Mail Ordering

planetFigure

Help Support planetFigure:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
C

Craig B

Active Member
Joined
Oct 12, 2003
Messages
33
Location
winnipeg, mb, canada
I've been browsing some of the figure manufacturers sites and while some have direct mail ordering of their products to customers, not all seem to have secure sites (the little padlock icon at the bottom of the window frame).

This is a bit unsettling for me to pass along my credit card information on what appears to me an unsecure site. Is this an issue for anyone else. I know that the alternative is to mail your card info and then use their site but doesn't make for quick easy purchasing.

Craig Baldwin
 
I never pay with credit card, I don't have one, so that's easy. I also have a modelling business and I let customers pay by banktransfer AFTER they have got their models. From what I've heard so far that's what they all like.

Gino
 
Hello Craig,

I too use Bank Transfer ot send a postal money order.....don't like using credit card online.......bad experience there.

Guy
 
Hi Craig

In the past I have written code for on line sites using payment by credit card. I personally have no problems giving details on line so long as I see the padlock, because I know the amount of encryption needed for it and that it is quite safe.

however if you do not see the padlock, it means that your info can be effectively seen by anybody who cares to look so my advice would be to never use an online payment service without it, and I would think twice about using a company who takes that attitude to their customers security.

Sounds over dramatic, but you can never be too sure with these things.

Richard.
 
PayPal or other online payment systems (simple) to setup should be encouraged should they lack the ability to code it themselves or lack a (SSL) secure server.
 
Craig-

I have a credit card specifically for purchsing on the net. It has a limit of $300 and no more. I also try to only use sites with the paddlelock.

Yancy
 
Many of my customers have called or sent their cc# view the mail asking me to keep it on file for future purchases. From then on, they order buy email. I have a lot of people to whom I send the order with an invoice and get payment after. Obviously some trust there although I only had to go to extreme lengths once to get paid.

I don't have the money to get a SSL (whatever that is) nor have I taken the time to figure out how to put it on my site. I do take PayPal on Ebay but have not taken the time to add it to my site.

Some business man, eh?
 
Originally posted by VPW001@Nov 18 2003, 05:06 AM
Many of my customers have called or sent their cc# view the mail asking me to keep it on file for future purchases. From then on, they order buy email.
Click to expand...
excellent idea (y)
 
Thanks to everyone who replied. I've used my credit card for ordering from some suppliers online and really don't have a problem with it if they use a secure site. If you take the proper precautions with logging off and clearing memory cache it should provide enough security. I was just surprised some of these sites didn't have the security. In my opinion an online business is no different than the business down the street from me, you don't know who works for them. Besides all banking information travels by phone lines regardless of being dredit card, debit card or just using your bank card at your local cash machine.

I didn't think of using Paypal but I may use that. Money orders cost more plus the exchange rate so thats why I use CC.

Thanks again to everyone.

Craig
 
When I was setting up my web shop I looked into all of the security aspects - it was a bit of a nightmare as I am not a computer geek (yet!). I took advice on SSL and it was all a bit scary. Apparently SSL keeps information secure when it is travelling from the website to the server but this is not the end of the trail. If the information is stored on the server to be accessed by the shop owner that is OK but if it is transmitted by email to the shop owner it is no longer secure. The way to secure this is by using PGP but this can be a problem as you need a licence for the commercial product and many small shops (and you can't get too much smaller than mine at the moment!) simply couldn't afford it.

In order to make sure that my shop was secure I decided to use Globecharge. This is a service for which I have to pay a monthly fee but I think it is worth it to know that information is safe. The customer puts their credit card information in on my site. The information is transmitted to Globecharge using SSL and stays on their server - safe and sound. I get an email telling me that there is an order and I have to log on to my Globecharge account to pick up the details.

It is interesting that so many people use direct transfer. I took a payment from Hong Kong and the charges were huge. Perhaps the Euro makes things easier for some but transfers in foreign currencies are cost prohibitive.

Having done the research for my own website I must admit I am far more careful about using others - and have adopted the small limit credit card approach. No doubt a boffin will put me right but I think I am right in saying that even if the website offers SSL encryption and the lock symbol comes up this does not guarantee full safety - ouch!

I also use Paypal - both to buy and sell - and have had no problems. However. if you want to scare yourself about this method check out paypalsucks.com - there are some very unhappy folk out there.

Debbie :)
Debra Raymond Military Figures
www.militaryfigures.co.uk
 
Hi Debbie

I notice you mention PGP in your post, PGP is an incredibly secure email encryption system and I think is used by the military. However for your (and therefore anybody else picking up on this) purposes I'm afraid it is totally useless.

The way it works is to encrypt using a hexadecimal key system based upon a plain text security passprase that you enter. However for the other end to read it you need to exchange keys and sign them off at either end. That would mean that all of your email customers would need to not only have a copy of PGP installed but also would have to exchange and verify keys with you, bit of a mammoth task.

Richard
 
Let's face it.

Any data travelling in the cyberspace can be retrieved one way or another by a third party providing they have the proper know-how and motivation. Like Debbie said, no server can claim to be secure at 100%.

So if you can't beat them on the high-tech terrain, why not try the low-tech solution? How? It's simple:

1– Maintain a low profile. Use the 'regular' e-mail to place your order. Just another face in the crowd, away from the so-called secure servers which just serve as beacons for maligned-minded hackers.

2– Break down the details of your card into 2 or more parts and send them via separate e-mails.

For example, first e-mail with the name of the card holder and the first 4 digits of the card number. Then one or two days after, a second e-mail with the remaining digits and the expiry date. The recipient (shop/trader) would have to piece the 2 (or more) parts of the puzzle together to get the full data.

It wouldn't garantee you against anything but it would be tough luck if you stumble on a cyber-bandit desperate and patient enough to sift through the billions of e-mails to get to your CC data.

Having said that, we've always had customers who order via e-mail and give us the full data of their card to keep for future transactions, and so far we haven't had any problem.

Or maybe we're just being lucky? ;)

Quang
 
I notice you mention PGP in your post, PGP is an incredibly secure email encryption system and I think is used by the military. However for your (and therefore anybody else picking up on this) purposes I'm afraid it is totally useless.
Click to expand...

I think PGP can be used because the shop owner registers their key with the server where the info is stored. They don't need all of the customers to have a key because the PGP encryption is only used when sending the data from the collection server to the shop owners email address. That said, it all got too horribly complicated for me, hence my decision to use a system where no sensitive info is ever sent by email - I just log on and print off - simple as that!

I have also had customers send me their details in two or more emails and no-one has come unstuck yet to my knowledge.

Debbie
 
Lots of talk going on here about safety on the net with Credit card transactions. Nope your right nothing is 100% safe when dealing with on line transactions, anything can be decrypted as long as you have the relevant tools and codes etc.

Want to be safe, ring em up, otherwise the most you can hope for is a safe server ie ssl 192 bit preferbaly 128 bit definatley though not many 192 bit about.


If you worry about these things I would adopt the position of Debra small limit Cedit card through paypal who guarantee your safety, thought they too are as vunerable as some.

I deal with this stuff everyday(I am a systems administrator for a softwarehouse)my company adopts the stance of not allowing payment on line. JUst remeber to watch for the lock its a good sign just not 100% if in doubt ring them.

Just for reference Hackers wouldn't sift your mail they would just take it and search through it easy to do with search or find options, once one bit that could be usefull is found you then ask your email client to find all other mail from this person,sometimes from experience I have found these people will go to extraorsdinary lengths to get what they want from you.


Regards

Robin
 
Like I said, maybe we're just being lucky, eh?

Robin, now that we have a pro at hand, can you please tell me what the hackers can do with the CC data?

I mean, we traders, have to put on a lengthy procedure with checks and counter-checks in order to debit a card. I cannot see how we can debit anybody's account without being traced one way or another. So what do the hackers do with a card data (aside buying themselves some extra time on some porn sites).

I really want to know. Thanks,

Quang
 
Hi Quang

Sorry for the length of time to reply, to be truthfull alot of hackers do nothing the chance of the chance of getting caught outwieghs the tempatation. Alot do it just because they can and all they do is look around your pc or more likely the comapny pc.

Some use it buy allsorts and I mean allsorts I have heard from people that they buy thier groceries online, birthday presents for thier loved ones, to pay for computer equipment but mostly porn, which can be sold on to make money.

From teh advent of broadband home hacking is alot more prolific so all should employ some sort of firewall and of course a decent virus checker, my recommendation for both is Norton(Symantec) easily installed and handled.

If you want to check your own security try the following site:

https://www.grc.com/x/ne.dll?bh0bkyd2

any more questions please ask.

Robin
 
Thanks, Robin (y)

Guess we all have to live with it.

Just like crossing a street. If we're aware of all the accidents that might happen, we'd never go out. But hell, there's danger in the kitchen too. :(

Have a good day!

Quang
 

Similar threads

M
Review: The Rendezvous - 1/72 (Whitestork Miniatures)
Replies
0
Views
384
MassiveVoodoo
M
Jamie Stokes
What is a diorama? Box dioramas; setting the scene, controlling the lighting, colour effects,...
Replies
0
Views
408
Jamie Stokes
Jamie Stokes
Martin Antonenko
May 3, 1909
Replies
1
Views
296
Nap
Nap
kilsh
Jinkoo Park - Scammer, Avoid
Replies
10
Views
1K
Ned Ricks
Ned Ricks
NeilW
  • Locked
ARE HIGH FIGURE PRICES AN OPEN INVITATION TO RE-CASTERS?
2 3 4
Replies
64
Views
6K
Nap
Nap

Latest posts

Back
Top