For shame! The invisible folks at PayPal now think that in order to verify your credit card payment/donation on a PayPal page, you should voluntarily give them your checking account number and personal ID number (PIN) to assure them you will pay.
I am not the only one taking exception to this.
The New York Times ran an article in the Sunday Business section on March 26th. They think it's foolhardy too.
Why would anyone ever give more personal information that is absolutely needed?
The combination of your street address, zip code (called Address Verification in the e-payments business,) coupled with the CVV (3- or 4-digit code on the back of Visa/MasterCard/Discover cards and front right corner of American Express cards, respectively) is plenty of identification in almost all cases, in my opinion.
The real effect of asking all this information PLUS your checking account number and PIN, is to drive e-tail purchasers and online donors, away from PayPal payment pages. While this appears to hurt ecommerce and online donations, to quote Martha Stewart, that's "a good thing!" for you. Really.
Why?
PayPal is expensive, allows no customization and lacks efficient client service (according to my clients). I have lots of other reasons too, acquired from former PayPal clients.
Now they want your personal ID number and checking account number! C'mon...
Showing posts with label secure. Show all posts
Showing posts with label secure. Show all posts
Monday, April 5, 2010
Thursday, June 4, 2009
what NOT to do
Phishing and other scams are prevalent. I receive them from time to time.
In this real life story, one very intelligent friend of mine was duped, and her mistake is everyone's lesson in what NOT to do.
She received an email from Yahoo, her email provider, asking for your password, and thinking it was official, she replied. Mistake.
Yesterday morning I received this email from her (so did ALL her other email contacts, business and personal); typos in the quoted section appear as I received it:
I am in a hurry writing you this message i am sorry i didn't inform you about my urgent trip to London, i don't have much time on the pc here,so i have to brief you my present situation which requires your urgent response actually, I had a trip to London but unfortunately for me all my money got stolen at the hotel where i lodged due to a robbery incident that happened in the hotel.I had been so restless since last night cos i have been without any money moreover the Hotel's telephone lines here got dissconnected by the robbers and they are trying to get them fixed back i have access to only emails at the library because my mobile cant work here so i didnt bring it along,please i want you to help me with money so please can you send me 1,200 Pounds so when i return back i would refund it back to you as soon as i get home,I am so confused right now and dont know what to do,Please you can have it sent through Western Union Money Transfer so will get it immediately its sent but let me know if you can help me then i will make findings.please let me hear from you so i can give you my the address and name where you can send the money to today please.Its really urgent for me as i dont know what to do right now than to leave here soonest you send it to me and i'll pay you back immediately i get home..Thanks alot for your kindness,
I will really appreciate your quick response.
Best Regards
(I deleted her name to protect her innocence!!!)
I thought that a professional writer (which she is) would do a better job writing this and her husband would have sent the money if this were indeed a real situation. Besides we knew she was home and not in London.
But the annoyance of having to admit her error and the consequences to all her email contacts ruined her day. And don't you think she felt her online security was violated? Humor: she did admit that as a result of this scam email, she never knew she had so many friends who cared so much about her...silver lining?
Even if it seems official, forward that phishing email to abuse@(your ISP).com. They will track the bad guys down if they can. If they have time to...
So tell your friends, your kids, you parents, that what appears to be a legitimate, official-looking request for your email password is actually a scam designed to find one dummy in your email list who might just send the money to help you out in a panic, and enrich a scammer.
Be safe.
In this real life story, one very intelligent friend of mine was duped, and her mistake is everyone's lesson in what NOT to do.
She received an email from Yahoo, her email provider, asking for your password, and thinking it was official, she replied. Mistake.
Yesterday morning I received this email from her (so did ALL her other email contacts, business and personal); typos in the quoted section appear as I received it:
I am in a hurry writing you this message i am sorry i didn't inform you about my urgent trip to London, i don't have much time on the pc here,so i have to brief you my present situation which requires your urgent response actually, I had a trip to London but unfortunately for me all my money got stolen at the hotel where i lodged due to a robbery incident that happened in the hotel.I had been so restless since last night cos i have been without any money moreover the Hotel's telephone lines here got dissconnected by the robbers and they are trying to get them fixed back i have access to only emails at the library because my mobile cant work here so i didnt bring it along,please i want you to help me with money so please can you send me 1,200 Pounds so when i return back i would refund it back to you as soon as i get home,I am so confused right now and dont know what to do,Please you can have it sent through Western Union Money Transfer so will get it immediately its sent but let me know if you can help me then i will make findings.please let me hear from you so i can give you my the address and name where you can send the money to today please.Its really urgent for me as i dont know what to do right now than to leave here soonest you send it to me and i'll pay you back immediately i get home..Thanks alot for your kindness,
I will really appreciate your quick response.
Best Regards
(I deleted her name to protect her innocence!!!)
I thought that a professional writer (which she is) would do a better job writing this and her husband would have sent the money if this were indeed a real situation. Besides we knew she was home and not in London.
But the annoyance of having to admit her error and the consequences to all her email contacts ruined her day. And don't you think she felt her online security was violated? Humor: she did admit that as a result of this scam email, she never knew she had so many friends who cared so much about her...silver lining?
Even if it seems official, forward that phishing email to abuse@(your ISP).com. They will track the bad guys down if they can. If they have time to...
So tell your friends, your kids, you parents, that what appears to be a legitimate, official-looking request for your email password is actually a scam designed to find one dummy in your email list who might just send the money to help you out in a panic, and enrich a scammer.
Be safe.
Sunday, September 21, 2008
new law
On October 1st, 2008 a new law will be enforced in Connecticut.
In a nutshell, every business, nonprofit or other organization that requests private identification numbers
In a nutshell, every business, nonprofit or other organization that requests private identification numbers
- Social Security numbers
- health insurance numbers
- driver's license numbers
- credit card numbers, etc.
must encrypt them on their systems, limit access to them by employees who are in a need-to-know status, and post a policy on their website, intranet and on employee bulletin boards saying this is their policy.
To download my white paper on ways to implement this law and to protect yourself from most breaches, go to: http://marchalpert.googlepages.com/whitepaper_new_law_in_ct_01oct08.
Please feel free to share with others.
Monday, October 29, 2007
White Paper on the new law in CT
Here is a link to the white paper we have just completed analyzing the effect of the new law in Connecticut on businesses and organizations doing business here:
http://marchalpert.googlepages.com/WhitePaperoct07.pdf
In a nutshell, the law states that if your organization or company is the source of a breach of personal data of any customer, you can be held financial liable to correct the banking loss of that person and his/her banks. Connecticut is the second state in the nation to enact such a law.
Please pass this to anyone who can benefit from it. They need to know the ways to remedy their exposure. Let us know if you have any questions.
http://marchalpert.googlepages.com/WhitePaperoct07.pdf
In a nutshell, the law states that if your organization or company is the source of a breach of personal data of any customer, you can be held financial liable to correct the banking loss of that person and his/her banks. Connecticut is the second state in the nation to enact such a law.
Please pass this to anyone who can benefit from it. They need to know the ways to remedy their exposure. Let us know if you have any questions.
Subscribe to:
Posts (Atom)