Hi,

I am planning to buy this product (http://geb.ebay.in/g/ImportHubViewItem?itemid=371036275773&2-4G-Remote-Control-Air-Mouse-Wireless-Keyboard-for-XBMC-Android-Mini-PC-TV-Box) next month. As you can see there is no option for cash on delivery for this item so I will have to use my debit card.

To find out how it works I clicked on "Buy it Now" > Debit Card type : Visa.

I see the following fields :

Debit Card number :

Card holder name(as it appears on card) :

Valid till (MM YYYY) :

CVV(3-digit card verification number)

In the next step you will be redirected to 3D secure verification

^^ This is written at the bottom.

I can't progress any further right now coz that may transfer the amount. I will be buying this on the 2nd of next month.

My question is if I provide my Debit Card number, my name, validity period info, CVV code will Ebay or the seller gain permanent access to my account ? Can they withdraw money from my account without my consent in future ?

I am not asking about Ebay only. Is it safe to provide those details to any online shopping site ?

It'll be fine - I expect.

If you're worried about this - talk to your bank.

It'll be fine - I expect.

If you're worried about this - talk to your bank.

Agreed.

I've used a debit card online on more than one occasion over the last few years. To date, I haven't experienced any problems that could be attributed to dodgy sellers.

As a rule, I don't keep enough money in the account that my card's linked to for crooks to make unauthorised withdrawals. This has as much to do with being continually broke as it does with safety precautions. :D

Thanks.

If banks start a system where withdrawals can only take place after the account holder confirms by sending a confirmation code sent to his mobile by his bank there will no tension at all.

They only send a notification after the withdrawal has taken place.

If the site is trustworthy, you can assume they have the best intentions to keeping your data safe... HOWEVER you have no control over other malicious people who compromise their systems. Under this aspect no data is ever 100% safe.

I will tell you two personal stories:
My sister was a victim of identity theft. In her case it wasn't so bad, but one day without warning her credit card started registering small, seemingly insignificant purchases. The bank noticed the anormal behaviour and froze the card, but we never did find out where or when her data was compromised... She hadn't been robbed, or shopped at dubious stores... still it happened!

In the early 2000s my grandmother started recieving occasional telephone calls from people purporting to be her grandchildren. There was a wave of this kind of fraud in the states at the time... but the malicious people were able to harvest names, and other personal info like the universities we attended, age, etc... to try and trick my grandmother. Fortunately Gramma didn't fall for it, but these two examples demonstrate that data theft nowadays is unfortunately not a question of IF it happens, but WHEN it happens.

I don't write this to try and make you paranoid, I'm just telling it like it is.

I will talk to my bank as suggested by Elfy. But just want to know how this system works. I guess whatever the system is its the same for all banks.

If I provide those details am I giving permanent access to my account to Ebay or the seller ? If they will misuse that or not thats a different topic.

I've been using both credit and debit cards online for some years without problems so far. I pay utility bills for a few people each month that way. Visa has an additional Verified by Visa step. I have no way of knowing how much more security that step adds.

Before that, I used internet banking. No problem there either.

I use a debit card for internet pay 15 years with no problems

I usually use a credit card so that I will be insured against theft. Some sites have a check box "Remember this card?" but as said above if they get hacked you don't know if they used encryption or not. For this reason I do not check that box.
I do let Paypal and couple of other sites store the credit card number but in your case I would not risk it.
I don't advocate Paypal but I will have to use it until something better comes along.

My question is if I provide my Debit Card number, my name, validity period info, CVV code will Ebay or the seller gain permanent access to my account ?

Yes.


Can they withdraw money from my account without my consent in future ?

Yes, they can. It's against the rules, but it's possible.
You will (probably) get the funds back when you dispute a charge made without your consent.


Many cardholder agreements call for the bank to refund of the entire stolen amount, and to refund overdraft and other fees. But not all agreements say that. Read your cardholder agreement carefully.

Some card providers offer single-use card numbers as an additional form of account protection.

Yes.



Yes, they can. It's against the rules, but it's possible.
You will (probably) get the funds back when you dispute a charge made without your consent.


Many cardholder agreements call for the bank to refund of the entire stolen amount, and to refund overdraft and other fees. But not all agreements say that. Read your cardholder agreement carefully.

Some card providers offer single-use card numbers as an additional form of account protection.

Damn !

I cant understand how the people in power can create such a fragile system. I need that product badly and since so many people have provided positive experiences I will buy it.

Still this is nothing but madness.

I will never deposit a large amount in that account but I am worried about one thing. I have a fixed deposit. I receive a fixed monthly interest which is pretty small but the real issue is when that FD's period end the entire amount gets deposited in my savings account until I apply for renewal.

Thanks lot for that info.

From my personal experience I would recommend using a credit card not the debit card. My accounts were wiped clean a couple of times with my debit card info. The money was recovered but it made life difficult for 6 weeks. Credit cards have a little better control and a limit that does not impact your daily living :)
But you can always contact your bank that has already been suggested.
Also the advice in your other thread How to do Internet banking safely ? (http://ubuntuforums.org/showthread.php?t=2240228)

Great news guys ! Problem solved !

I will pay using Airtel Money (http://www.airtel.in/personal/money). It is secure. Have a look it asks for OTP


http://i61.tinypic.com/2hfmibm.png

Glad you found a solution! I was going to suggest PayPal or a similar service. PayPal can link to your bank account, but the merchant never sees the account information; he is paid by PayPal not directly by you.

I cant understand how the people in power can create such a fragile system.

It's not a fragile system, and it wasn't created by 'the people in power'.
It's a robust, trackable, and secure private system. It developed over decades from several different (and incompatible) predecessors.

'Secure' in credit cards, including debit cards with credit-card-like usage, is oriented toward protecting the merchant (who pays their salaries) from a variety of types fraudulent purchases. And it works very well. It was designed to deter identity theft, and it generally does. You must be fairly clever to successfully steal enough information to use, and to get hold of a merchant account to use it.

Your protections, as a consumer, vary from country to country, from bank to bank,and from product to product. That is part of the 'robust.'
You must shop around for the 'secure' that you want.

Frankly, I'm not a big fan of credit-labeled debit cards that allow bypassing the PIN. They are convenient but also, as you figured out, may carry a higher risk of loss to you. Your bank is usually _not_ obligated to refund immediately, nor to refund unrecoverable losses. In other words: The risk is yours, not theirs.

Having 2 bank accounts reduces the risk greatly. Have the 2nd account just for making online purchases. Don't put your main $$ into it so if there are unauthorized purchases made they wont be able to take your money because the account balance will be zero (except for having enough money in it to make a purchase).

My bank took this suggestion I gave them and used it. So did family.

This way they cant get your rent/mortgage money, your food money, etc.

It's not a fragile system, and it wasn't created by 'the people in power'.
It's a robust, trackable, and secure private system. It developed over decades from several different (and incompatible) predecessors.

'Secure' in credit cards, including debit cards with credit-card-like usage, is oriented toward protecting the merchant (who pays their salaries) from a variety of types fraudulent purchases. And it works very well. It was designed to deter identity theft, and it generally does. You must be fairly clever to successfully steal enough information to use, and to get hold of a merchant account to use it.

Your protections, as a consumer, vary from country to country, from bank to bank,and from product to product. That is part of the 'robust.'
You must shop around for the 'secure' that you want.

Frankly, I'm not a big fan of credit-labeled debit cards that allow bypassing the PIN. They are convenient but also, as you figured out, may carry a higher risk of loss to you. Your bank is usually _not_ obligated to refund immediately, nor to refund unrecoverable losses. In other words: The risk is yours, not theirs.Agree wholeheartedly with the first part I've highlighted, but disagree with the second. If the card is branded as Visa (as is mine) then it's guaranteed by Visa's rules to be treated in the same manner as a credit card, meaning your maximum risk is $50 in US jurisdictions. My bank guarantees NO risk, in addition, but that's just their own policy and could change at any time without notice.

To address the original question, when the cards are branded with any of the well-known names such as Visa, MC, Discover, and so on, then those companies' rules apply. I regularly get notices from the firm that provides my own merchant account that set forth the latest rules, and those require some stringent security. Because of these requirements for anyone who keeps the numbers on file, I simply shred the paperwork once everything has shown up in my business account and don't keep the data. I believe the same is probably true of many places that accept plastic.

Hope this helps!

Because of these requirements for anyone who keeps the numbers on file, I simply shred the paperwork once everything has shown up in my business account and don't keep the data. I believe the same is probably true of many places that accept plastic

That's pretty much how my business does it also.

This is exactly why paypal exists. Paypal sends a one time payment so the company doesn't have permanent access.

But for ebay...come on...they're reputable. As reputable as paypal. So there's not really any point using it. Ebay is basically as trustworthy as scanning your card at walmart or (hehe) Target.

From my personal experience I would recommend using a credit card not the debit card. My accounts were wiped clean a couple of times with my debit card info. The money was recovered but it made life difficult for 6 weeks. Credit cards have a little better control and a limit that does not impact your daily living

Debit cards have two modes of use; PIN based and Signature. When you use a debit card and do not enter a PIN, the trans flows through the normal Visa/MC network and is processed just like a credit card. I believe that the credit card $50 rules apply in this case. However, you can get get hacked either with a traditional credit card or a non-PIN based debit card transaction. Personally, I never use a PIN based debit card transaction at a merchant (except COSTCO).

This is exactly why paypal exists. Paypal sends a one time payment so the company doesn't have permanent access.

But for ebay...come on...they're reputable. As reputable as paypal. So there's not really any point using it. Ebay is basically as trustworthy as scanning your card at walmart or (hehe) Target.

Unfortunately paypal has hackers trying to attack it so it's not 100% safe. (There's a site dedicated to hacking it) Paypal does help though.............

The idea I posted about having a 2nd account that's used for online purchases only is still a good idea. This way there's nothing in the account for them to take if paypal gets hacked and your debit information is used.

I use the American Express Serve prepaid card for such purposes. Costs a dollarUS a month and you can reload the card anywhere with no surcharges and it isn't tied to any of your other banking accounts..

I also would suggest paypal which ebay now owns. I use a walmart prepaid card for all on line purchases and reload it with just over what i need for the purchases.

Paypal also has a prepaid debit card.