[PLUG] Financial security on the net

[John Jason Jordan]

Today I received a phone call from "Tiffany" at monster.com. Tiffany
wanted to confirm an order I placed for a job listing. The bill for the
order came to $425, to be billed to my debit card.

I had never heard of monster.com, and I have no job offerings, nor am I
seeking a job, and I certainly never placed the order. The conversation
proceeded with much confusion as I tried to figure out what Tiffany was
talking about. 

Eventually I asked her to give me the last four digits of the debit
card the order was to be billed to. Upon hearing the numbers I
instantly knew the account in question was a commercial account at US
Bank that I use for my publishing business. And because I buy a lot of
printer parts and supplies on eBay, this is the bank account that my
PayPal account is connected to. I have been using the same bank and
PayPal/eBay arrangements for nearly ten years and have never had a
problem.

I have also used this debit account to buy other things for my printing
business, including computer parts. I even used the account to pay
tuition at PSU. Many of these transactions have been on the net, and
many others have been in person using the actual card.

Once Tiffany and I came to the conclusion that the order was bogus
Tiffany quickly canceled it. And upon hanging up the phone I
immediately called US Bank. It turns out that there was a charge for $1
to zero.com for internet services, and a charge to Lowe's for $2004.99.
Both these charges had been immediately reversed by the merchants in
question. Neither US Bank nor I have lost a penny. Whew!

Of course, the US Bank employee I spoke to immediately canceled the
card and entered it to be reissued with a new number. He also informed
me that the bank would be sending me a Fraud Statement form that I must
fill out in order to "save my credit rating." I don't know what this
episode has to do with my personal credit rating, especially as I don't
actually have a credit rating. But I will certainly do everything in my
power to assist the bank and the authorities in bringing the malfeasor
to justice.

The interesting thing is not that someone acquired the card number, but
that apparently they also have my name, address, and phone number. From
the present evidence I don't know if they have other information - my
social, my date of birth, the three digits on the back of the card,
etc. But the fact that they have my address and telephone number
suggests that the miscreant is an employee of an internet merchant.
Local merchants never ask for that information because they merely rely
on my presenting the card and entering the correct PIN into their
terminal.

Buying stuff on the net not only usually saves me money, it also saves
me time. Just place the order and a few days later it shows up. I've
even ordered computer parts from Fry's in Wilsonville over the net,
just because it's a PITA to drive to Wilsonville. I'd hate to crawl
into a shell and refuse to buy on the net just because of a close call.
On the other hand, my question for the collective wisdom of the list
is, what steps can a person take when buying on the net to maximize
security? Like, is there a short list of signs that a site is safe that
I can use without having to earn a degree in web security systems? As
always when responding to my questions, assume you are talking to an
idiot.