 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
I want to pay my dues as a supporter of tiritiri matangi
(http://www.tiritirimatangi.org.nz/) What would be a secure way to do
that? Given that I am not in the same country and they are not big
enough to have a secure payment by internet.
It is my impression that e-mailing credit card info is not really save.
- They suggest e-mailing the expiry info separately. It may help but not
much, I guess.
- Will breaking the credicard number in two for separate e-mails or
adding letters in between or something like that help more (packet
sniffing will not find 16 consecutive numbers that conform to a pattern).
- Is it really not possible to have secure credit card payment for small
groups? They do have a shop on the island and you can order
internationally by internet.
- They mention 'Direct Credit / Internet Banking' with an account
number. I have not heard of that before. They don't mention the name of
the bank. So do I have to ask for more info?
- any other options or suggestions?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Do it as a wire transfer; if you have a local Western Union office (or
something equivalent) that would be the way to go.
I wouldn't send the info in the clear over the 'net ever.
Another possible option would be to use encrypted e-mail, but you (and
they) would need to set up for that in advance.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 22-Jul-08 22:06, Jim Henderson wrote:
> Do it as a wire transfer; if you have a local Western Union office (or
> something equivalent) that would be the way to go.
I think I'll need the bank's info for that too.
> I wouldn't send the info in the clear over the 'net ever.
>
> Another possible option would be to use encrypted e-mail, but you (and
> they) would need to set up for that in advance.
>
A previous time I set up a html file with part of the info on my own
server. After I saw that it was accessed I removed it. Still not totally
safe and I shut down my server here in the attic.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
>
> - They mention 'Direct Credit / Internet Banking' with an account
> number. I have not heard of that before. They don't mention the name of
> the bank. So do I have to ask for more info?
>
I would write this account number (and possibly other information, if I
actually got some) down, head to my local bank and ask them how to do
the transfer. Most probably they would print me out a international cash
movement paper to sign and it would cost some extra, but if the bank
says it's safe and is ready to take responsibility of those words, I'd
count on them.
--
Eero "Aero" Ahonen
http://www.zbxt.net
aer### [at] removethis zbxtnetinvalid
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 22 Jul 2008 22:17:40 +0200, andrel wrote:
> On 22-Jul-08 22:06, Jim Henderson wrote:
>> Do it as a wire transfer; if you have a local Western Union office (or
>> something equivalent) that would be the way to go.
>
> I think I'll need the bank's info for that too.
Depends on how it's done - electronic money order may only need the
target organisation. You may be able to use a routing number for the
bank (which is public info anyway) and the account holder's name. You'll
need your bank's info, of course, but that's also easily obtained.
>> I wouldn't send the info in the clear over the 'net ever.
>>
>> Another possible option would be to use encrypted e-mail, but you (and
>> they) would need to set up for that in advance.
>>
> A previous time I set up a html file with part of the info on my own
> server. After I saw that it was accessed I removed it. Still not totally
> safe and I shut down my server here in the attic.
Yeah, I don't know that I'd do that either - if someone happens to find
the URL and reads it who isn't who you intended, the info is then out in
the wild.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 22-Jul-08 22:37, Jim Henderson wrote:
>> A previous time I set up a html file with part of the info on my own
>> server. After I saw that it was accessed I removed it. Still not totally
>> safe and I shut down my server here in the attic.
>
> Yeah, I don't know that I'd do that either - if someone happens to find
> the URL and reads it who isn't who you intended, the info is then out in
> the wild.
I know it was accessed only once. And it contained half the info. The
only way to sniff it would be to sniff both the e-mail and the html
transfer. Still doable if you really want to, but I though it was safe
enough. But only just.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 22 Jul 2008 23:09:22 +0200, andrel wrote:
> On 22-Jul-08 22:37, Jim Henderson wrote:
>
>>> A previous time I set up a html file with part of the info on my own
>>> server. After I saw that it was accessed I removed it. Still not
>>> totally safe and I shut down my server here in the attic.
>>
>> Yeah, I don't know that I'd do that either - if someone happens to find
>> the URL and reads it who isn't who you intended, the info is then out
>> in the wild.
>
> I know it was accessed only once. And it contained half the info. The
> only way to sniff it would be to sniff both the e-mail and the html
> transfer. Still doable if you really want to, but I though it was safe
> enough. But only just.
In a way, it's kinda funny; many people (myself included) are much more
paranoid about disclosing this info online than in a shop, yet
(particularly if the shop has an old-style credit-card imprint machine)
the cashier in the shop is usually high-school or college age, often has
access to the records after hours, and all the information is on the
slip. The advent of CCV2 numbers on cards (at least here in the US)
would be a deterrent, but it's not inconceivable that they could get the
info off the card fairly easily - just takes a pad of paper and
reasonable short-term memory (to wait for the customer to leave the
store).
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 22-Jul-08 23:48, Jim Henderson wrote:
> On Tue, 22 Jul 2008 23:09:22 +0200, andrel wrote:
>
>> On 22-Jul-08 22:37, Jim Henderson wrote:
>>
>>>> A previous time I set up a html file with part of the info on my own
>>>> server. After I saw that it was accessed I removed it. Still not
>>>> totally safe and I shut down my server here in the attic.
>>> Yeah, I don't know that I'd do that either - if someone happens to find
>>> the URL and reads it who isn't who you intended, the info is then out
>>> in the wild.
>> I know it was accessed only once. And it contained half the info. The
>> only way to sniff it would be to sniff both the e-mail and the html
>> transfer. Still doable if you really want to, but I though it was safe
>> enough. But only just.
>
> In a way, it's kinda funny; many people (myself included) are much more
> paranoid about disclosing this info online than in a shop, yet
> (particularly if the shop has an old-style credit-card imprint machine)
> the cashier in the shop is usually high-school or college age, often has
> access to the records after hours, and all the information is on the
> slip. The advent of CCV2 numbers on cards (at least here in the US)
> would be a deterrent, but it's not inconceivable that they could get the
> info off the card fairly easily - just takes a pad of paper and
> reasonable short-term memory (to wait for the customer to leave the
> store).
>
Sure, but in most cases when multiple cards are misused you can trace it
back to one or more stores if that happens. With e-mail it can happen
anywhere. I guess that whatever I write to these guys in NZ my mail will
pass through the US at some point and at least their security service
will scan it for tell tale words. When I'd fly to the US they also want
my recent credit card info, so I assume they also filter those numbers
out from e-mails that happen to pass through their territory. Actually
they would do that even for e-mails that never reach the US. And so
would the dutch and the sovjet intelligence services.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Wed, 23 Jul 2008 00:01:43 +0200, andrel wrote:
> Sure, but in most cases when multiple cards are misused you can trace it
> back to one or more stores if that happens. With e-mail it can happen
> anywhere. I guess that whatever I write to these guys in NZ my mail will
> pass through the US at some point and at least their security service
> will scan it for tell tale words. When I'd fly to the US they also want
> my recent credit card info, so I assume they also filter those numbers
> out from e-mails that happen to pass through their territory. Actually
> they would do that even for e-mails that never reach the US. And so
> would the dutch and the sovjet intelligence services.
Huh? Our border folks ask for *credit card info* upon entry to the US?
That's news to me....But I always go through the "citizens" line, so I'm
not as familiar with what the process is for non-citizens.
But it's not so much about the security services - it's about the thieves
who use the information for their own ends.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 23-Jul-08 0:46, Jim Henderson wrote:
> On Wed, 23 Jul 2008 00:01:43 +0200, andrel wrote:
>
>> Sure, but in most cases when multiple cards are misused you can trace it
>> back to one or more stores if that happens. With e-mail it can happen
>> anywhere. I guess that whatever I write to these guys in NZ my mail will
>> pass through the US at some point and at least their security service
>> will scan it for tell tale words. When I'd fly to the US they also want
>> my recent credit card info, so I assume they also filter those numbers
>> out from e-mails that happen to pass through their territory. Actually
>> they would do that even for e-mails that never reach the US. And so
>> would the dutch and the sovjet intelligence services.
>
> Huh? Our border folks ask for *credit card info* upon entry to the US?
> That's news to me....But I always go through the "citizens" line, so I'm
> not as familiar with what the process is for non-citizens.
What they want to know is what credit cards you have and what you bought
from who. Just to make sure you don't have financial relations with
extremists of a religion other than the dominant one in the US. Or so
they say. You don't have to provide that yourself upon entry. Your
airline has to provide part of it and the banks have to provide the rest
and that is all before you are actually in the states. I don't know the
exact details, these are in treaties between the US and the EU. I can
only assume the EU signed that out of free will and that all details are
public.
> But it's not so much about the security services - it's about the thieves
> who use the information for their own ends.
I know, just making the point that if you exchange credit card info by
e-mail, someone is probably aware of that. And that hacking some
machines in the US (and elsewhere) may provide you with credit card info
from a substantial group of people.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
