Computer Help forum

General discussion

Buying things from the internet e.g. eBay - how dangerous?

by Willeh / April 30, 2008 3:19 AM PDT

Hello everyone, I have a question regarding purchasing things off the internet. Firstly, I'd like to clarify that I'm not new to purchasing things off the internet. I use eBay fairly often and other major internet e-tailers for my computer needs, electronic needs, gift needs and whatever else that is far too expensive to buy in stores or aren't available in stores.
My mum and I had a discussion earlier today about how safe it actually is to purchase things on the internet. This was sparked by a news report she had seen the day before saying that an actress in China had bought something off the internet and a week later her monthly bill was filled with purchases of plane tickets to the Philipines. Of course someone had somehow sneakily managed to obtain her card details when she was using it to purchase the item and had therefore clearly used it to their advantage.
So the question is, how safe is it to purchase things off eBay and the internet? Can people actually obtain your card details and use it to their advantage? My mum had to leave so we had to cut the discussion short but I'm eager to continue it later as her opinion of purchasing things off the internet has been tainted by this news report which IMO, is probably over-hyped and is missing the key essentials to make it sound overly dramatic.
I thought that it was near impossible for hackers to obtain details unless your computer was keylogged or something?
Any ideas or comments would be welcome.

P.S. Just to clarify that I'm not referring to scamming whereby the buyer pays the money and the seller doesn't ship the item neither am I referring to phishing. I'm talking about the process of browsing eBay or an e-tailer, inserting the card details and clicking 'Pay'

Post a reply
Discussion is locked
You are posting a reply to: Buying things from the internet e.g. eBay - how dangerous?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Buying things from the internet e.g. eBay - how dangerous?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Reasonably safe

It's reasonably safe to buy things off the Internet. Even assuming someone gets your credit card details, all you have to do is report it to the credit card company and they will wipe out the charges. At most you are on the hook for about $50, but most of the time the entire bill will be wiped out.

In China, and most of the Far East, however, it's very very common for people to be using pirated software. You can buy bootleg DVDs and CDs from people on street corners. Since Microsoft tends to disable people from being able to download security updates on Windows when it's a pirated copy, that makes all those systems ripe targets for worms, spyware, viruses, etc. THAT is most likely how the credit card details were stolen in the first place. An unpatched Internet Explorer 6 is a VERY dangerous thing to be using on the Internet. A fully patched Internet Explorer is dangerous enough.

Also, it's FAR from impossible to obtain info from an encrypted session, it's just usually very difficult. Of course with computers getting ever faster, it gets easier and easier to crack certain encryption grades. 64-bit encryption these days is worthless. It can be brute force cracked by your average system in a day or two. 128-bit encryption won't hold up much better... A couple of weeks, tops. 256-bit and higher encryption will take longer, but someone could always get lucky and stumble across the right code in a few hours. Of course, usually, rather than try and break one encrypted session at a time, would be thieves will go after the merchant's database of payment info. Sadly, these are often left far less protected than the browser session that feeds your data into them. There are a great many companies that look at IT security as an expense they would rather not pay for. In this world where business is all about meeting quarterly projections, longer term things like IT security tend to be given little to no real thought or budget. If it would take $1 million to properly secure a business's network, and then maybe $100,000 to maintain it ever quarter thereafter, most management types will look at that as $1 million that could go towards the bottom line on their quarterly report, and the same with that $100,000. It's not looked at as an investment. The idea that if enough customers have their data stolen, they might take their business elsewhere, is a long term thought. That has no place in the modern business world. It's gone the way of the sustainable business model. Personally, I blame the stock market for the creation of this hyper-competitive world, and think we would be infinitely better off in the long run if we simply abolished it outright, but that's just me.

Now... Using things like PayPal, which can be linked directly to a bank account, can be a bit dangerous. And obviously giving out your bank account info to someone is never a good idea. But when it comes to paying with a credit card, it really is pretty safe. It's even safer if you're not using Internet Explorer, or anything based on it, and keep whatever other browser you use fully patched. Of course if you have keyloggers and what not installed on your system already, simply not using IE will probably be of little use.

If you keep up on your security patches for all your software, and avoid problematic ones like Internet Explorer, you are probably safer using a credit card online than in a retail store or restaurant. Especially restaurants, where they swipe your card, and then bring it back to you for the final authorization and to include the tip. But while the waiter or waitress is off with your card, for all you know they could be writing down the details in a notebook or overcharging you significantly. You can't know for certain what they're doing when the card is out of your sight.

Collapse -
Reasonably safe
by xarophti / May 2, 2008 2:19 PM PDT
In reply to: Reasonably safe

I'm not sure I agree with Jimmy on the safety of PayPal vs. the safety of using a credit card on the net. I think anytime you're keying in your credit card you're taking a risk. As far as PayPal is concerned, their database seems pretty secure. Amid numerous stories in the past several years of credit and debit card processors having their databases hacked and card numbers compromised, I have never heard of PayPal being compromised. I felt the way to be doubly safe was to set up a small bank account that is only used for PayPal. Only keep enough money in the account for transactions as you go. If that account information is the only one PayPal has, there is no way any other account's information could get compromised, and nothing else is at risk. (just make sure there is no automatic transfer capability between the PayPal account and any other) The federal banking regulations regarding electronic transactions provide additional safeguards against unauthorized transactions as well.

Collapse -
by Jimmy Greystone / May 2, 2008 3:12 PM PDT
In reply to: Reasonably safe

So? Whether or not the credit card companies have their databases compromised has little to do with you, so long as they wipe out the charges if yours is one of those that ends up getting used by someone.

Sure it's a hassle, but as technology becomes more sophisticated, people will find new ways to exploit it for illicit gain. It's just one of those realities of life. Before computers there was telephone fraud, and before the telephone there was mail and telegraph fraud. Before that, there was the classic con artists. The key difference with credit cards, is that there are a number of provisions designed to protect you. Provisions the credit card companies would just as soon get rid of, but they realize that's a losing battle.

PayPal, however, isn't regulated in the same way as banks and credit card companies. It should be, but last I knew, it wasn't. That can make it a little more dicey in my assessment. I've never had a problem using PayPal, but the past is a poor predictor of the future when it comes to things like this.

Of course the biggest threat in all of this, is usually the person themselves. Without getting into a psycho-social analysis of why I think it's so... When people sit down at a computer, the normal mental safeguards that tell them something is a bad idea, seem to disengage. People are all too easily fooled by phishing emails... Really poorly done ones at that. They also seem all too willing to just hand out all kinds of personal information for some little trinket. That, to me, is far more troubling than all the other things combined.

Collapse -
Credit Cards
by paulobraz / May 2, 2008 6:13 PM PDT
In reply to: Reasonably safe

Aparently there are credit cards that you charge with the amount of money you need for the paying.
May be they are safer then the others. Here in Portugal we don't listen to much stories about that. But if it's possible to do so, I think it my be a good way to avoid later "cleannings" of your account.

Best Regards


Collapse -
It's pretty safe
by ozark123 / May 2, 2008 2:36 PM PDT

I have been buying and selling on-line for years. When buying on eBay I strongly recommend using Paypal. Then the seller never receives your credit card info. I prefer for my customers to pay via Paypal there is no way I could be accused of misusing their info.

For other buying I use a credit card with a low limit. So far no problems and if something goes wrong and I can't do a charge back I at least limit my loses.

In my opinion, most thieves get your credit card number the old fashioned way. Either you give it to them or someone you do business with gives it to them.

The chances of losing your credit card info due to key loggers or hacking are very slim if you keep your software updated. However there are thousands of phishing scams and bogus web sites out there doing their best to harvest credit card info from the unwary.

In the case you mentioned I would be willing to bet that the victim willingly gave her information to someone who either placed the charges in question themselves or shared the info with someone else.

The last time I had a problem like this was when I used my credit card to pay for dinner will in New Jersey. A week or two later my credit card company called and asked if I had rented a limo in New York City. I doubt if a group of highly talented hackers stole the information. Most likely the waiter wrote it down. Maybe a 20% tip wasn't good enough?

Tell Mum to be careful who she gives her info to and she'll be fine.


Collapse -
e-bay unsafe
by Kevscar / May 2, 2008 3:40 PM PDT
In reply to: It's pretty safe

It is never safe to buy from e-bay. I made 6 reports to them of a seller who had soldover 2000 pirate copies of Microsoft products. They did nothing

Collapse -
Credit cards on internet
by Bazebolljim / May 3, 2008 1:18 AM PDT
In reply to: It's pretty safe

I agree with Don. I use a credit card with a $500 limit for purchases on the internet when Pay Pal can't be used.

Collapse -
In my opinion...
by 4Denise / May 2, 2008 7:17 PM PDT

buying off of the internet is actually safer than using a credit card or bank account to buy in person. Yes, the numbers can be stolen over the internet (although the safety precautions make this difficult), but not nearly as easily as they can be in person.

Think about it. When you buy in person, you have to expose your credit or debit card or your banking information (on your check) to public view. You may actually hand your card to a total stranger. You may enter a PIN in full view of everyone standing nearby, and possibly security or other cameras as well. If you write a check, you are literally handing over your bank account number, along with your name, address, phone number, and driver's license number (which is the same as your social security number in some states). There is no guarantee that the document won't be examined by other people, and perhaps copied.

I don't mean to make anyone paranoid, but the idea that you are more safe by buying something in person is just plain ludicrous. The only reason we can even use things like checks and credit cards is that most people are honest-- and that's just as true when you're dealing with the internet as it is when you're dealing with live people.

As for me, I have no intention of not using the internet to shop. I know that it is possible that I may be the victim of some crime or other at some point, but that is true no matter what I do.


Collapse -
Buying Physically is also dangerous
by raahuge / May 2, 2008 11:40 PM PDT

I just want to share an incident with you. My brother was in Thailand two weeks ago where he used his credit card to purchase a USB drive. Last week he was in Norway and strted recieving sms messages from credit card company about his card being used at different places in Thiland. At massage parlor, different stores and for the purchase of airline ticket. He tried to call the credit card help line but could not contact and helplessly observed his money being stolen. (He is not sure it was the fault of his mobile operator company or the credit card company.) After reachig back to Pakistan, the first thing he did was contact the CC company and report the fraud. He was informed that payments are still pending and have not been released. So these were put in disputed payments.

I never had a problem using credit card in Pakistan or differnt Europian countries I happen to visit. It seams that CC in far east ia a dangerous thing.

Imran Qureshi

Collapse -
I Buy Almost Everything on the Net
by EBathory / May 3, 2008 12:29 AM PDT

Being disabled, most of my shopping is done online, eBay or otherwise. Through over 8 years, I have never had a problem or even suspicious activity.

I look at it this way: there are many ways people can get your financial information regardless of how you shop. When you send a check to someone, you are giving them your account number and your bank's routing number. Hackers have broken into major banks' databases. As far as the Internet, I do like it when online merchants take Paypal, simply because it is the most convenient.

There are just so many ways people can get at personal info. One just has to be vilgilant at all times. And always check the security certificate for the site before you type anything in. Just take the precautions that you are able to take.

Collapse -
eBay? NO WAY!
by jimichan / May 4, 2008 3:30 AM PDT

I almost bought something off eBay once. I wanted to just buy it outright, but before I could do so, I was told I had to establish an eBay account. Now supposedly, this was an official eBay account, accessed at their site. I gave them the usual info on the first page of the registration, but the second page asked for a credit card #, to "verify my identity." Even though there were assurances that it wouldn't be used, I balked at that point and closed my browser without completing the form. The next day, I was emailed a request for my CC# to complete the form. It purported to be from eBay, but when I traced the email, it came from some dude in Arizona.
Now, how could this guy know I didn't complete the registration? I contacted eBay, even gave them the name and address of the person in Arizona I had traced this to, but they did nothing.
I know millions of people use eBay every day, but me? Never again!

Collapse -
Good move
by ozark123 / May 4, 2008 4:31 AM PDT
In reply to: eBay? NO WAY!

Good move! It sounds like the person you were attempting to deal with was trying to pull a fast one. It sounds like he set up a fake eBay registration page to harvest CC info. Unfortunately there are a few slime-balls on eBay as with every other on-line site. The good news is that there are millions of honest people selling on eBay. I have never had a problem buying on eBay.

Do you have this person's eBay ID? I'm curious to see if he is still selling.


Collapse -
ebay verification
by moccoo / May 5, 2008 12:18 AM PDT
In reply to: eBay? NO WAY!

I have made 1400 sucessful purchases on Ebay.You probably got a reply from the seller after you were viewing their post.The verification is not manditory if not paying with Paypal.The password you establish should be changed after every purchase.This is what keeps me safe.

Collapse -
I love to shop online and...
by DerfX / May 4, 2008 7:37 AM PDT

?I buy stuff all the time from all kinds of retailer on the net. However, I never ever use my ?real? credit card number. Most of the reputable credit card services offer a thing called ?Virtual? or something with another name but all with the same advantage. Sometimes, you can download a piece of software that loads and allows you to fill in your credit card info automatically and with others, you log into you credit card site online and use the service but it all entails giving you a temporary credit card number that you can assign a monetary value and time limit to. Citibank even makes it so that the number can only be used one time. Another one of my MasterCards uses a service called ?ShopSafe? and makes it so easy to keep track of all your purchases in one place.

The bottom line is, so what if anyone gets a hold of your credit card info. It won?t do them any good. The number works one time or only to the dollar amount you specify and they all have a time limit you specify. It makes it virtually impossible to defraud your account. IN my opinion, this is the only way to shop on-line.

Just be aware that there are a couple exceptions to using this service. One being, when you purchase some airline tickets, you are forced to use your real credit card number because they make you use the same card with that number to pick up your tickets at the airport when you get there. But the exceptions are very few and I highly recommend using virtual credit cards whenever possible.

Collapse -
using credit card online
by dougal30 / June 4, 2008 4:43 PM PDT

I have bought stuff online for years and have been hit a couple of times but I have now found a safer way, I got a pre-paid mastercard which you get from any pay point store in UK from IDT PRIME, when you buy it and register on their site I can then load it at said shops with whatever amount for the item or items I want to buy online, yes you pay a small admin fee usually I pay 80p per transaction but as it`s not a credit card nobody can get any of it even if they manage to get the details of it, and as its a mastercard I can use it all over the world, no nasty c/c bills at the end of each month either

Collapse -
buying online safely
by moccoo / May 4, 2008 11:56 PM PDT

If you do buy online,the safest way to buy is with a password and after the purchase,change your password on a safe site.

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Having Wi-Fi troubles?

From the garage to the basement, we blanketed every square inch of the CNET Smart Home with fast, reliable Wi-Fi.