To E- Or Not To E- : Financial Transactions On the Internet

Berglund Authority Level 3

by Jeffrey Barlow <barlowj@pacificu.edu>

One of the major impacts of the World Wide Web has been to move a great deal of financial activity on line. Recently the Visa USA corporation reported that it had processed one trillion dollars in transactions for the last twelve months. This represents, Visa states, "the emergence of the electronics payments generation." At present, of all consumer economic activity, 38 dollars of every hundred is spent with payment forms other than cash or checks, 12 dollars of which is transacted with a Visa card. [1]

During the past year, I myself have gone well beyond my usual timid book orders at Amazon.com and gone on line to order plane tickets, make hotel reservations, to order computer and camera gear, etc. Each time I have put my credit card number into the web site, I have experienced that little tickle of fear that it wouldn't work, or perhaps that it would work too well.

But my experience has been entirely satisfactory. So much so, that in one of our recent Berglund Center outreach programs to a local retirement home, one of our topics for discussion was "shopping on line." My colleague, Theresa Floyd, and I blithely assured the audience that this was now commonplace and that one had no need to fear problems, and that if any arose, they were easily handled.

Then, literally the same evening, I opened a letter from my Friendly Credit Union (the names used here are all changed to protect the presumably innocent) to read: "Visa has notified us that a web site that you may (underlining is my own) have visited had a group of card numbers compromised. Your credit card ending in #### was part of this group."

This reminded me of a news article I had seen in February: "System break-in nets info on 5.6 million credit cards." [2] This break-in gave the hackers access to the files on 3.4 million Visa accounts. I assume that this crime did not affect my card, for I am assured by Visa that my card found itself in a compromising position less than one week ago. In fact, I was told by "Rhodie" at the Gigantic Credit Card Customer Service System that this was very common since the first of the year, and "Anne" at Friendly Credit Union told me that this was "not an unusual thing, it has been going on for years."

So, senior citizens at the local retirement home, I hereby officially recant: you do need to be concerned about using your credit card on the web. This editorial is by way of an apology as I report on my effort to understand these events.

The first thing to be said is that trying to get information on this incident is not easy. In fact, after reading master hacker Kevin Mitnick's book The Art of Deception, which we will review in our next issue, I know that it is possible that the hacker who got the 5.4 million card files in February had an easier task than I did.

After more than two hours on the telephone, I still don't know precisely what happened. Just getting to speak to a human being at either of the agencies mentioned here takes a good ten minutes per effort. Moreover, their phone systems are so entangled that a mistaken guess at which number to punch puts you into the phone system of the other. And, remarkably, to me, the beings so intelligent as to have mastered this octopus of a phone system, and to be in complete control of the electronic files relative to my card (they even know my mother's maiden name it would appear), seem not to know anything about my incident, or even who would know. But each agency assured me that only the other could give me the information I wanted, which began as an attempt to discover which web site may have compromised my card.

My inquiry took on fresh urgency when I found that apparently my card had been used the previous day to funnel 100.00 to what seems to be a charity. Hey, we give at church, and with checks, too. But not to worry--I can dispute any apparently fraudulent charges merely by filling out a number of forms, getting them notarized, and sending them in. Of course, I am told, the company may contest my disputation. At this point I hope that the company has to choose a champion to meet my teen-age daughter, who coaches self-defense at the collegiate level, on the field of honor. And I hereby volunteer her services for any of the senior citizens I spoke to who may require them.

Next month we will follow up with additional information as we penetrate the labyrinth of on-line financial transactions. We will also present a column by one of our tech editors on how to best handle on-line purchases. Meanwhile, be careful, it's a virtual jungle out there.

Endnotes:

[1] The Oregonian, June 3, 2003, p. c 4.
[2] Paul Roberts, "System break-in nets info on 5.6 million credit cards" Network World Fusion "
http://www.nwfusion.com/news/2003/0218sysbreak.html