I had a big shock today when I placed an order by phone with a well known tools company who told me that they no longer need to ask for my debit card number, because it is saved on their computer system and all they need is my three digit security number to complete the transaction. I use this company on a regular basis and probably can't find another company which stocks all the things which I need to get from them.
I can remember that TK Max was also keeping customers card numbers on their computer system and someone hacked into their system stealing customers card numbers and TK Max had to warn these customers, resulting in some very bad publicity for TK Max. With this in mind, I am very concerned about this and will be waiting outside my bank when they open tomorrow morning to get my debit card cancelled and a new one issued with a different number.
So what on earth is the point in them doing this? In future, I will have no chioce, but to send them a cheque in the post and pay for a postage stamp and envelope, or else find another supplier. I really can't believe that this can be happening, or that companies are even allowed to do this? Sadly, I think I now need to ask all my other suppliers if they are doing this too!
Supplier has my debit card No on their computer system
-
- Posts: 11019
- Joined: Sat 25 Mar, 2006 8:40 pm
- Location: Devon, U.K.
- Organisation: The Dartmoor Gallery
- Interests: Lost causes, saving and restoring old things, learning something every day
- Location: Glorious Devon
Supplier has my debit card No on their computer system
Mark Lacey
“Life is short. Art long. Opportunity is fleeting. Experience treacherous. Judgement difficult.”
― Geoffrey Chaucer
“Life is short. Art long. Opportunity is fleeting. Experience treacherous. Judgement difficult.”
― Geoffrey Chaucer
- Tudor Rose
- Posts: 1121
- Joined: Wed 10 Mar, 2010 4:07 pm
- Location: Dawlish, South Devon
- Organisation: The Framing Lot
- Interests: Tudor history, swimming, walking and needlework.
- Contact:
Re: Supplier has my debit card No on their computer system
I hate to think how many companies hold card details of mine - from Amazon, Tesco, insurance companies for automatic renewals and even Parentpay to put money on our boys accounts to pay for school dinners and trips. The list goes on and on. Some need the 3 digit security number to authorise payment, others don't. The company holding the information is legally obliged to store it safely and securely and it is their cost if there is a problem and your data gets lost and fraudulently used. They would have your details for each transaction stored anyway for their record purposes so it's not much different from that. I doubt the operator could see the whole number, they probably only see the last four digits of the long number to be able to identify the card, I expect the rest is encrypted.
If you are that worried about it then it might be worth getting a credit card to use rather than a debit card (you can earn points or whatever on those too which is another bonus) but using a credit card does give you other legal protection against fraud over and above those on debit cards.
I certainly don't think you need to cancel the card, as I said they would have your information from the other transactions you'd done with them anyway, even if they agree to not automatically call it up for future transactions. This really is quite a normal thing to have this sort of information stored these days. But if you aren't happy with it then ask them if they can sort it for you.
If you are that worried about it then it might be worth getting a credit card to use rather than a debit card (you can earn points or whatever on those too which is another bonus) but using a credit card does give you other legal protection against fraud over and above those on debit cards.
I certainly don't think you need to cancel the card, as I said they would have your information from the other transactions you'd done with them anyway, even if they agree to not automatically call it up for future transactions. This really is quite a normal thing to have this sort of information stored these days. But if you aren't happy with it then ask them if they can sort it for you.
Jo Palmer GCF(APF) Adv
Textile, Mount Design & Function & Conservation
Forum Moderator & Framing Educator
www.pictureframingtraining.com
Guild Certified Examiner & Guild Accredited Trainer
Guild Master from May 2019 to May 2022
Textile, Mount Design & Function & Conservation
Forum Moderator & Framing Educator
www.pictureframingtraining.com
Guild Certified Examiner & Guild Accredited Trainer
Guild Master from May 2019 to May 2022
-
- Posts: 11019
- Joined: Sat 25 Mar, 2006 8:40 pm
- Location: Devon, U.K.
- Organisation: The Dartmoor Gallery
- Interests: Lost causes, saving and restoring old things, learning something every day
- Location: Glorious Devon
Re: Supplier has my debit card No on their computer system
It concerns me that it is not difficult to clone a credit or debit card if you can get the customers details and card number. All valid card numbers are based upon a mathamatical construction known as Modulo 10, which makes it possible to reconstruct the data stored in the chip on the card and program a card to appear to be a valid card.
It then only requires an undetected virus on the companies computer system to steal the three digit security number during an actual transaction. One of the most difficult viruses to detect is called a rootkit and these viruses are usually almost impossible to detect by normal anti-virus programs. The normal way to detect these is by looking for particular behaviour patterns. Finding and removing the virus can be even more difficult.
One of the things which I object to is the fact that the company does not consider that I ought to have the chance to decline to have my card details stored on their system for future transaction and instead choose to tell me nothing about this. My home telephone provider offered me the opportunity to store my card details on their system for my convenience and I was able to decline this, but this other company in question just did it and said nothing.
It then only requires an undetected virus on the companies computer system to steal the three digit security number during an actual transaction. One of the most difficult viruses to detect is called a rootkit and these viruses are usually almost impossible to detect by normal anti-virus programs. The normal way to detect these is by looking for particular behaviour patterns. Finding and removing the virus can be even more difficult.
One of the things which I object to is the fact that the company does not consider that I ought to have the chance to decline to have my card details stored on their system for future transaction and instead choose to tell me nothing about this. My home telephone provider offered me the opportunity to store my card details on their system for my convenience and I was able to decline this, but this other company in question just did it and said nothing.
Mark Lacey
“Life is short. Art long. Opportunity is fleeting. Experience treacherous. Judgement difficult.”
― Geoffrey Chaucer
“Life is short. Art long. Opportunity is fleeting. Experience treacherous. Judgement difficult.”
― Geoffrey Chaucer
Re: Supplier has my debit card No on their computer system
Keeping your card data comes under PCI and data protection rules. I would ask them if they conform to both and if they don't to please remove your card details. They risk a massive fine if they allow your card details to be accessed by a third party.
-
- Posts: 11019
- Joined: Sat 25 Mar, 2006 8:40 pm
- Location: Devon, U.K.
- Organisation: The Dartmoor Gallery
- Interests: Lost causes, saving and restoring old things, learning something every day
- Location: Glorious Devon
Re: Supplier has my debit card No on their computer system
I've ordered a new card and the old one has been cancelled.
Mark Lacey
“Life is short. Art long. Opportunity is fleeting. Experience treacherous. Judgement difficult.”
― Geoffrey Chaucer
“Life is short. Art long. Opportunity is fleeting. Experience treacherous. Judgement difficult.”
― Geoffrey Chaucer
- pramsay13
- Posts: 1377
- Joined: Tue 27 Sep, 2011 11:46 am
- Location: Stonehouse, Lanarkshire
- Organisation: Picture Framer (ML)
- Interests: picture framing (no, really!) sport, music
- Contact:
Re: Supplier has my debit card No on their computer system
Personally it doesn't bother me. I use one supplier regularly that I have to keep giving them my full card number every month and I keep asking when they will store the information.
My card details are on databases all over the world with Amazon, eBay, Google, AA, Privelege, O2, to name just a few.
If one of them gets hacked it will not be my fault and I will not be held responsible, so the only issue will be the hassle of getting a new card and updating details, but I'm willing to take the chance so that I don't have to re-enter card details every time I want to make a purchase or settle a bill.
My card details are on databases all over the world with Amazon, eBay, Google, AA, Privelege, O2, to name just a few.
If one of them gets hacked it will not be my fault and I will not be held responsible, so the only issue will be the hassle of getting a new card and updating details, but I'm willing to take the chance so that I don't have to re-enter card details every time I want to make a purchase or settle a bill.