> >And a repeat of the standard: buy only from known and trusted > > There are millions of web merchants. I can't know them all. How can I > tell if a site is trusted?
You can't. Even if a merchant is trusted, the employees may not be trustworthy or their database could get broken into and have all of your info stolen. I work on investigations of systems when this kind of thing happens and I can tell you it is *very* frequent and only a fraction of companies notify customers when it happens, even though it is required by state law. Yet, I constantly buy stuff online. How do I feel safe? Credit laws. See: http://en.wikipedia.org/wiki/Credit_card_fraud#Cardholder_liability Use a credit card (don't buy online with a debit card where it requires you to enter a PIN) and keep an eye on your statement. If there's ever any charges that aren't yours, get them removed and have them reissue you a card. So if you don't end up paying for fraud, who does? The merchant who accepted the fraudulent charges does. Ultimately, they should have done a better job validating the card and your identity, so they eat it. This is one reason CVV2 numbers are used. Merchants are required *not* to store these numbers after the transaction has cleared. If all merchants do this and use CVV2 numbers, it makes it quite a bit harder to reuse a card after a database has been stolen. HTH, tim _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
