Skip to main content

Page Content

Content Area

Credit Card Myths

Dispelling the myths of using a credit card on the Internet

Common risks and solutions for using your credit card on the Internet

There is no doubt that risk exists with the use of your credit card on the Internet The listing below shows some of the common situations where theft and fraudulent use of cards occur. The solutions presented are Internet payment system features you should expect from Internet merchants to protect you from these risks.

  1. A cyber thief charges up your credit card after stealing the details, whilst they were in transit, after you had completed an online order.
    SOLUTION ‑ Secure order form that encrypts your credit card details before being sent over the Internet and real time transaction processing that usually takes no longer than 15 seconds;
  2. A cyber thief charging up your credit card after stealing the details while they were sitting on the Merchants web server waiting to be taken offline and processed.
    SOLUTION ‑ Secure merchant server, built in encryption of the order form and real time transaction processing (the order does not sit waiting on any merchant server);
  3. A cyber thief breaking into the Merchants computer systems to gain access to the stored credit card details of customers.
    SOLUTION‑ The merchant's real time payment system does not return customer credit card numbers to the merchant. For non real time, customer credit card numbers are stored by the merchant an encrypted database that is extremely difficult to crack;
  4. A cyber thief breaks into the storage area of the merchant's third party credit card processor and steals your credit card number.
    SOLUTION ‑ The merchant uses a reputable credit card processor with very high security levels, this is especially the case with real time processing;
  5. A Merchant web site that does not deliver product once a credit card has been charged. SOLUTION: The merchant payment system must verify the identity of the merchant during transaction processing (this will always be done if the merchant uses a reputable third party processor). If merchant has after sales service, free offers, adequate contact information and testimonials non delivery of product is unlikely;
  6. A Merchant that has given your credit card details to another business that has illegally charged up the card.
    SOLUTION: The merchant has a privacy policy and even better, it does not store your credit card details at all, which means it cannot hand them on to anyone; and
  7. A thief stealing your physical card from your wallet, house, car or any other common places you leave your card and using it for an online transaction.
    SOLUTION‑ Always keep your card either on you or in a secure place.

What rights do you have with fraudulent use of your credit card from an Internet transaction?

This is a big let out clause for you. All Internet credit card transactions can be repudiated by the cardholder within six months of the card being charged, subject to you giving a valid reason to your cardholder bank to reverse the transaction. This would be after fraudulent use of your card or return of product because you are unhappy with it.

As a result of standardised credit card law operating in most countries of the world, your bank cannot hold you liable for more than $50 of fraudulent charges. This repudiation clause places a lot more risk on the merchant than the cardholder.

There are a small number of unscrupulous credit card holders who get perverse pleasure out of defrauding merchants and banks by claiming they have not received goods, especially digital goods, when they have received them. There are lists available on the Internet of customers that regularly carry out these activities and merchants can access these during transaction processing to terminate orders.

What are the danger signs on a merchants web site?

  • No secure order form (minimum SSL indicated by a locked key in the left side of the page);
  • Merchants that make no indication on their site of how they handle your credit card after the transaction ( are they stored at all and if so, are they in an encrypted database);
  • No credibility elements on the site such as third party testimonials, links to client or customer sites, phone numbers, address and description of company background;
  • No services or free products on the site that show the merchant wants to build relationships with customers;
  • No privacy policy describing protection of customer details.
  • Merchants that take more than 24 hours to process your transaction.

Is using your credit card on the Internet less secure than the physical world?

Lets examine situations of paying by credit card off the Internet before answering this question.

  1. With physical use of your credit card at a restaurant, you can eyeball the merchant, which gives you comfort that you are getting the goods you want. The downside is that the merchant keeps your credit card number and if they are using a manual credit card imprint machine, they can run more than one imprint of your credit card through their machine. Never let a merchant in this situation take your credit card " out the back".
  2. For phone order sales you supply your credit card to a person you don't know over the telephone and they may process it while you are on the phone through their POS device. This is fast and reasonably secure except that person and their employer has your credit card number and you can't eyeball the merchant.
  3. For catalogue sales‑ you enter your credit card on a form, send it in the mail and the business processes the transaction. Your letter, with card number, could be intercepted before reaching the company. Once received by the company, any member of staff that handles the order form will view your card number. The company will store your credit card number

For Internet sales you cannot eyeball the merchant.

The customer uses a secure order form that encrypts their credit card details and can only be read by the secure server of the merchant. This information is encrypted again and sent to the credit card processor and then sent to the card holder bank for card validation. Transaction approval or rejection is sent back to the customer. This process usually takes no longer than 15 seconds. The merchant does not store the customer's credit card number.

It is obvious that this method of processing transactions is far more secure than any of the three examples presented above. Of course, not all Internet merchants operate in this manner.

For a merchant without real time transaction validation they may download encrypted orders and process them through a POS device to the credit card processor. At the bottom of the list is the downloading of unencrypted orders with manual processing and banking into a merchant account. Not only is this last option more risky for the customer but it also greatly increases the risk to the merchant of fraudulent transactions.

How to verify the identity of the merchant?

  • If the merchant claims to provide secure orders, you can view the details of their secure server by simply clicking on the security icon on your browser. If the site is secure it will tell you " this page is encrypted". This enquiry will also tell that it is the site of the business you think you are dealing with.
  • Contact them by phone;
  • Find out who is handling their transaction processing (this may be disclosed on their web site). If its carried out by a third party that is a well known company you will have no problems.
  • Ask the merchant for names of happy customers and contact them
  • If the merchant offers no phone number, URL or email address, avoid them like the plague (unfortunately this is the mode of business that many spammers use with email broadcasting).

What simple steps can you take to protect your credit card?

  • Never use your credit card to purchase a product from an unsolicited email message where the sender does not have a web site;
  • Use a credit card that does not have a huge credit card limit on it. If it is stolen you don't have much to loose;
  • Beware of sites that take more than 24 hours to process your credit card transaction; and
  • Never enter your credit card details into a web site order form that is not secure, look for minimum SSL, which means the key will appear at the bottom of the page in the left hand corner; and
  • Be careful with the physical security of your credit card.