenticating with "something you know", unless they turn off the magstripe readers overnight, carders can still skim the mag stripes.

Outside the US, most places will refuse to use the magstripe until after you've tried the tap-to-pay and chip+pin

Re:its not

[Applehu+Akbar]

Walking around with cash is statistically more dangerous than using credit cards for everything, in the same way that the most dangerous part of a flight is the drive to the airport.

Re:its not

[aaarrrgggh]

Sorry, but debit cards are for idiots. If you are going to use plastic, get a benefit from it, and also reduce your risk!!

Re:its not

[Khyber]

Al I need is a picture of your ApplePay screen, in high-def, and your shit is now my shit.

Worst security ever. Can't even protect you from someone peeping over your fucking shoulder.

Re:its not

[avandesande]

Heck even the police will take it from you if you have enough of it

Re:its not

[skids]

Yeah, these are credit unions... the banks suck even worse.

Re:its not

[BlackPignouf]

- Bob, how many donuts could we buy with $10 000?
- I don't know, around 300?
- Ooooohhhhhhh. Step away from your vehicle, sir!

Re:its not

[Rick+Schumann]

Are you here in the U.S.? If so then I'm surprised to the point of not believing you when you say you had to take an extra step just to pay with cash. Is that just the one Best Buy or is it all of them? Did they give you a reason why?

Re:its not

[Rick+Schumann]

I really don't care. The risk of having my entire life ripped away because some company or other got hacked looms much larger in my mind than someone mugging me for my wallet, which by the way never has more than $100 in it regardless (I don't walk around with thousands). Besides which I'm never anywhere that I have to worry about being mugged.

Re:its not

[atherophage]

My ISP tacks on an additional $2.00 to my bill should I have the audacity to pay in person at one of their office locations.

Re:its not

[CODiNE]

I know a guy who responded to a for sale ad to purchase a classic car. He had to drive some distance to pick it up, and had something a bit north of $10,000 on him during the trip.

Well as you can imagine, he got pulled over by a cop and his cash was confiscated. He was not charged with any crime. Just robbed by the police and sent on his way.

Re:its not

[Applehu+Akbar]

So you don't walk around with mountains of cash for making payments, then? Do you pay with magic pixie dust?

Re: its not

[orlanz]

I really don't care. The risk of having my entire life ripped away because some company or other got hacked looms much larger in my mind...

And that is the core issue on this topic. Use whatever you feel more comfortable with. I am not going to convince you that your fear is seriously misplaced in comparison the the 1000 other riskier things you do on a daily basis.

So you keep paying in cash or whatever and I will keep using credit... and getting my cash back rewards.

Re: its not

[orlanz]

From a liability standpoint, companies & their insurance companies do not like cash sitting on the floor. It maybe $20 for you, but that easily adds to 5 figures in minutes across the stores.

Also, the transaction got booked in the system but the cash behind it will take a riskier and more expensive route to get to the coffers. A electronic IOU is far safer.... YES, even with all the hackings going on across the system.

Re: its not

[Rick+Schumann]

Yeah? Let me tell you something your rampant credit card use is doing that you never considered: You are providing ALL SORTS of personally identifiable information to credit card companies, retailers, and whoever else can get their hands on it, about how you conduct your life, what you spend your money on, and they are creating a more perfect profile of you with that. Are you enjoying having your privacy invaded like that?

That's the other part of this I never mentioned: I can preserve more of my privacy by paying CASH for things I buy in person anyway.

There is little risk to my carrying up to a couple hundred bucks in my wallet, less than having a mound of receipts every week from dozens of EFTs at terminals that may be compromised. I don't know where some of you live or where you go that you worry so much about someone mugging you, but I don't go ANYWHERE that I have to worry about that; I'm not in the least concerned, and I assure you: I am probably more personal-security conscious than any of you who seem to think you need to counsel me on that subject. Thanks for the 'advice', but in the current socio-political-technical climate of this planet, using plastic for everything is becoming more and more of a risk factor, and curtailing it's use as much as possible seems to be the only sensible option, rather than trusting in 'security through obscurity' or nebulous promises from financial institutions. My philosophy is one of self-reliance, and in part that means taking responsibility for myself and my own security FIRST, not delegating that to people or organizations I can't vouch for, regardless of laws, promises, or 'popular opinion'.

Re: its not

[orlanz]

It's not just the security, there are many other aspects of carrying cash around that make me lean Credit. I see my CU/ATM once every 5 months. That's about 2-3 visits a year. With CCs, I don't need to go waste time making that trip.

Also, I carry about 3-4 cards in my wallet. They take up a lot less space than the change from a cash purchase. I rarely carry more than $20, never had a need for more. On business travel, I carry $40 just in case.

I like having the transaction history to review every month. I like the categorization and spending information that I can review on a monthly and year-by-year basis. It helps me budget and do a cash flow assessment real quick on an aggregate level (i.e. How much did I spend on gas, restaurants, etc.)

Disputes are extremely easy. Rare they are, it takes me less than 5 minutes and I am not out of pocket any funds while the investigation happens. CC replacements (thx Target :/) take two business days.

I get 1-5% cash back rewards for my purchases. And I am actually faster with my CC purchases than with my cash (recently the chip really slowed me down and am pissed :/). I don't use the latter often enough to know if I have exact change. And then there are tons of secondary benefits like rental insurance, flight luggage coverage, extended warrant, ease of returns, etc.

My cards are accepted world over. I don't need to worry about local currency and many times the exchange rate + fee is less than what I can get locally (so far only a foreign branch of my local bank seems to give a better rate).

As for privacy, it bothers me a little. But I like some aspects of it. I actually don't mind targeted ads. The ads are always there, might as well be pertenant to what I am actually looking for. A brand figured out that my wife was pregnant, so I started seeing deals and coupons for diapers and formula! A little creepy but useful. The alternative is pointless ads and stores that don't know how much baby formula or milk to stock because they can't predict their local customer base's needs.

Anyway what I have come to realize is people go with what they are comfortable with. Cash is simple, safe, and more convenient for them so they use it. I feel the same exact way for credit.

Re:its not

[desdinova+216]

and what about those of us who use Android?

Re: its not

[Rick+Schumann]

"Carrying cash being bulky": I don't sweat that at all.
"3-4 credit cards": I have ONE and I wish I didn't even have that, but having no credit history bites you in the ass later.
"Transaction history": This is INVASIVE to my privacy. I don't need or want it.
"Disputes being easy": If I don't use plastic all the time I don't need to worry about that AT ALL now do I?
"Cash 'rewards'": They can't offer me enough to compensate me for the invasion of my privacy.
"Cards accepted world over": I don't care. I don't travel. If I did I'd get a prepaid card to use.
"Being OK with your privacy being invaded; targeted ads": I'm NOT OK with my privacy being violated, and I HATE ads being injected into everything, don't want anything 'targeted' at me anyway. I buy what I buy when I need to buy it and ads don't sway me anyway.

You're living in a totally different reality from me. You probably use Facebook, Twitter, and other so-called 'social media' sites. You probably have an Amazon Echo or Googles equivalent and are only 'slightly bothered' by the fact it may be listeining in on everything you're doing and sending that to someone else for review. You probably have a 'smart TV' and are only slightly bothered by the fact that it's collecting data on your viewing habits. Your entire life is an open book to anyone with the money to pay these corporations for your very personally-identifiable data, and you're only 'slightly bothered' by that revelation, too. Meanwhile I eschew all the above entirely because I value my privacy and wish to preserve it, and reclaim as much of it as I can. Being as cognizant as possible of how much I'm exposing myself to risk of fraud or theft when paying for anything electronically is part and participle of that. The rest of it (not using social media, etc) is just along the same lines.

As you say it's all about 'what people are comfortable with'. What I have to say to you on this subject is: "Don't let yourself get too comfortable, it'll very likely come back to bite you in the ass later on".

Re:its not

[kwbauer]

"to someone who doesn't function normally". Well, the post was very clear in describing that the pretty girl at customer service knew how to handle cash and that the customer was sent to the pretty girl at customer service by another girl at the normal register.

Seems like we found an AC whose beauty is at most skin deep if we consider the ability to understand simple and plain English before responding in English to be functioning normally.

Re:its not

[kwbauer]

You can pump my shit out of my septic tank if you want it that badly. I won't even complain as long as you do it properly.

Re:its not

[MachDelta]

Canada, I have no idea, and no they didn't.

It could just be that store at that time, as it's quite a small location (for a Best Buy) and there was only a single till open at the time (weekday evening).

ad absudium

[SuiteSisterMary]

Well, how safe is it to be walking around with a pocket full of cash? What if you get robbed? What if you drop your wallet? What if you go to the bank machine and it dispenses too few bills, but thinks it dispensed them all? What if you go to a teller to withdraw cash and watch them count it, but the bank gets robbed?

At least with credit card payments, there's a known and tested dispute process in place.

Re:ad absudium

[swillden]

I'll put up a fight before I hand over anything, assuming anyone wants to try me.

I mean this in the kindest possible way, but your'e a damned fool.

I don't care how big you are, or that you have a knife (I carry a gun, myself), the risks involved in getting into a fight are far greater than the value of a few hundred bucks. If you lose the fight, it may be worth your life. Carrying a deadly weapon actually increases that risk in some ways. (Aside: If you carry a lethal weapon, I recommend carrying a less lethal weapon as well, such as OC spray; this is to provide you with an option that allows you to maintain some distance in the event the situation doesn't justify deadly force. You don't want to get into a wrestling mach while carrying a deadly weapon.)

But even if you win the fight, it may still cost you your life, not because you die but because you end up having to defend your actions in court, creating an incredibly stressful situation for yourself, likely destroying your savings, and possibly landing you in prison. Whether your use of deadly force to defend yourself is legal depends on a host of factors, some of them subtle and hard to judge in the heat of the moment, and that's assuming that the actual facts are provable and not something else entirely.

There's also a psychological risk. Killing someone, even if fully justified, seriously messes some people up. Unless you've killed someone before, you do not -- and cannot -- know how it will affect you.

I carry a gun. I'm a concealed weapons permit instructor, so I teach and certify other people to carry guns. I strongly believe in the importance and value of being armed. But if handing over some cash and my cell phone will end the encounter peacefully, I'll hand it over in a heartbeat. A few hundred bucks isn't worth my life. For that matter, it's not worth the life of the mugger, even if the fool is asking for it.

The only way my gun is coming out of concealment is if I have a real belief that my life, or the life of someone else, is at serious risk if I do not. I practice, and teach, a "balance of fears" decision making process, because in a potentially-violent encounter there isn't time to determine the details of justification of force. Instead, I assume that if I draw my gun (or knife; I usually have one of those, too), I will go to prison for it. So, I will only introduce deadly force if I believe that whatever will happen if I don't is worse than going to prison. This makes it fairly certain that I will only use deadly force when it is very easy to justify... and if through a quirk of the situation or the system I end up going to prison for it, well, I believed based on what I knew at the time that that was the better choice.

Clearly, I'm not willing to go to prison over a few hundred dollars, so there's no way I'm using deadly force if I'm pretty certain that just handing over the cash will end it.

Re:ad absudium

[Harlequin80]

I know this is totally off topic. But it is so fucking depressing that you feel that you need to carry a gun or a knife to be safe.

The risks to my person are so low where i live that the hassle factor of carrying a weapon (as in the picking it up part) far exceed any benefit.

Re:ad absudium

[Khyber]

"Well, how safe is it to be walking around with a pocket full of cash?"

Pretty safe if you don't do stupid shit like go walking in the ghetto dressed up like you're the next Donald Trump.

Re:ad absudium

[Max_W]

... if handing over some cash and my cell phone will end the encounter peacefully, I'll hand it over in a heartbeat. A few hundred bucks isn't worth my life. ...

I do not completely agree. Look at those brave girls who run in parks in the morning or evening. They intrinsically carry what other people may want. Shall they also give up easily?

One of the most important weapon is mobility. One does not have to fight stupidly. But even most important are innovative tactics. It is very useful to read historical books about real battles of the past. For example, a Battle of the Trebia https://en.wikipedia.org/wiki/... . Often battles were won not by gun or muscle power alone.

For example, Mikhail Kutuzov did not win a single battle over Napoleon Bonaparte, even had to hold back his young generals constantly, still the Grande Armée disappeared.

In my opinion, one has to be open to all options: fight a frontal battle, move & fight a running battle, use terrain relief, employ allies, etc. Battles are important, they shape the world we live in. And a commander-in-chief genius shall not be underestimated.

Re:ad absudium

[blindseer]

I imagine the university I attend is a lot like many others. I've seen a few and it's pretty typical. On one side you have the dormitories, frat houses, apartments, and old houses that are often rented to students. On another side you have city offices, dentists, lawyers, churches, and other such things. On another side is the restaurants, bars, T-shirt shops, bookstores, and music shops.

Then there is the one side that faces the low rent housing, porn shops, light industrial shops, and so on. Every town seems to have an area like this, where no one goes unless they really really have to. The troublemakers in there usually stay clear of the campus since the cops keep an eye on this corner of campus. Once in a while though the troublemakers wander onto campus and, well, make trouble. This is not typical in the daytime but in the past I've had to be on campus late and I can see them spread out onto campus to beg for change and cigarettes.

Once in a while the school sends an e-mail to everyone warning them about an assault, robbery, abuse, or other crime. It's typically one of two things, a student has had a run in with one of these troublemakers where they got away with someone's wallet, or a report of a sexual assault in the dorms. Then there's the once in a great while report of someone getting shot, beat up to the point of going to the hospital, or other case of a troublemaker making the atypical trouble. I'd rather not be one of those people if I can help it.

Carrying a knife isn't much of a big deal. On my table is my hat and in it there's my keys, wallet, sunglasses, handkerchief, pill bottle, belt, and knife. In the morning I put on my belt, empty the hat into my pockets, put on the hat, and go out the door. When I get home, hat comes off, gets filled with what's in my pockets, and I take off my belt and put it in the hat. It's routine and I don't even think about it.

I don't even consider the knife a weapon really, it's a tool that can be put to use as a weapon. I use it most to open envelopes and punch a hole in the top of those plastic lids they put on my coffee. The hole is to let the air in so the coffee flows freely. And the coffee must flow.

Re:ad absudium

[argee]

Guns, no guns. This is usually a case of east coast liberals vs westerners. I am of the westerner type, and if
some black kid tries to hold me up with a knife, he's gonna find out real quick the meaning of "don't bring a
knife to a gun fight." My little .380 auto will take care of him. Dead, of course; less chance of having him tell
a different story. Trump 2020.

Re:ad absudium

Carry a knife?
Well around here that is a cert to get you 5 years in Jail.
Carry a gun? 10 years.

not all societies are as violent as the USA and having lived in the USA, it was nice to return to a place where people don't need to be armed to go about their normal daily life.
How many people died in Chicago over the 4th July weekend? was it more than 100?
Don't need to say any more.

Re:ad absudium

[swell]

offtopic

Unless you pay with cash for online purchases.
Nobody expects you to read TFA, but maybe TFS, or at least the HEADLINE:

"Ask Slashdot: How Safe, Really, Is Paying For Things Online?"

Re:ad absudium

[No+Longer+an+AC]

I use a credit card whenever I can but I always keep around ~$200 in my wallet. It won't break me if I lose it and it can cover small emergencies.

I only have ONE credit card now since the bank where I have both checking and savings accounts cancelled my other one because I never used it. Or rather hardly ever used it.

My remaining card information has been stolen a few times (never the physical card) and I've never been held liable for the fraudulent charges but I've sometimes only found out at the cash register that my card had been cancelled.

So now I just wonder how my card has been stolen so much. I sometimes use it online, but not very often. Could one of the stores where I used it be to blame?

I'm usually too lazy to go set up a virtual credit card number before I shop online but I guess I really should.

Re:ad absudium

[BronsCon]

By the time I pull my knife on you, I'm already in too close for you to draw your gun.

And yes, I carry both.

For that very reason.

Re:ad absudium

Demographics are destiny. If you live in an area that's 90%+ white you probably don't need to carry.

Re:ad absudium

[tlhIngan]

So now I just wonder how my card has been stolen so much. I sometimes use it online, but not very often. Could one of the stores where I used it be to blame?

The answer is basically, yes.

The online stores are almost always to blame - usually using bad security practices or improperly storing the data.

Usually for the dodgier stores, I revert to using Paypal - once I started doing this, me number of times i had to change my card dropped from once a year to I haven't had to in the past 5. One year it was so bad I changed my card number 3 times.

(I usually use Paypal especially on sites that disallow different shipping/billing addresses - it is really unusual to have someone not want to have a package delivered at home where it will sit on the porch all day rather than at work, where there are people ready to accept it? Maybe in the past if you had 1-2 packages a year you could stay home, but online shopping is so prevalent, it's impractical).

Likewise, I'll prefer Amazon over your non-Paypal taking website, even if I have to pay more.

Re:ad absudium

[blindseer]

https://www.youtube.com/watch?...

Re:ad absudium

[TheMeuge]

It's a different philosophy.
I am not sure why people have so much trouble accepting that.

Some people want to be more self-reliant, and do not accept the progressive ethos of being dependent on the state for everything from cradle to grave. It's not that his risk is higher than yours, it's that he feels that the added amount of potential control over a bad situation warrants the "hassle".

I carry a full-on trauma kit in my car, with airway supplies, massive hemorrhage equipment, IV supplies and emergency drugs in my car. Also a fire extinguisher. My chances of needing that are no higher than anyone else... and it's expensive and a hassle. But it affords me a degree of control that someone who doesn't pack that stuff does not have.

Same goes for a gun. And please don't quote me the bullshit "you have a higher chance... with your own gun". That "study" combined all the accidents and suicides and drew irrelevant conclusions from even worse data.

Re:ad absudium

[Rick+Schumann]

I almost never have more than $100 in my wallet.
I don't go places where I'm likely at all to get mugged.
If I'm going to worry about dropping my wallet all the time then a CC wouldn't help me anyway now would it?
I've never had an ATM machine not dispense the right amount of money.
"What if the bank gets robbed", indeed! I think you worry way too much about the wrong things.
I've had to deal with 'dispute' processes before, and I'm out the money for WEEKS while they do that. I'd prefer not using plastic for anything I don't have to, and in fact the less I use plastic for anything, the less chance I'll get defrauded anyway. That's the whole point of this, to reduce my exposure as much as possible, not increase it. Every time you use plastic or electronic funds transfers of some sort you're exposing yourself to risk. I pay cash for something and walk away it's DONE and there is no more risk.

Re:ad absudium

[Harlequin80]

Yeah. I have a trauma kit in my car as well. Unfortunately I have used it but that's not really relevant to this.

I don't consider myself reliant on the state in the way that you're describing. But in the same way I don't carry a shovel with me every where I go, just cause I might need to dig a hole, I don't have a need to carry a knife or any other weapon with me. The chances of me ever being a situation where one was needed or even desirable are just too low. To be honest I'm more likely to need that shovel.

I actually used to own pistols for competitive target shooting. I was pretty good till I shattered my wrist in a motorcycle accident and I never got around to going back to the sport. Because of the down time I was required to get rid of my weapons in the country in which I live.

I don't care if you or others want to carry a gun. I just feel a bit sad that it is something that you feel is worth doing.

Re:ad absudium

[Harlequin80]

For whatever reason where I live we lack the rough areas like you describe. Sure it's far from rainbows and unicorns here. But your risk of assault or similar is very very low. So while you have your routine it was more that I was commenting that it ever became a routine at all.

And I know knives have their uses as tools. I have one in the toolkit of my motorcycle for example. Mine was more the comment on the knife as weapon.

Re:ad absudium

[Harlequin80]

The OP was refreshing in his approach to when he would draw his weapon. And I get the tool analogy.

But going with your tool analogy, if you're a car mechanic then carrying a set of flue brushes on the off chance you have to suddenly service a steam locomotive is about the equivalent.

I genuinely expect to go my entire life, in the country I live, to neither go through, or knowing anyone who goes through an encounter where their life or those of people around them are at risk from an individuals actions.

Re:ad absudium

[Harlequin80]

I live in the most multicultural country in the world.

Risk has nothing to do with race.

Re:ad absudium

[PsychoSlashDot]

I know this is totally off topic. But it is so fucking depressing that you feel that you need to carry a gun or a knife to be safe.

You missed it; they feel the need to carry a gun or knife to still feel/be unsafe.

Re:ad absudium

[Bender0x7D1]

Except, in your steam locomotive example, if you don't have the tools, the locomotive just sits there. In the gun example, you will be dead.

However, this debate is missing an important aspect... if no one ever fights back, the criminals will take over. At a critical mass, law enforcement can't keep up with the crime, and it will just get worse.

Re:ad absudium

[swillden]

I know this is totally off topic. But it is so fucking depressing that you feel that you need to carry a gun or a knife to be safe.

I don't. I don't carry weapons to feel safe, and I feel perfectly safe when I'm not carrying.

I carry because I believe that society as a whole is safer if there are rational, calm, law-abiding, trained and armed people around at all times. One way to achieve this would be to massively increase the police presence... but that is not only very expensive but has all sorts of negative consequences as those police try to do things to justify their pay. A better approach is licensing of law-abiding civilians. That's why I carry, and why I use my free time to train and certify other people to carry.

Re:ad absudium

[swillden]

Giving them your meds is a good idea. If that doesn't work, give them your money, your phone, your shoes, whatever. Unless what they want is to hurt you, don't give them a fight. Of course, if they do want to hurt you, hurt them first and hurt them harder, faster and meaner.

Re:ad absudium

[swillden]

I genuinely expect to go my entire life, in the country I live, to neither go through, or knowing anyone who goes through an encounter where their life or those of people around them are at risk from an individuals actions.

I expect that I'll carry a gun my entire life and never have occasion to draw it.

However, I do know people who have been at risk. I know women who have been raped, and have a niece who was carjacked at knifepoint. Truthfully all of the people I know personally who have been subject to severe personal violence or risk of severe personal violence are women, which is why I like to see women in my classes and often don't charge them for the course, but things do happen to men, too. This is true in your country as well, even if it is a less violent place than the US.

Re:ad absudium

[Kernel+Kurtz]

Same here. If I lived somewhere I needed to carry a gun in order to feel safe, I would move.

Re:ad absudium

[blindseer]

We can go back and forth on this forever but I do want to say that I'd draw the line somewhere around my phone and boots. A used cell phone is near worthless any more since they can be reported stolen and get blacklisted, they can't be used as a phone again after that. This also leaves me unable to call for help. Taking my boots would leave me very vulnerable also, I can't run as fast or kick as hard without them.

If they demand my boots and phone then they mean to take my life or my dignity. They are not street thugs any more looking to get money for drugs, this is a mafia looking to declare authority over an area. Such people are rare, especially around here, but they do exist and giving a blanket statement like you did is, IMHO, bad advice.

I might talk tough now from the safety of my basement, and if pressed in the moment I might take the bruising to my pride instead of my face. I just think it unwise to advise people to hand over their phone and shoes. At that point, run. If you don't want a fight, then run. Once they have your shoes then the option to run just got that much more difficult.

I'd be very reluctant to hand over my phone, not because it's so valuable that it cannot be replaced, but because it is valuable as a means of survival. Not only can I call 911 but it's a flashlight, compass, and Siri knows where my truck is parked and how to get me to the nearest police station, emergency room, fire station, or wherever I might find help. It's worth nothing to them and they should know that, if I hand it over I expect to see it broken in front of me.

I agree with you generally, I just draw a line at shoes and phone is all. At that point I'd think it is clear they want to hurt you.

Re:ad absudium

[TheMeuge]

I'm uncertain why you feel the need to be so patronizing. Being unarmed is not a virtue. NOT carrying a gun doesn't make you a better human being any more than carrying it makes me one. I'm lucky to have a choice in this matter.

I'm sorry you live in a society where breaking your hand caused people to take away your gun(s). Surely you weren't any more a threat to society after that accident than before. I think you should feel sorry for that as well. If you don't understand why you should feel sorry - I'm sorry - you'll realize at some point... and you may be sorry.

Re:ad absudium

[swillden]

I know this is totally off topic. But it is so fucking depressing that you feel that you need to carry a gun or a knife to be safe.

You missed it; they feel the need to carry a gun or knife to still feel/be unsafe.

I feel exactly the same degree of safety with or without a weapon. If anything, carrying a deadly weapon makes me more cautious, which could be translated as feeling less safe. But feelings have nothing to do with why I carry.

Re:ad absudium

[Harlequin80]

Sorry I didn't mean to sound patronizing.

The reason for surrendering the firearms (well technically I sold them) was that to maintain a pistol license I had to do 6 competitive shoots per year. I was in rehab for 18 months so didn't complete the required shoots.

In my case the firearms were for a sport. Pistols are tightly controlled but I have no issue with that. I appreciate you see it differently, but I didn't want to start an argument about gun control. Even if carrying a firearm at all times was legal where I am my comment is still that it was sad that it is something that was felt to be warranted.

Re:ad absudium

[Harlequin80]

I'm not sure I get the difference between personally feeling safer vs making society safer.

My father was a general duties police office for 35 years. He carried a firearm every single day. In his entire career he never drew his weapon once. This was working in a large city with all the problems that entails.

I have zero issue with people carrying firearms, or owning them, or shooting them. It was purely a comment on people feeling it made themselves safer (or in your case society) through carrying them.

Re:ad absudium

> And gun ownership has been going through the roof.

In terms of "number of people who own firearms", it hasn't.

Here's the full article:

https://www.washingtonpost.com/news/wonk/wp/2016/06/29/american-gun-ownership-is-now-at-a-30-year-low/

But this graph is a good illustration:

https://img.washingtonpost.com/wp-apps/imrs.php?src=https://img.washingtonpost.com/blogs/wonkblog/files/2016/06/gun_ownership.png&w=480

And also from the article:

"[G]un purchases, as measured by FBI firearm background checks, are at historic highs. And data from the Bureau of Alcohol, Tobacco and Firearms shows that gun manufacturers are churning out record numbers of guns. Many gun rights advocates argue that these figures mean that the overall number of gun owners is growing: If more guns are being sold, more people must be owning guns.

But the declining rates of gun ownership across three major national surveys suggest a different explanation: that most of the rise in gun purchases is driven by existing gun owners stocking up, rather than by people buying their first gun. A Washington Post analysis last year found that the average American gun owner now owns approximately eight firearms, double the number in the 1990s."

Re:ad absudium

[DutchUncle]

>>> cancelled my other one because I never used it.

You can keep two credit cards, use the one in your wallet *only* in person with signature (and you can even tell some banks that remote charges are not allowed on that card), and the other one with a low credit limit *only* online. That limits the exposure and segregates the bills too.

Re:ad absudium

[Swave+An+deBwoner]

Your comment is very interesting but the obvious question arises: "What is some white kid who tries to hold you up with a knife going to find out?"

Re:ad absudium

[mjwx]

I know this is totally off topic. But it is so fucking depressing that you feel that you need to carry a gun or a knife to be safe.

The risks to my person are so low where i live that the hassle factor of carrying a weapon (as in the picking it up part) far exceed any benefit.

This, I live in the UK. The the most likely risk to my person is a drunk Chav on a late night train or having a glass thrown at me in a pub and even then, this is not something I'm overly concerned about.

Also, I practice Krav Maga, so in the extremely unlikely event of anything kicking off, I know how to defend against it. However the GP made a very good point in which a fight avoided is better than a fight won. Even if you win, you are still going to get hurt, I get enough injuries from training alone and these are predictable people. I've trained in tackling and disarming knife attackers (because if anyone is armed over here, it will either be with a pipe or a blade) but the number 1 rule is "you will get cut", training gives me the choice of where to get cut (arms are better than the head and torso). So for me, self defence has a simple four step plan.
1. Avoid - If you spot a potentially dangerous situation, stay out of it, go around it, and move on.
2. Egress - If you can get out of a dangerous situation by simply walking away, do so.
3. De-escalate - Because being an armchair police negotiator hurts a lot less than being a ninja.
4. Incapacitate and escape - This isn't a boxing match where you hang around for the post match interviews, whomever you're handing their arse to probably has mates and street fights have no rules, no gentlemanly conduct of pugilism. Get your opponent down and get the hell out of there. Hanging around and gloating is just going to end with you breaking some furniture with your back.

I'm reasonably confident I can beat most untrained opponents, but I still want to avoid step #4 because even winning hurts. Being reasonably alert about my surroundings and courteous of others avoids a lot of hassle.

As a side note, if you live somewhere where it's necessary to be packing for protection, you've halfway lost because if you're packing, then so is Mr Crim and when he gets the drop on you he wont patiently wait for you to get your piece out. BTW, I'm not anti-gun either, I fully support private ownership for recreational use but I can't see them as a useful tool for defence.

Re:ad absudium

[argee]

> "What is some white kid who tries to hold you up with a knife going to find out?"

What I've found out is that black, white, yellow ... they all bleed red!

Re:ad absudium

[SuiteSisterMary]

Well, clearly you've made up your mind about cash versus electronic payments, so I'm not sure why you're asking here.

Re:ad absudium

[SuiteSisterMary]

As a side note, this is a conversation I've had with my daughters.

"Imagine a woman all dolled up in club wear and heavy makeup, walking down that same street. She gets assaulted. Who's fault is it?"

"Well, sure not hers. She should be allowed to wear what she wants!"

"Ok, now imagine a man in an expensive, well-tailored suit, nice haircut, expensive watch, shiny black leather wingtips, walking through a 'bad' part of town. He gets mugged."

"Well, what did he expect, dressing like....ohhhhhh."

Re:ad absudium

[SuiteSisterMary]

I do not completely agree. Look at those brave girls who run in parks in the morning or evening. They intrinsically carry what other people may want. Shall they also give up easily?

You're trying to claim that property crime and sexual assault are equivalent, which they are not.

Your wallet and watch simply are not worth anybody's life; yours or theirs. Your bodily integrity, on the other hand, is.

Re:ad absudium

[kwbauer]

and that thing that they "intrinsically carry" that "other people want" is not as easily handed over as money or meds, so they don't have that option. We, as a society, should be ashamed of ourselves from taking equalizing tools away from them.

Re:ad absudium

[kwbauer]

That was Chicago. It has been run nearly exclusively by the party wanting the US to be like wherever it is you live. I can name plenty of other large cities where the violent crime rate is lower than major European cities. Just to give a few examples, how many gun/bombing crimes happened in Salt Lake City, UT or Omaha, NE compared with London and Paris over the past few years.

Yes, America has issues but so does Europe.

... okay

[starblazer]

everything has a risk. Personally, I use online billpay from my bank to send the utilities a check. My bank doesn't just cut a check using my account information, they transfer the money out, cut a check on their own account number, and then send it. Some smaller banks and credit unions will just print a check using your account information, so, send yourself a bill pay for a buck and see if it's your information on the bottom.

Most major utilities use bank lockboxes or if they are large enough... their own. Mail fraud in those instances is very, very low because typically the mail goes out in large automated trays to those addresses vs the one or two letters that you and I are used to getting.

But you ask... sometimes it's an ACH payment using the Billpay... well.. you're right, sometimes it is. However, life is all about risk. Personally, I find it riskier to carry cash on me and drive to 10 different places to pay bills than it is to just go online, have the bank cut a couple checks, and ride it out. I also do not use the bank debit card for anything other than ATM transactions and a few places that will accept debit, but not credit. Sure, let some kiddie get my credit card number and go to town... it takes a phone call and a "um, not me" and I've got a new card on the way with no liability.

Re:... okay

[Tau+Neutrino]

That same, "um, not me," is all that's necessary with my bank's debit cards, as well. I suspect that it's because the card is also a Visa card. They called me three weeks ago with a suspicious transaction. I said, "um, not me," and that was it. The $817.43 charge was gone, the card number revoked.

The worst part was that I had to wait about ten days for a new card/number.

Re:... okay

[Nethead]

Yep, same thing that happened to me a few weeks ago. I was lucky that I had just a month before got a debit card from my retirement program (very respected non-profit firm) that I had put a few hundred on just in case I lost my wallet. It was nice to have another card for the week it took to get the new main card. I suggest checking to see if your retirement firm has something like that available. One other plus for me is that the retirement card is interest bearing, not much, but enough to not have to worry about a few hundred sitting there.

How safe?

[freeze128]

It's as safe as it has ever been. With TLS encryption, you can be very sure that your CC# will not be intercepted. Then you have to judge if you trust the recipient of that info to keep it protected from hacks.

Wait a couple more decades when quantum computers will allow encryption to be broken in weeks. Then it will not be as safe.

Re:How safe?

[MangoCats]

Your CC# has always been vulnerable at the endpoints, whether or not it gets trawled up with a million others in a hacking scheme is a much smaller risk.

Re:How safe?

[lucm]

Wait a couple more decades when quantum computers will allow encryption to be broken in weeks.

I'm sure by then the world will still rely on encryption that can be broken by quantum computers.

Re:How safe?

[Rick+Schumann]

I'm not concerned about MitM attacks scraping CC information in realtime, I'm concerned about companies I purchase from or pay bills to getting hacked and CC/banking information being stolen that way, and especially point-of-sale systems, but paying cash instead of using those at all handles that part of the problem.

Re:How safe?

[Cederic]

Here's a fucking suggestion: Don't use credit to pay bills.

Fuck, which cunts use their credit card to pay bills? Trust me, it's not a fraudulent charge taking 45 days to resolve that's fucking over your credit rating.

Re:How safe?

[mschuyler]

How erudite. Using a credit card is safe and backed by the bank. Using a debit card is stupid and gives access to your account, which a credit card does not. If you have the discipline to pay off your credit every month you pay ZERO interest. My FICO score is 850, which according to the chart is as high as it goes. Trust me: If you have a bad credit rating because of using credit cards, it's a personal problem. So who is really the cunt, Cedric?

Also, you can put a block on your credit by contacting the three credit reporting agencies. This prevents someone from opening a new account without your knowledge. It even prevents people from checking your score. If you apply for credit somewhere new you may have to remove it temporarily, which is easy to do, though it may cost you $10.

Re:How safe?

[Cederic]

Which backward fucking shithole do you live in that your only options are debit cards and credit cards? And who the fuck is Cedric?

Who needs discipline to clear their credit card balance every month? Simple fucking electronic payment, automatically every month.

Same for my other bills. No debit card needed. Fuck me, do try and enter the 21st fucking century.

As for credit reporting agencies, I'm not sure which countries have just three. Certainly not the UK, the US, Brazil, India. But we're back to guessing which shithole you live in.

Re:How safe?

[CaptainDork]

By that time, people will be discussing today's encryption right after the giggles subside regarding punch cards.

Re:How safe?

[Swave+An+deBwoner]

My bank does not hold me responsible for bogus charges on my credit card either when they detect them or when I do. Debit cards however are a different story, although I understand that many banks offer similar protection guarantees for debit cards also.

Monthly fee

[tepples]

I keep a second checking account with debit card. I keep $20 in it normally

How much does the bank withdraw to cover the monthly fee for having a second checking account? If nothing, how did you qualify for free checking?

Re:Monthly fee

[psycho12345]

Can't speak to the parent, but for me, I bank with a credit union, so having a second account for free is no big deal.

Re:Monthly fee

[tepples]

Internet access?

How safe, really, is paying for Internet access online? :p

But seriously: I'm aware of the existence of online-only banks with no branches, such as Ally Bank. But then an account holder has to pay a fee to the owner of a local ATM every time he wants to get cash out, and he has to buy and mail a postal money order every time he wants to put cash in. Or were you referring to having a checking account at a local bank, meeting its minimum deposit requirements, using the local bank for all cash deposits and withdrawals, having the "utility bills only" account at the online bank, and periodically wiring money from the local bank to the online bank through ACH?

False assumption

[burtosis]

You only need to use electronic payments, such as a credit card, not necessarily online. Many thefts used compromised readers during a regular in person transaction, though newer cards make this less likely. Ultimately your retailer will typically store your payment information in a database, along with other personally identifying information. This is even more likely with over the phone purchases. Many companies store it in plain text while few properly hash/encrypt it.

Re:False assumption

[BitterOak]

If you had read even the summary, you would have seen that the poster has gone back to using cash for in person purchases.

Re:False assumption

[glenebob]

Many thefts used compromised readers during a regular in person transaction, though newer cards make this less likely.

Much MUCH less likely. Modern chip/NFC cards with modern readers do not provide anything to the reader which could be used to perform a subsequent payment without the card being inserted again.

Re:False assumption

[dgatwood]

No, not at all less likely. How many users know how many seconds it takes to perform a transaction? And what, precisely, prevents it from executing more than one simultaneously, on behalf of another card reader somewhere else?

Re:False assumption

[glenebob]

Modern cards generate a cryptogram from several pieces of data, some of which the reader does not have access to, and some of which is unique to the transaction. It's cryptographically impossible for the reader to do another transaction that the issuer will approve, because it cannot generate a valid cryptogram.

Re:False assumption

[lucm]

Many thefts used compromised readers during a regular in person transaction, though newer cards make this less likely.

Much MUCH less likely. Modern chip/NFC cards with modern readers do not provide anything to the reader which could be used to perform a subsequent payment without the card being inserted again.

Good. That's why I always sign away a big tip when I get the receipt back from the waiter/waitress at those fancy restaurants. Since I have my card back I know they'll never be able to charge the tip.

Re:False assumption

[swillden]

You only need to use electronic payments, such as a credit card, not necessarily online. Many thefts used compromised readers during a regular in person transaction, though newer cards make this less likely. Ultimately your retailer will typically store your payment information in a database, along with other personally identifying information. This is even more likely with over the phone purchases. Many companies store it in plain text while few properly hash/encrypt it.

The above isn't actually all that true; PCI requirements demand encryption at rest (encryption, not hashing, there's no point in hashing a credit card number). But let's assume that it's true.

Meh. I don't care.

By federal law, my liability for any fraud is limited to $50. In practice, no credit card issuer I've ever met in the US (and I used to do security consulting for credit card issuers, so I've met a lot of them) charges cardholders a penny. If you claim that a transaction is fraudulent, and they can't prove it wasn't, you won't pay a penny. If they're pretty sure you're the fraudster, they'll just cancel your card, and refuse to do business with you any more.

Credit card payment is the safest form of payment, online or in meatspace. Cash is the least safe form of payment.

Note that I'm talking about safety, not privacy. That's a separate issue, and on the privacy axis cash is king and credit cards are awful (though personal checks are significantly worse, assuming you can find someone still willing to accept one).

Note also that debit card transactions (when processed through the debit networks, not as credit cards) do not provide the same protections that credit cards do. Many banks do handle fraud similarly, but you need to get your bank's policy to know. With credit cards, the $50 liability limit is guaranteed by law.

Re:False assumption

[glenebob]

Good. That's why I always sign away a big tip when I get the receipt back from the waiter/waitress at those fancy restaurants. Since I have my card back I know they'll never be able to charge the tip.

Sorry, but the card/reader interaction results in an approval of the charged amount. The tip is added later, when the day's batch of transactions are submitted for actual payment. I hope you didn't tip too much :p

Re:False assumption

[pakar]

FYI - https://www.rt.com/usa/354657-...

The presentation-slides you can find here:
https://www.blackhat.com/docs/...

Re:False assumption

[Rick+Schumann]

If I have to worry about my banks ATM machine being so compromised, then we're all doomed anyway and should go back to hoarding gold and paying with gold instead of paper money or electronic money anyway. Don't be pedantic and don't be so pants-on-head literal.

Re:False assumption

[Rick+Schumann]

It's chip-and-PIN, so they swiped the card not inserted it, and establishments that allow tipping post-process the transaction after you totalize the receipt, so basically I'm saying you're talking out the side of your mouth -- or just are sadly misinformed. This revelation might cause you to re-evalulate how you do some things. What's really sad is you apparently then don't audit your CC bill every month otherwise you'd see the tips go through, so you're actually at HIGH risk of being defrauded. You might think about that.

Re:False assumption

[dgatwood]

Modern cards generate a cryptogram from several pieces of data, some of which the reader does not have access to, and some of which is unique to the transaction.

I'm fairly certain that what you're describing is fundamentally impossible. The card cannot get access to data that does not pass through the reader in some form, and if the data passes through the reader, it can be relayed to another reader and sent to a different card unmodified.

The relay attack I'm talking about is this:

• Attacker compromises a bunch of random card readers at various stores.
• Attacker gets a blank card and assigns a random set of keys.
• Attacker reprograms the card readers to send a known, fake transaction to each card first, and if the response matches, it recognizes that it is the attacker's card.
• Attacker carries the card and uses it at a compromised store.
• The reader at that store recognizes the card and relays the request to another reader, which processes the transaction with a different card.
• The reader also randomly sends a certain percentage of requests from other cards to another reader at random, to mask the attacker's identity.

I'm fairly certain that there's no type of crypto that could protect against such an attack one the current card design. There's really only one way to guarantee that a transaction is legit, and that is to put a screen on the card itself that shows what vendor requested the transaction and a button on the card to approve it. As long as the device that approves the transaction is connected to the Internet and is not under the direct control of the user, transactions cannot truly be secure against a compromised payment terminal.

Re:False assumption

[glenebob]

I'm fairly certain that what you're describing is fundamentally impossible. The card cannot get access to data that does not pass through the reader in some form, and if the data passes through the reader, it can be relayed to another reader and sent to a different card unmodified.

I'm not saying the card receives super secret data, I'm saying it contains super secret data (put there when the card was issued), such as account specific keys and account information that cannot be read from the card without destroying it. The card and issuer exchange cryptograms (digital signatures), via the reader, that are generated partly from data that is shared by the card and the issuer, which the reader never, ever sees. If the reader is online (usually the case), both the issuer and the card receive and verify cryptograms from the other. If the reader is not online, the card can simply refuse to generate a valid cryptogram, or generate a cryptogram from different data which signifies to the issuer (later) that the card declined the transaction.

Chip cards can also provide mag stripe data (to support old readers), which is about as [in]secure as a swipe card, but that's being phased out. I have a card in my wallet that refuses to operate in mag stripe mode.

Re:False assumption

[DutchUncle]

No, they allow precisely one subsequent "adjustment", typically within a limited time window, for tips.

Re:False assumption

[dgatwood]

I'm not saying the card receives super secret data, I'm saying it contains super secret data (put there when the card was issued), such as account specific keys and account information that cannot be read from the card without destroying it.

But that is completely irrelevant to the attack that I described, because it doesn't involve cloning the card, but rather relaying the transaction request to the actual, physically-present card in some other card reader somewhere else in the world (or, ideally, somewhere else in the local area).

Re:False assumption

[desdinova+216]

I'm surprised someone hasn't posted about how anything not gold is "Fiat Currency"

Re:False assumption

[desdinova+216]

how often should I check things if I don't receive paper statements, since I'm not amish or a tinfoil hatter.

Re:False assumption

[blocked_lol]

Haven't there been a bunch of retailers that were officially listed as PCI compliant that still wound up getting hacked, customer CC#s stolen, and then had their PCI compliance status retroactively revoked? Target, Home Depot, etc?

Re:False assumption

[swillden]

At least in the Target case, the breach was done by malware that infected the point of sale systems, where the data is present only transiently (not stored) but available in cleartext. Target was properly encrypting the data at rest, as required by PCI DSS. And, no, their PCI compliance status wasn't revoked, though a bunch of banks that lost money -- because Target's PCI compliance shielded Target from liability, and federal law obviously shielded cardholders, sticking the banks with it -- have sued, alleging that PCI compliance wasn't enough and that Target should have done better. I think they're going to have a hard time with that lawsuit, because it's the banking associations who define PCI. Target has a pretty slam-dunk response: We satisfied the requirements of our contract with you.

I haven't followed any of the other cases closely, so I'm not sure, but I suspect it's similar. Encryption at rest is pretty easy to do, and pretty easy for auditors to check.

Perhaps not Canadian?

[SirCowMan]

At least around here, most of the utilities can be paid by bringing the bill into the bank. Nothwithstanding, those payments are electronically settled by the bank, so I'm not sure it's any different than posting a payment through a banks web portal.

Do What Cheap Folks Have Always Done

[JimSadler]

First many banks pay to open accounts so open an account at a bank that is paying those rewards, Every month simply transfer enough to pay your bills to your new PAY OUT ACCOUNTS. For example you can have an account just to pay your electric bill. Leave the required residual in the account so it is not closed. This way if the account is hijacked all you can lose is the electric bill payment. i also use PayPal a lot. So imagine that you set up ten accounts at banks offering sign on bonuses. Mine pay anywhere from $50 to $500 to open an account. Assuming your are all $50. reward accounts you will still quickly and easily earn $500 for a few minutes work. Meanwhile your funds earn interest in your regular account and you never, ever, pay bills from that account so you earn more interest. On most accounts with rewards you are free to change at the $90 day mark. So you can do this many times a year. Also you can earn referral fees for steering others to open accounts so work with a friend and refer each other frequently. Currently some people can actually earn a living simply opening and closing bank accounts.

Re:Do What Cheap Folks Have Always Done

[chainsaw1]

I don't think this works that way, at least from what I was able to determine with some limited research

If you have multiple account within a single bank, all account are usually linked via overdraw protection and most banks wont let you cancel the overdraw protection because it covers the banks butts from unforeseen "credit" (being overdrawn).

If you use multiple banks there is usually a transfer/wire or advance fee which is small but not ignore-able (~$20-25 US). This gets expensive per month per bank, meaning you need to transfer more money or reduce the number of different banks you have for bills (or both). You are also now managing more credit accounts which means more opportunities to impersonate you physically or electronically to access your finances

No real answer.

[glitch!]

I have several checking accounts, and I got tired of paying the check printing companies for... printing my checks. So I bought check stock cheap and I print my own. Apparently, the world has gone from magnetic ink to OCR, so I am home free. If I can print my own checks, so can anyone else print anything they want. I could easily print checks from any other business once I have their account number.

What reduces check fraud is enforcement. Or so I think.

Re:No real answer.

I'm pretty sure you can legally hand write a check on a piece of notebook paper. As long as it contains all of the pertinent information it should be able to be deposited. Might raise an eyebrow from your teller, they might put a hold on the funds till it clears. but i'm pretty sure its legal.

Re: No real answer.

[GrumpySteen]

Yes, but balances died a few elections back.

Wait, a check book?

[glenebob]

You have a check book? You pay for checks? And you balance it? Like, on the little paper balance sheet that comes with the checks, with a pen? Why why why?

I pay for virtually everything with credit cards. Like, everything but food from the local taco truck and private purchases, like used cars or used furniture, etc. I certainly don't use a debit card tied to a bank account for online purchases.

The only thing I do online with my actual bank accounts is pay off my credit cards and my mortgage (they won't accept a credit card, but it's a bank, so I feel reasonably safe - and the account I pay it out of is used almost exclusively for that, and nearly always has a zero balance), and transfer money between banks.

If I want to know what's in my bank account, I check it online. I don't ever need to read statements, because I check all my accounts multiple times per month. And paper statements via snail mail? Please.

Now, I'd prefer to have a tokenizing credit account for online purchases with not-so-major vendors, where each payment uses a single-use or limited-use token, but I don't know if that exists in a convenient form. That's how mobile payments work, but that wouldn't currently work for online payments. I'm also not that worried about it, since credit cards do a nice job of protecting customers from fraud, and I've never had a CC number stolen.

And one last thing. If you pay with cash, you are subsidizing the rewards I get by paying with a credit card. Thanks :)

Re:Wait, a check book?

[Rick+Schumann]

Why the actual f*** would I not want to know exactly to the PENNY how much money I have in my checking account? More to the point why don't YOU? Do you love your bank so much that you trust them with your very existence? Or live in some other reality where there is no fraud or theft? FYI I have an Excel spreadsheet I use for my checking account and I use that to track and balance everything, not leave it all up to chance or 'just check online' for how much money I (allegedly, AT THAT MOMENT IN TIME) have. I think that's the height of stupidity and don't understand how anyone can tolerate it, or avoid getting overdrawn.

Sorry, but I read the rest of your comment, and you're the last person I'd ever take any advice from. Your practices invite disaster and you should change them. You're leaving your finances in an open-loop state, where you have to trust that your bank doesn't screw up, and that no one is defrauding you or stealing from you. All it will take is ONE TIME that they screw up or someone steals from you, and you'll find out what a house of cards your finances are; you'll never at that point figure out what went wrong and would have to close the account and open a new one, start from scratch. Meanwhile you end up overdrawn and your life is a disaster. No thanks! Please, get a clue and stop trusting others with your finances.

Re:Wait, a check book?

[glenebob]

Overdrawn? That's hilarious. I don't write checks, I rarely withdraw cash, I haven't paid with debit in years, and the only time I move anything out of my checking account is when I'm at my computer looking at all my balances. Further, I always follow up to make sure the ACH payments I authorized match the debit records that have since appeared on my account. Between the redundancy created among the different institutions I deal with, and the fraud protection they provide, I'm safer and have far better visibility of my finances than I've ever had before.

Re:Wait, a check book?

[Rick+Schumann]

Further, I always follow up to make sure the ACH payments I authorized match the debit records that have since appeared on my account.

Gee, that sure sounds an awful lot like balancing a checkbook to me! xD

You're living in a different reality than I am is what's going on here. I don't live on credit cards like some of you seem to be doing, I pay MONEY for things one way or another. I'm just changing how I pay that money out. Your advice, like your lifestyle, doesn't apply to me. Thanks for playing anyway.

Re:Wait, a check book?

[glenebob]

Gee, that sure sounds an awful lot like balancing a checkbook to me! xD

It has a similar effect, sure, but it doesn't involve the hassle of writing things down, and more importantly writing things down wrong, or forgetting to write them down.

You're living in a different reality than I am is what's going on here. I don't live on credit cards like some of you seem to be doing, I pay MONEY for things one way or another. I'm just changing how I pay that money out. Your advice, like your lifestyle, doesn't apply to me. Thanks for playing anyway.

You think I don't pay MONEY for things? I "live" on credit cards because I like to have one way of doing things, for simplicity. Paying cash is simply not practical, simply not possible in some cases, and not very safe. Credit cards OTOH work almost everywhere now, and I prefer to take advantage of the rewards (even though I think the idea of rewards is bullshit), since I pay for them regardless of how I pay.

I think your concerns with credit cards are irrational, but thanks for asking, and thanks for the rewards :p

Re:Wait, a check book?

[Rick+Schumann]

Paying cash is simply not practical, simply not possible in some cases, and not very safe.

"Not very safe"? You're not the only person in this discussion who has said that, and I'm completely puzzled as to who it is that made you believe cash is 'unsafe' to carry around, and/or where it is you live or walk that you're so damned afraid of getting mugged? Yet you say I'm being 'irrational' about using plastic everywhere?

Let me tell you something: I've been on cash for day-to-day purchases for about THREE WEEKS now. Why? Because every week there's another report of some data breach somewhere. One of them recently was a bunch of Chipotle restaurants, two of which I visited several times during when their payment systems were compromised. I felt the need to get a new card and the old one invalidated. How many more times do you need a bullet to just barely miss you before you decide to do something about it? I don't have time or money to worry about 'filing claims' or 'disputes' because someone hacked into somewhere and stole access to my money, turning my life upside down. Who does? Nobody I know has time or money for that. Why continue to take unnecessary risks when it's just as easy to not take the risks at all?

RE: "Rewards": Someone else brought that up. There isn't enough they could PAY me for the very personally-identifiable data they get from scraping my use of plastic. Do you like your life being an open book to whoever has the money to purchase the data? I don't.

The Internet is getting more and more unsafe. You're telling me I'm being 'irraitional'; I maintain that I'm responding in a proactive and reasonable manner to protect myself. I'm closing the barn door before the horse gets out. If and when more robust security measures are taken, that might change. But for the time being I see no reason why I should do nothing and take my chances of getting accounts drained and/or identity stolen.

Re:Wait, a check book?

[glenebob]

"Not very safe"? You're not the only person in this discussion who has said that, and I'm completely puzzled as to who it is that made you believe cash is 'unsafe' to carry around, and/or where it is you live or walk that you're so damned afraid of getting mugged? Yet you say I'm being 'irrational' about using plastic everywhere?

Cash is unsafe because there's no paper trail. Once it falls into the wrong hands, it's gone and you're never getting it back. That isn't to imply that it will fall into the wrong hands, but thieves do prefer cash, don't they? The reason they do should be the reason you don't. OTOH, if a CC, or CC info falls into the wrong hands, you will lose little to no actual money, and there will be no issue identifying its true owner.

Let me tell you something: I've been on cash for day-to-day purchases for about THREE WEEKS now. Why? Because every week there's another report of some data breach somewhere. One of them recently was a bunch of Chipotle restaurants, two of which I visited several times during when their payment systems were compromised. I felt the need to get a new card and the old one invalidated.

It's not every week. And how difficult was it to get a new card dropped in the mail? It must have wasted ten minutes of your time, and cost you nothing, right?

And while that card was on its way to your door, I hope you were able to use one of your other cards to make purchases. After all, that's one of the reasons to have multiple credit accounts.

And BTW, the Chipotle breach revolved around skimming mag-stripe data. If you'd have used a chip card, it's likely that no such data would have been available. The modes where mag-stripe data are transferred via the reader are quickly being phased out for more secure modes which do not allow cloning.

How many more times do you need a bullet to just barely miss you before you decide to do something about it? I don't have time or money to worry about 'filing claims' or 'disputes' because someone hacked into somewhere and stole access to my money, turning my life upside down. Who does? Nobody I know has time or money for that. Why continue to take unnecessary risks when it's just as easy to not take the risks at all?

You're being very dramatic about this. You don't have ten minutes to make a phone call? You don't have the zero dollars it costs to make that call? Nobody does? A stolen CC gives someone access to your money? Losing a CC turns your life up side down? What are you ever talking about? It sounds like you're talking about cash. If you lose cash, the thief actually does have access to your money, and it actually does cost you money, and it actually could turn your life up side down..

RE: "Rewards": Someone else brought that up. There isn't enough they could PAY me for the very personally-identifiable data they get from scraping my use of plastic. Do you like your life being an open book to whoever has the money to purchase the data? I don't.

I'm really not that worried about it. I use credit cards for virtually all purchases, regardless of rewards. The rewards are just a bonus. A bonus you and I both pay for, but which only I receive.

The Internet is getting more and more unsafe.

No, it's not. It's getting more and more safe, and will continue to get more safe.

You're telling me I'm being 'irraitional'; I maintain that I'm responding in a proactive and reasonable manner to protect myself. I'm closing the barn door before the horse gets out. If and when more robust security measures are taken, that might change. But for the time being I see no reason why I should do nothing and take my chances of getting accounts drained and/or identity stolen.

I think you're being irrational because credit is clearly more safe than cash, in addition to being far more convenient. Everything you've said

Chill

[fahrbot-bot]

There is risk in everything. Understand the type and extent of those risks. For example, you could get hit by a car while trying to pay a bill in person and die or end up in the with hospital with thousands of $$ in bills. Paying by check or online looks pretty safe by comparison.

Furthermore, paying with a credit card limits your risk to $50 for fraudulent charges - just check your statement every month. If you're really paranoid, get a Bank of America MasterCard. They have a feature called ShopSafe whereby you can create multiple virtual credit cards (linked to your real CC) for use online. You simple specify the amount and duration and new CC and CVV/CVC numbers are generated. As a bonus, only the first vendor to use a virtual card can use that card. You can bump the limit and/or expiration date and "delete" the virtual card at any time.

Re:Chill

[glenebob]

Bank of America MasterCard. They have a feature called ShopSafe whereby you can create multiple virtual credit cards (linked to your real CC) for use online. You simple specify the amount and duration and new CC and CVV/CVC numbers are generated. As a bonus, only the first vendor to use a virtual card can use that card. You can bump the limit and/or expiration date and "delete" the virtual card at any time.

That's what I was describing above. Almost perfect, except, "Please note that ShopSafe requires you to have Adobe Flash installed on your computer. Download Adobe Flash" :(

Re:Chill

[gspear]

Citibank has this, too -- they call it a Virtual Account Number. I use it with almost all online transactions. Amazon is a little tricky, though, because it uses multiple merchant names and the virtual card is tied to the merchant name. Since it's hard to predict which merchant will be used, I usually just generate a new number each time.

Re:Chill

[Rick+Schumann]

For example, you could get hit by a car while trying to pay a bill in person and die or end up in the with hospital with thousands of $$ in bills.

Sorry, but that's one of the stupidest excuses I've ever heard for what I'm assuming is laziness. I am not a recluse, I do not have social anxieties, I do not avoid going outside my house at all costs, and I am not sedentary.

Re:Chill

[Rick+Schumann]

'ShopSafe'

I want to reduce plastic use for paying for anything as much as I can. Among other things it's reduced the amount of time I spend on my own bookeeping down to a fraction of what it once was, and I like that. It also reduces my exposre to risk.

Re:Chill

[fahrbot-bot]

Your points are all good, but I was just pointing out that there is some type of risk is every (in)action. If you want to restrict the type of risk to financial loss, someone else mentioned getting robbed while carrying around a lot of cash to pay bills in person. Online payment via your bank and using a credit card (online and in person) are much safer payment options.

Re:Chill

[Rick+Schumann]

Your points are all good, but I was just pointing out that there is some type of risk is every (in)action. If you want to restrict the type of risk to financial loss, someone else mentioned getting robbed while carrying around a lot of cash to pay bills in person. Online payment via your bank and using a credit card (online and in person) are much safer payment options.

I am not paying 'bills' in person currently, I pay for everything else that I'd buy in person anyway, with cash, not plastic.
I do not go anywhere that I have to worry about being mugged so that's not a concern. It's less safe for CRIMINALS to mug you than it is for them to hack your bank account.
I would prefer to AVOID paying for anything at all online anymore. In some cases won't be able to avoid it. Paying utility bills with a mailed check is no more secure than paying online because they all process checks electronically anyway, not hand-carry them to the bank to deposit.

I may get a pre-paid, rechargeable card, and use that for utility bills and intermittent online purchases, putting on it only what is necessary to pay the utilities or purchases with. If it gets compromised then it gets deactivated and destroyed, replaced with a different one.

All these changes are happening incrementally, as I determine the best course of action.

Money Order?

[sottitron]

Go to 7-11 and get a money order to pay those bills.

Re:Money Order?

[Rick+Schumann]

If I was going to do that I may as well just go pay bills in person.

Does it matter?

[heypete]

Although somewhat snarky, the subject line sums up my opinion pretty succinctly: as an individual, does it really matter much?

If my credit card gets compromised, by law the most I'm liable for is $50 (and my bank's policy is that I have $0 liability for fraudulent charges). On the few occasions, when my card information has been misused, the transactions were reversed and a new card in my wallet within a day or two. All I had to do was fill out a form saying "I didn't make these charges.", sign it, and send it to the bank. A mild irritation, to be sure, but hardly a big deal. With chip cards now commonplace in the US, simple cloning of cards is less of an issue than it was.

Legally, I seem to recall that debit cards have somewhat less protection, but banks often extend their $0 liability policy to them as well, so long as you report it being lost or stolen within a reasonable time. Still, I dislike these since one is not merely disputing whether or not one owes money to the bank, but rather if one should get one's own money back.

As for bank transfers and the like, I'd like it if the US would add "push" transfers like European banks do, rather than the "payee pull" system it currently has. Still, my understanding is that one is still protected from unauthorized withdraws from one's bank account.

In short: I'm not terribly concerned about my financial information being abused by criminals, as the law and bank policies offer significant legal protections from fraudulent activity. Any such issues are a minor inconvenience. Of course, one should take reasonable precautions, but in general it's not a big deal. I'm a lot more concerned about criminals gaining access to difficult-to-change/cancel things like one's social security number, with which they could apply for new, unknown-to-you accounts in your name. That's much more of a hassle to resolve than simply having a credit card stolen or a bad guy making an unauthorized debit from one's account.

Re:Does it matter?

[BronsCon]

Your bank makes you fill out and sign a form for that? Shit, I have cards with 4 different banks (5 if you count store cards through Synchrony, but I've never dealt with fraud on those cards) and all 4 of them call me if they think a transaction is fraudulent; I can press 1 to verify the transaction or 2 to speak with a representative about potential fraud. All 4 banks I deal with have this system, and it works well; I've encountered actual fraud on cards from each of those banks and it's always been a matter of simply telling them the transaction wasn't initiated by me. Transaction immediately reversed, new card arrives in 2 days, nothing to fill out or sign.

Of course, due diligence, when they call I refuse to provide any account details and I check my account online to ensure what they're saying matches what I'm seeing before I confirm or deny anything. If they ask for account details, I ask their extension and tell them I'll call back at the number on the back of my card. Never provide personal information or payment/account details on an incoming call, because caller ID can be faked.

Re:Does it matter?

[heypete]

Your bank makes you fill out and sign a form for that? Shit, I have cards with 4 different banks (5 if you count store cards through Synchrony, but I've never dealt with fraud on those cards) and all 4 of them call me if they think a transaction is fraudulent; I can press 1 to verify the transaction or 2 to speak with a representative about potential fraud. All 4 banks I deal with have this system, and it works well; I've encountered actual fraud on cards from each of those banks and it's always been a matter of simply telling them the transaction wasn't initiated by me. Transaction immediately reversed, new card arrives in 2 days, nothing to fill out or sign.

Of course, due diligence, when they call I refuse to provide any account details and I check my account online to ensure what they're saying matches what I'm seeing before I confirm or deny anything. If they ask for account details, I ask their extension and tell them I'll call back at the number on the back of my card. Never provide personal information or payment/account details on an incoming call, because caller ID can be faked.

To be fair, I haven't had any fraudulent charges in several years: it's quite possible my bank may have such a system now, but I haven't ever had to use it (fingers crossed). The last time was something like 10 years ago, and they immediately froze the account when I called (or did they call me? I don't recall the exact details.) and sent me a new card. The new card came with a little form that itemized the disputed charges and wanted me to (a) verify that those are the charges in question, (b) sign at the bottom to attest to that, and (c) mail it back at their expense (they included a prepaid envelope). I'm sure it was just for the lawyers. Either way, it only took a moment.

I, too, refuse to provide account details to random callers for the same reason you do.

Re: Does it matter?

[BronsCon]

You'd probably know if your bank had such a system, as the damn thing has a hair trigger. One of my cards gets declined if I try to used it more than 20 miles or so from home and I have to either use a different card or step out of line, wait for the fraud call, bitch at them loudly enough that everyone staring at me like a deadbeat can hear it, then try the transaction again. As a result, i use that card less than the others, as the other cards will let the transaction go through, then call.

Re:Does it matter?

[BronsCon]

I was stating my callback policy for the benefit of those who might receive calls from scammers, not because my banks ask for personal info on cold calls; because they don't.

It doesn't matter that an actual call from your bank will "tell you that you need to call them, using the number printed on the back of your Credit Card" if it's not your bank calling and you're a member of the majority of the population who have too much going on in their lives to take the time to inquire as to their bank's fraud prevention procedures. Without a personal policy in place regarding handling of personal and account details, anyone with a bank account at any bank is vulnerable to cold-call scams.

Safety, risk, and liability

[thecombatwombat]

My answer may not apply to people outside of the US. The rules vary.

The better question, with regard to going all cash, is how liable are you in the event of compromise?

Are online payment systems "safe" in the sense that they are unlikely to be compromised? No, not really.

But if they are compromised, so what? If you use a major credit card, and your number gets compromised, it's really not that big of a deal. Most all of the liability is on the merchant and the card issuer, not you. The worst case scenario I've dealt with is the card being inactive for a few days. If you stick to using credit online, no debit or ACH, this can pretty much be the worst you have to deal with.

This is one reason bitcoin and other digital currencies have difficulty going mainstream. Sure my hardware bitcoin wallet might be 100x more secure than my credit card, but if it gets compromised, I'm screwed. If my credit card gets compromised, I'm merely inconvenienced.

Rather than going to cash, I recommend people try to:

1) Keep at least two major credit cards open at all times with two different banks. Use one regularly, the other is a backup.
2) Avoid using debit or ACH, especially online.
3) Use a system like Mint so that you can easily monitor activity on your cards. If you see any activity that isn't you, be proactive.
4) Use a service like PayPal whenever possible. A lot of my bills are paid via PayPal. If a card is compromised, expired, whatever, I only have to update one place. Plus it gives me yet another entity to share liability in the event of fraud.

If you do these things, you're liable for virtually nothing, and the security of your payments is less of a concern. Let the credit card companies deal with it.

Re:Safety, risk, and liability

[ASDFnz]

This is one reason bitcoin and other digital currencies have difficulty going mainstream. Sure my hardware bitcoin wallet might be 100x more secure than my credit card, but if it gets compromised, I'm screwed. If my credit card gets compromised, I'm merely inconvenienced.

The thing with that though is that bitcoin just is not vulnerable at all like credit cards. There is no way someone can copy down the details you gave someone else legitimately to make a payment and just start using them to charge up things on your account.

Re:Safety, risk, and liability

[thecombatwombat]

Oh I agree, like I said, 100 time more, maybe it's 10,000x more. The exact amount isn't the point. The point is that the question should be "which option is most likely to cause me the least grief?" The answer to that question isn't necessarily "which is the least vulnerable to remote gremlins being bad?" The original question is too focused on that. Your payment system may get compromised ten times, but not cost you a dime. Your Bitcoin or your cash getting compromised once, will most certainly cost you money you won't recover.

Rather than a longer rehash, I'll just leave this here.

https://www.xkcd.com/538/

Re:Safety, risk, and liability

[Dariuss]

Another benefit to this advice is consumer protection. With cash, if the merchant fails to deliver then you are probably out the money; however, if the merchant fails to deliver and you use a credit card (to a lesser extent with a debit card) you can initiate a dispute and many times will receive a credit. Plus, many CC's have return protection, for those stores that do not allow you to return items. Those two benefits alone make CC or PayPal a superior form of payment to cash!

Divvypay FTW (getdivvy.com)

[Tora]

New startup. Pre-fund each expense on your credit card before you spend, use one-time virtual cards on sketchy sites, and pin unique virtual cards to each online vendor so you can lock it down. Credit cards for the modern era.

My debit card got around...

[__aaclcg7560]

A teenager in London got a hold off my debit card number, ordered makeup and bling from a small company in Texas, used a San Francisco storage facility for the billing address, and her actual street address for shipping. The transactions didn't get far as the safeguards came into play with the credit union on my end and PayPal on the vendor's end. I even filed a complaint with London PD. The credit union issued a new debit card and that was that.

Re:My debit card got around...

[lucm]

A teenager in London got a hold off my debit card number, ordered makeup and bling

I'm sure that's what you told your mom when she saw your bank statement, but you're not fooling anyone. It's 2017, just assume your crossdressing kink, nobody will judge you for that.

Re:My debit card got around...

LOL "London PD"...

That's not what it's called you delusional fat fraud.

https://en.wikipedia.org/wiki/...

Reducing Online Transaction Risk

Limit your financial and inconvenience exposure by
(1) Closing inactive (i.e., unused 6months) accounts
(2) Initiating a freeze on new credit applications or existing credit reporting
(3) Request a Personal Identification Number (PIN) from the IRS to prevent bad guys from filing a fraudulent tax return in your name
(4) Request your bank to limit the amount of money which can be withdrawn electronically from checking and savings accounts
(5) Don't use debit cards for electronic transactions
(6) Always challenge organizations which request your SSN when establishing an account
(7) Immediately validate/reconcile your financial statements/transaction reports
(8) Use challenge questions with responses that few, if anyone, would know the answer
(9) Take advantage of online businesses which give you the opportunity to receive a separate code on your smart phone, to complete a transaction
(10) Never respond to an initial online request to provide your identifiers or authenticators

Re:Reducing Online Transaction Risk

[lucm]

Limit your financial and inconvenience exposure by
(1) Closing inactive (i.e., unused 6months) accounts
(2) Initiating a freeze on new credit applications or existing credit reporting
(3) Request a Personal Identification Number (PIN) from the IRS to prevent bad guys from filing a fraudulent tax return in your name
(4) Request your bank to limit the amount of money which can be withdrawn electronically from checking and savings accounts
(5) Don't use debit cards for electronic transactions
(6) Always challenge organizations which request your SSN when establishing an account
(7) Immediately validate/reconcile your financial statements/transaction reports
(8) Use challenge questions with responses that few, if anyone, would know the answer
(9) Take advantage of online businesses which give you the opportunity to receive a separate code on your smart phone, to complete a transaction
(10) Never respond to an initial online request to provide your identifiers or authenticators

I don't think you understand what "limiting inconvenience" really means.

You can always call the credit card issuer

[mark_reh]

and get a one time number to use for any specific transaction.

Re:credit card, 2nd debit account, or prepaid card

[lucm]

Seriously why would you use your main checking and savings account for online purchases?

Cons:
- You pay more banking fees
- You have less protection against bad purchases and scams
- You don't get cashback or other forms of rewards
- You can't get detailed spending trends on mint.com and use it to optimize your budget

Pros:
- There's a rush of intrusions into electronic payment systems (whatever that means)
- Mastercard can tell you spent $26 on toilet paper and USB sticks and they use that information to do evil things like ad campaigns for toilet paper and USB sticks

I'm still on the fence.

Digital currency

[RawBit]

I wish I could pay my bills with digital currency. That will be the most secure.

Getting robbed without cash isn't good...

[jopsen]

You forgot to mention the countless stories of cops seizing cash under civil forfeiture...

But if you do get robbed, which to be fair is rare, having cash is usually a good thing as it makes the robber go away. Trying to explain to a robber that you don't have any money is not necessarily the best way to de-escalate and resolve the conflict :)

Re:Getting robbed without cash isn't good...

[Rick+Schumann]

As sad a commentary as it is on America in 2017: I'm a middle-aged white man, I have little to fear from police deciding to paw through my wallet and 'seize' (read as: STEAL) the less-than-a-hundred-dollars that's in there. I don't know where you live that the first thing that comes to mind for you is 'getting robbed', but all I can say to you about that is: consider moving somewhere else, or changing your habits so you don't walk around places where you're likely to get robbed. It's not a problem for me.

Is It Still 1997??

[that+this+is+not+und]

What kind of a stupid fear mongerint topic is this? I mean, really? Somebody's aunt worries about this.

In America very

[rsilvergun]

if you use a Credit Card. Credit Cards are essentially loans. Swipe a card to buy a coffee and congrats, you just borrowed money. Our consumer protection laws say that you can't be held liable for more than a token sum ($50) if somebody uses a line of credit without your authorization. Hence all of the risk is on the card issuers. In practice they charge various fees (a lot of them to the businesses) to cover these losses. The cost ends up being built into everything you buy online (and a lot of things bought locally) but OTOH not having to handle cash has it's pluses for both sides.

FREELOADER ALERT

[lucm]

The only thing I do online with my actual bank accounts is pay off my credit cards and my mortgage

How dare you! If everyone was doing like you, the credit card companies would make no money and we would still have to pay things with cash and debit cards, paying obscene transaction fees every time.

People who pay their credit card on time are the modern equivalent of the tragedy of the commons. Start carrying your weight today! Just pay the minimum and slowly build a mountain of debt. That's the American way.

Re:FREELOADER ALERT

[glenebob]

Actually paying cash isn't subsidizing your rewards. Your rewards are paid by the merchant transaction fees business pay, data mining your purchases, and any fees for your card if your card has an annual fee.

If someone pays a business in cash, that means the business don't have to pay a transaction fee for the purchase, so it's a tiny bit more profit in the business' pocket.

Where do you think the money to pay those transaction fees comes from?

To be more correct, we are all subsidizing those rewards through the higher prices required to cover the transaction fees. People who pay cash don't get the benefit of those higher prices. Thanks :)

Also the reason gas stations these days tend to have different prices for cash and credit. This all started a few years back when gas exceeded $4 a gallon. Gas stations operate on very thin margins especially for the sale of the gas itself, they generally make all their profit from the stuff they still in their convenience stores. With those high gas prices, the average transaction fee increased since it is usually based on a percent of the sale. Now this is why you have gas stations charging a couple cents more per gallon for credit, and the practice has now stuck even though gas prices are now at more normal levels.

That's not true everywhere. For example, here. I rarely see gas stations charging a premium for credit purchases.

Re:FREELOADER ALERT

[mjwx]

The only thing I do online with my actual bank accounts is pay off my credit cards and my mortgage

How dare you! If everyone was doing like you, the credit card companies would make no money and we would still have to pay things with cash and debit cards, paying obscene transaction fees every time.

Actually, he's the banks favourite kind of sucker, being ripped off and not even realising it. In fact, he'll defend those ripping him off.

What most people who've never run a business fail to understand is that the merchant has to pay the bank to receive credit card payments, anywhere up to 6% (for high end cards like Discover, Diner and AMEX, Visa and MC are 2-4% depending on the type of card issued and the issuing bank). Because the credit card companies have people so addled on rewards they will never get, merchants have to build this into their prices.

People who use credit for everything are the banks biggest money spinner. Imagine 3% of your monthly spend times the number of people in your town. Banks are laughing all the way to the bank and the credit addled will defend it. How it works:
1. Bank encourages sucker to use card with promise of reward.
2. Bank charges merchant for accepting card.
3. Merchant raises prices to compensate.
4. Bank passes on pittance of step #2 to sucker.
5. Sucker defends bank because they don't know about steps 2 and 3.

I avoid using credit when I can. I'll use cash for small purchases, debit cards for larger purchases and bank transfers for ones that exceed my card limit. With Faster Payments being practically instant in the UK there's no downside to using that over a credit card. Also with EU regulations limiting the amount banks are permitted to gouge from merchants, rewards cards are pretty poor value here (yep, another horrible thing the EU has inflicted upon us #BREXIT taking back our bank charges). My Credit Card is used almost exclusively for security deposits these days (I.E. hotel and hire cars).

Credit YES ------ Debit NO

[Gim+Tom]

In the US IFF you use a CREDIT card you are only liable for about $50 and most banks wave that. Although banks are always trying to get you to have Debit card I don't and won't have one since it is an open hole to your bank accounts. Debit cards are good for banks, Credit cards are better for everybody else.

Many banks offer credit card temp numbers

[perpenso]

ApplePay FTW. One-shot accounts work for me.

Nothing against ApplePay, I occasionally use it. However many banks allow you to create temporary account numbers linked to your real number. In addition to letting you set the max amount chargeable and expiration date for this number the number may also lock to the first vendor to charge it. So if that vendor gets hacked a second entity will be denied if they attempt to use the temporary number.

Re:Many banks offer credit card temp numbers

[aaarrrgggh]

Lot more work with bank systems compared to Apple Pay...

Re:Many banks offer credit card temp numbers

[93+Escort+Wagon]

You can just use your nice high-def camera on your phone to capture someone's Apple Pay screen, say while you're behind them in line and they're getting ready to pay. Free access to ApplePay account with just a picture, no hacking required.

Without that person's specific hardware device (e.g. the iPhone whose screen you photographed), you're not going to be able to use that data you just captured.

Re:Many banks offer credit card temp numbers

[jcr]

You have no idea what you're talking about, but don't let that stop you!

-jcr

Re:Many banks offer credit card temp numbers

[Khyber]

As if the ability to clone hardware doesn't exist.....

Especially the older unprotected 4-series hardware.

Meanwhile the rest of you can keep thinking about 'current' tech while I'm focusing on the tech that's already out in consumer hands.

Re:Many banks offer credit card temp numbers

[Khyber]

It works, especially on hardware 4S and below, but don't let your fucking lack of trying stop you from believing otherwise, asshole.

Apple claims security. Apple is fucking LYING to you. Security is nothing but theater.

Back to your hole.

Re:Many banks offer credit card temp numbers

[Khyber]

Meanwhile, I demonstrated it to my mother in law, a devout Apple user. She went straight back to using her card instead.

Have fun getting fucked, dumbass. Man can make it, man can break it. Zero fucking exceptions exist on this planet.

Re:Many banks offer credit card temp numbers

[jcr]

Show me a video of someone demonstrating this alleged exploit, or STFU.

-jcr

Re:Many banks offer credit card temp numbers

[blocked_lol]

That's not how it works at all. If they have Touch ID set up, it requires your fingerprint to pay with ApplePay. iPhones that don't have TouchID can't be used with ApplePay.

Even if they have an ApplePay-capable phone but don't have TouchID set up (which means they have to enter a passcode to pay), unless you also steal their phone then what you described won't work. It's linked to their phone specifically. ApplePay doesn't show credit card numbers or anything like that on screen.

Re:Many banks offer credit card temp numbers

[blocked_lol]

Those older phones can't be used with ApplePay. And all your ApplePay credentials are stored in the phone's secure enclave, which can't be cloned.

Apple has published a number of white papers on the iPhone's Secure Enclave and ApplePay, and I've not heard of any security experts call them out on mistakes or design flaws in either of them.

Re:Many banks offer credit card temp numbers

[blocked_lol]

ApplePay is not available on iPhones before the iPhone 6.

They have published white papers on the security of TouchID, the Secure Enclave, and ApplePay, which are available for anyone to read. Go educate yourself.

Re:Many banks offer credit card temp numbers

[blocked_lol]

You demonstrated to your mother-in-law that you can steal the ApplePay credentials off of somebody's iPhone? Better submit it to Apple's bug bounty and get a big payout, then.

Oh wait, you don't actually know what you're talking about.

Depends on the type of payment. My solution:

[The+Cisco+Kid]

Don't give your bank account number to anyone to withdraw from directly, online or off. (That includes paypal)

Instead - use your BANK'S billpay service (almost all banks and CU's offer one), where you enter your bill account number on your bank's service, and then tetll your bank to send payment(s) in the amount you specify on the date you specify, and the biller (nor anyone that hacks their database) never has access to withdraw money from you.

For services that want a credit card and won't bill you, either

1. If you don't have good credit, buy prepaid reloadable visa or master cards, use a unique one for each biller. Reload them with JUST enough to cover the next month or two of charges.

2. If you have good credit, get a card from either BofA or Citibank - both offer a service where you can generate disposable numbers with a short expiration and chosen charge limit to use either for one-time payments or for recurring charges. You can always deactivate one of these to block future charges. BofA calls theirs "shopsafe", Citi calls it "Virtual Account Numbers"

NEVER give your hard credit card number to anyone online, nor to anyone for any sort of recurring billing. If its compromised, they have to cancel it, and you have to wait to get a new one in the mail.

If somewhere you want to buy from accepts paypal only (such as most eBay sellers), use paypal's "check out as guest with a CC" option and then use either of the two credit card options above (prepaid card, or virtual card)

Re:Depends on the type of payment. My solution:

Depends on the bank or not bank you do business with. My local credit union prints cards at each of their branches. Months ago they discovered a skimmer was installed on one of their ATMs. Which I happened to use during the time period they determined the skimmer was in place. They sent me a message via their site which also emails a notification a message is waiting, that my card had been deactivated and a replacement would be mailed however I also had the option of going to a branch and them printing a new card on the spot. From the time I got the notice, I had a new card in hand within the hour. The process only took about 10 minutes once I was at the branch.

Don't worry, but give your card to the fewest merc

[dn15]

Mostly I just don't worry. If there's fraud I won't be liable for anything significant. That said, I also don't want the hassle of replacing cards because somebody's customer database was compromised. So whenever possible I use payment options that don't result in my card info being on file with yet another third party. PayPal, Apple Pay, buying via a marketplace like Amazon, etc. Each time I can pay with one of those methods, it's one less opportunity for my card info to leak out.

Credit cards are pretty safe

[Todd+Knarr]

I've never had a problem with credit cards used for online payments. Sure, they'll get compromised, but half the times my cards were compromised it was through brick-and-mortar merchants whose point-of-sale systems were compromised so online use doesn't look to be any more risky that in-person use. Just make sure to check the charges daily (I use a finance program that automatically downloads new charges every morning, plus it gives an alert on the first charge by a new merchant which is convenient). Consumer protection laws in the US keep you from being liable for pretty much all unauthorized activity (at worst you're on the hook for the first $50).

Just don't trust debit cards online, except if they're tied to a bank account that's funded only as needed and doesn't have excess money in it to be absconded with.

You're asking this in 2017?

1997 called and wants their question back.

I use electronic payments

[Applehu+Akbar]

I use my bank's bill pay system for everything except for two fossil payees to whom I have to mail checks, like we did in the 1900s. These are the ones I have trouble with, because an average of once a year the checks just never get there, even though one is a block away from me.

This is one area where the Europeans do it better: make everybody use their equivalent to the bank transfer system.

Re:I use electronic payments

[Rick+Schumann]

My bank charges for their 'bill pay' service and the one time I used it, it got there so late that it caused me no end of hassle. No thanks.

Re:I use electronic payments

[Applehu+Akbar]

Bank bill pay services use the ACH bank-to-bank transfer system if the payee is signed up for it. If not, then your bank writes a check and mails it, which can get lost just as easily as a check you mail yourself. You are still better off using the bank's Bill Pay in this case because you have proof that the payment was mailed, allowing you to avoid late fees.

For each payee the bank will tell you, if you look at the fine print, which system a payee is using.

Re:I use electronic payments

[Rick+Schumann]

Nope. You seem to have missed where I said they charge for that service, which makes it a non-starter all by itself. I like my credit union, but that doesn't mean I'm so in love with them that I'll pay for unnecessary services that don't really do what I want it to do anyway. When I pay something I need a guarantee that it'll get there when I say it'll get there, not when someone else 'gets around to it'.

Re:I use electronic payments

[Applehu+Akbar]

I've never heard of a bank charging for Bill Pay, although I suppose some of them do. There are other choices besides Bank of America.

Re:I use electronic payments

[Rick+Schumann]

it's not suitable for my purposes therefore I'm not using it.

reality check needed

[gravewax]

Unless you live in some weird arse country that has no rights to dispute payments on a credit card then your CC is probably far safer than using cash. Seems the poster either lives in a very unsafe country or is ignorant of the reality.

Re:reality check needed

[Rick+Schumann]

I see no reason why I should use a credit card for anything I'm buying IN PERSON and I don't understand why anyone would recommend that to me. The more I use plastic the more exposed to possible fraud and theft I am. I don't care about 'fraud protection' or any of that, how about I eliminate the risk completely by not using it at all if I don't absolutely have to? That's what's safest, not relying on random chance.

Re:reality check needed

[gravewax]

CC has insurance, consumer protections and the advantage of you aren't walking around with a wad of cash that can be stolen. nothing wrong with carrying a little cash, but you are definitely NOT safer by using cash.

Re:credit card, 2nd debit account, or prepaid card

[Applehu+Akbar]

For store/online purchases, I've never had any trouble using credit cards. I always try Apple Pay first, because if the merchant has it it's more secure. Many merchants don't even know that it's enabled on their new chip card terminals, so don't look for the logo before trying it.

Avoid using checking account info online

[bjdevil66]

While nothing is 100% safe online, paying online is much more dangerous for users that aren't smart with their computer before they ever go to buy something.

With that said, I'd avoid using checking account numbers for online purchases. It is riskier than credit or debit cards because all someone has to do is credit an ACH payment against your routing and account number and the money is withdrawn and gone. At best, you only lose a few hours of your life and deal with the following:

You have to contact your bank the moment you catch it (don't wait on it), close that account, and open a new account - probably with a longer number to memorize than the last one.
* You have to dispose of any paper checks and pay the bank $20+ to get a new box printed and sent to you.
* You have to change every auto payment you have set up. If you happen to close that account around the time an automated payment hits, that utility/company will not let you off the hook. That's usually another $20-$30 fee.
* You have to memorize a new checking account number if you want to continue to use it for anything online.
* Hopefully your bank will refund your lost money up to a point - in a business day or two.

If a fraudulent charge hits your credit card, however, it's the bank's problem once you catch it. They take any losses (usually a write-off). And credit card companies are usually pretty good about contacting you when something suspicious happens (because it's in their best interest).

If you must use a checking account number, I'd avoid saving it as the default payment method for future convenience.

Re:Avoid using checking account info online

[vtcodger]

"all someone has to do is credit an ACH payment against your routing and account number and the money is withdrawn and gone."

In the US at least, your routing and account number are printed on the bottom left of every physical check you write in those odd, but quite human readable, MICR characters. Doesn't give one a warm fuzzy feeling. OTOH, I've never had any problem with ACH based raids on my bank account and have never heard of anyone who has.

Re:Avoid using checking account info online

[IcyWolfy]

I'm in Europe, and our debit cards have the bank routing, branch, and account number printed directly on the card.
Like in th US, they were never meant to be "secret". However it seems, it works better here, where paying for Ebay transactions, a lot of bills, all take direct bank transfers where you provide your bank info (country-bankid-branch-account). (transfers in EUR are more or less fee-free).

If you purchase something from me on Ebay, Ebay will show you my full banking details and bank address so you can directly send the money.

I'm not a Luddite

[WinstonWolfIT]

I never carry cash anymore. I pay-tap everywhere. As to CC transactions, that's payment of last resort. All my bills are paid by direct debit. Not in my list? I get an SMS needed to add. Other transactions, via PayPal if available. Approved by, wait for it, SMS code. Last resort, CC details. They've been hijacked twice, each time reversed withing 18 hours. Get with the times.

One-time use credit card systems

[jroysdon]

Way back when I started using MBNA's ShopSafe system for online purchases. BankAmerica bought them and implemented their technology.

ShopSafe allows you to generate a temporary credit card number that is good from 2 - 12 months, with whatever dollar amount you wish (up to your credit line limit).

I have a BofA CC that I use exclusively for Internet purchases. The physical card itself is stored in my safe and has never had that account number used, other than the generated ShopSafe numbers.

I've never had a fraud problem using this system (going on something like 18 years). Each place I buy from gets a unique CC number, with a dollar amount rounded up $5-10 above what I think the total will be (and can be adjusted higher by me after the fact).

CitiBank has(had) a system that was like this as well. I haven't used it since I use my CitiBank card in person (and never online).

Separate account and card

[DCFusor]

I got hacked a couple times, evidently by dumpster divers behind a legit biz in the days of paper CC processing.
.

Easy fix, worked ever since:
Setup a separate account at the bank for online stuff, in my case, with a debit card. Don't keep any real amount of money in the account. Just before clicking the final "check out" or "place my order", log into the bank and transfer just the right amount into the online account.
That account normally only has a small amount of money in it - $20-$50, which is all that can be stolen. I had to tell the bank to turn off auto-overdraft "protection" on the account, which used to be something they didn't like, but now they understand why (my banker does this for himself as well). I can lose $50 and not die. When I got hacked, it was the payroll account for a business I owned - that could have been a real problem!

Re:PayPal when possible.

[vtcodger]

Make that WHEN someone hacks them. Which will almost certainly happen sooner or later. If it's a broad breach instead of just a few accounts, it's a safe bet that in the US neither PayPal nor your money will be anywhere to be found. In the EU where PayPal is subject to banking laws, you may have recourse. Not so in the US where PayPal operates as an unregulated bank. (Why would any sane person give an unregulated bank access to their money?)

Re:PayPal when possible.

[Bite+The+Pillow]

I much prefer getting a one time CC number, over giving a third party control over my banking. CC company and bank are basically second party, so no idiocy from the peanut gallery.

No fees, above the CC merchant fee, which is priced in regardless of whether you pay cash, CC, or third party extra fee.

The safety factor boils down to a race condition, but your personal info is just as vulnerable as with a direct CC number. PayPal just centralizes the attack surface.

I try to pay bills by phone with credit card

[No+Longer+an+AC]

I may be one of the few but I started doing that when the check-printing software I used to use started sucking.

Either I couldn't find the original install media or that version didn't work on a newer version of Windows, I can't remember. I got their upgraded software but it absolutely sucked if it worked at all. Besides printing your own checks isn't really worth the hassle anyway. My printer has been out of ink for several years now.

I could pay most of my bills by phone and with a credit card but first the gas company started charging a ridiculous fee to pay with credit card. I actually started paying it every other month at the grocery store by Western Union. That made it cost only a bit more than the postage stamp that I used to use to mail it in.

That got to be too much of a hassle though and I relented and started paying with my checking account still over the phone though.

The phone might actually be only as secure as my phone is, which is to say not really secure at all. On the other hand until a few months ago one bill I couldn't pay by phone was using https frames in an http page* which they swore was totally secure. Only other option would be to mail it to them.

* - This is how it appeared to me - I'm not that knowledgeable in that area but I certainly didn't trust it.

Re:Tip #1:

[Z80a]

That's quite an AT&T vs Verizon situation.
It's a shame some industries like this got a quite bad duopoly.

Re:credit card, 2nd debit account, or prepaid card

[mysidia]

- There's a rush of intrusions into electronic payment systems

So who would you want to expose checking or savings information to the same potential risks?

- Mastercard can tell you spent $26 on toilet paper and USB sticks and they use that information to do evil things like ad campaigns

Your bank can do that too if you write a check, because, information sharing....

Americans are fascinating

[thegarbz]

The fact that you are still asking this question amazes me. I'll skip over the checkbook comment and go straight into: you type your credit card number in at a random website? CRAZY!

Okay onto the serious talk, we live in a world of technology and a world of attacks. The idea is we should chose who we give our personal information to, and we should trust those people to keep it safe. In that regard, putting a credit card in on some random online site is archaic, what happens when that site gets hacked!

Many other countries have payment schemes that prevent the vendor ever being in contact with *your* financial information. Monthly utility bills? Well look to Australia and their BPay system, which is managed entirely from your online bank account with 2 numbers, a Biller number and a Reference number. When filling out the Biller number it is automatically looked up so when I enter it online it will straight away say you're paying your "Origin Energy Gas" bill or something like that. In many other countries they use a similar system with direct debit, an additional set of numbers that reference your account with the third party. That makes it trivial for utilities to manage their accounts.

Now online ... a crap example would be Paypal. The web of trust is then limited to Paypal and your bank as the details used to pay are not entered into the vendor website. Now what you may think of Paypal here is irrelevant to the process. But other countries use similar systems that prevent a vendor from ever having access to your details. E.g. Netherlands iDEAL system. You elect to pay via iDEAL and select the bank. You get redirected to your bank's website where you log in, select which account to pay from, and the bank then sends a confirmation to the vendor that you paid.

Giving vendors your financials is sooo 2005.

Pretty safe

[GuB-42]

Bank often offer insurance against credit card fraud. And it isn't too expensive, sometimes it is built in.
It should tell you it isn't too risky.

Virtual Credit Cards

[gryph0n]

I never use my real credit card number for any online transactions. You don't have any control over your data once give it to the "system". Instead, I use Virtual Credit Cards "VCC". https://en.wikipedia.org/wiki/... These "VCC" have a user configured credit limit, and are good for only transaction. So even if these are stolen/leaked, it doesn't really impact you. My bank typically generates these with a validity of 2 months, so any reverse/cash-backs from the vendor can still use these "VCC" numbers.

Re:credit card, 2nd debit account, or prepaid card

[Vrekais]

If implemented correctly, at least here in the UK, all contactless payment chip & pin will accept any form of contactless payment; Android Pay, Apple Pay, Contactless Debit... they're all one system.

It's one of the many deciding factors for whichever phone I get next, if you have a fingerprint scanner you can pay for purchases >£30 with Android/Apple Pay.

Re:PayPal when possible.

[Rick+Schumann]

I specifically avoid PayPal because their business practices and some scandals there has been surrounding them don't make me feel secure whatsoever. Also it's just more steps necessary to pay or purchase anything, and so far as I know utility companies don't accept it anyway, so that's always been a non-starter.

Euro Experience

[stereoroid]

Euro-peon here (Ireland). I use a debit card linked to my current (checking) account for small purchases, and a credit card for online and larger purchases, which I can usually pay off every month unless it's very large. The debit card is touch-enabled, which has some security features built in. Touch purchases are limited to €30 and after three of those you'll be asked to insert the card and enter the PIN - so if the touch system is compromised there's a "stop" on that. As far as I can tell those touch purchases are authorised without checking your current balance, and might not hit your account until days later.

I have heard of "walk-by" attacks on touch cards here - e.g. one lady I know had €11 taken off her card that was apparently billed to a pay email service on an ISP in New Zealand. Small, one-off charges that the payee might not even notice if they are a heavy user of that card. There are things you can do to avoid that, such as not keeping the card on you in an obvious place such as handbag or back pocket. Or tin foil.

Re:Pay it at Post

[nukenerd]

when having to post something you have to stand in fucking line forever because some dumb old cunt is paying their bills and slowly fumbling around But yes you can pay bills and even expiations at a post office.

Paying their bills? Yes, after they have described their life story to the counter clerk, with enlargement to micro-detail for the last week since they were last in.

Re:Credit YES ------ Debit NO

[nukenerd]

With those numbers on the bottom of each check you write ... someone could withdraw whatever they like from your checking account.

How?

Re:Don't worry, but give your card to the fewest m

[Rick+Schumann]

What if PayPal, Apple Pay, and Amazon get hacked, like everyone else is lately? Now you're screwed. Letting more people store your payment methods is not more secure, it's less secure. You're trusting the wrong people.

Re:Funny and Annoying

[nukenerd]

I can go whenever and for however long and not worry about bills, ecept to make sure there is enough money in the account.

That's the sting in the tail, isn't it?

One of my banks (in the UK) whacked me for a £20 fee when a Direct Debit Payment that I had been unaware of took me about £2 overdrawn. My preferred method is to pay bills by on-line banking so I control when the payment is made and can ensure that my balance covers it.

Easier Solution

[jon3k]

Just use this: https://www.bankofamerica.com/...

Two answers

[dskoll]

Answer #1: Unsafe as hell. SItes are hacked all the time. Banks lose astounding amounts to computer fraud and never report them.

Answer #2: Pretty safe. What's protecting you is not fancy technology, but a legal framework that limits your liability in the event of fraud. This legal framework is essential; without it, the entire system would collapse.

Re:Two answers

[dskoll]

I should clarify that my answer above refers to banks and credit card companies. Bitcoin and Paypal are relatively unregulated. I do make Paypal payments, but I do not have a Paypal account and I always enter my credit card details each time and don't agree to let Paypal store the details.

Use CREDIT not DEBIT

I do not use my checking account or debit card for any purchase, just bill pay to the credit card. Getting your checking account drained by fraud can be disastrous. Credit card fraud is trivial

Re:Tip #1:

[lucm]

Yes, it's like choosing between soft drinks and diet soft drinks. It comes down to a personal preference: do you want obesity/diabetes, or cancer.

Re:Tip #1:

[lucm]

It appears to me that life and the political system themselves are doing a good job of being ironic lately. It's very convenient, we merely have to bring things up and they're hilarious by themselves.

For instance, to "fight sexism" there's groups, conferences, education programs and even hotel floors where only women are allowed. Or there's the "antifascists" who use violence and political pressure to silence people. White and Asian males are discriminated against in the workplace in order to fight against discrimination based on gender and race. Etc.

Prepaid cards

[chuckugly]

My personal solution is to have 3-6 prepaid cards in my possession, and keep reasonably small balances on them. Each card has a specific set of payment responsibilities, so to speak. One card pays utilities and so on, one pays for groceries, one is for incidentals, and one or more lie mostly dormant.

When a card is inevitably compromised, it's one of many, has limits to the damage, and I have an immediate drop in replacement available. I can then proceed with typical fraud recovery without there being any real urgency on my side, other than the desire to recover the funds. When asked for photo ID I never present my drivers license; I use either my work issued ID or if government issued ID is required, my passport card, which supplies much less excess information.

Paranoia and defense in depth. Also, sign up for LifeLock.

Use a CC generator

[junk]

Not the old kind with AOHell but one linked to actual accounts. Banks used to offer them but they never caught on. I use privacy.com and they let you setup " merchant" cards for recurring payments and "burner" cards for one time purchases. I've seen denials on burner cards and then contacted the original vendor about it and helped them track down a data breach. Been using it for over a year now and I'm very happy with the offering.

Unscrupulous people

[iMadeGhostzilla]

http://dilbert.com/strip/1996-...

how safe? "safe enough"

[buddyglass]

If someone gets my CC# and charges stuff then my CC company absorbs the loss. By paying cash you're giving up 2% cash back. That's not a price I'm willing to pay. I'd love if it I could pay *everything* on my credit card. Mortgage, property tax, etc. Want those sweet, sweet rewards.

Value of your time

[bkk_diesel]

Apparently you value your time at a very low rate.
Get a good credit card with some customer service, become a good customer by paying in full every month and if there's ever a problem take it up with them.
To physically go places and pay cash is ridiculous in the year 2017.

The Theft Of Time

[JimSadler]

I can easily pay my monthly bills on line in less than five minutes. To fill out checks and mail them is a slow process that may occupy an hour or two of my time. So in addition to saving stamps and stationary I also save a lot of time every month. Losses from on line bill pay and purchases over the years has been next to none at all. i purchased one pair of shoes that were a bit tight and they were inexpensive. i did not send them back as the cost of shipping and the cost of the shoes were way too close to each other.

Good Thing You're Not In ...

[tmjva]

Sweden, Norway, & Denmark

You may find paying cash nearly impossible.

Nope.

[jsrjsr]

Donuts cannot be expensive when someone else is paying for them.