I am about to order a kit from the N Gauge Society, this involves giving my credit card details, including the security code, either by email or on paper via the post.

I am very wary about doing this and the only other option is sending a cheque which I also don't feel entirely happy about. Our postal service is a bit dodgy and slow. I suppose I have been spoiled by PayPal.

I have, in the past sent credit card details in two separate emails but I wonder how safe this is, if one email can be intercepted then I expect another one can.

Does anyone with experience of computer security have any suggestions for sending card details safely?

Regards

Veronica.

Hi Veronica,

One way is to buy a pre-paid card and put just the correct amount on it. That way, if the details get intercepted, you can't lose.

Won't the NGS take a verbal order over the phone?

Malc

Quote from: silly moo on August 22, 2012, 01:10:57 PM
I have, in the past sent credit card details in two separate emails but I wonder how safe this is, if one email can be intercepted then I expect another one can.

Does anyone with experience of computer security have any suggestions for sending card details safely?

A lot of banks consider emailing card details unencrypted as breaching your duty to keep the card info secret so will use it as an excuse to refuse a refund if there is a problem or it is intercepted.

It may well be less risk than the post in practice.

Thank you for the replies, phoning from here would be rather an expensive option though.

One thing I did think of was filling in the order form by hand, scanning it and attaching it to an email,  or would that be even easier to intercept?

Quote from: silly moo on August 22, 2012, 01:27:17 PM
Thank you for the replies, phoning from here would be rather an expensive option though.

One thing I did think of was filling in the order form by hand, scanning it and attaching it to an email,  or would that be even easier to intercept?

Much harder for the most part. One reason they are easy to pull out of things automatically is that they are numbers in a fixed format with a check digit. So a program can scan passing traffic or mailboxes for them with ease. Images are much harder for computers let alone for scammers who want the easy stufff.

Sending some digits with the order and some by email would I imagine make it far trickier!

If I need to send my bank details to anyone for a bank transfer, I always do it using 2 emails, much harder or less likely to have both intercepted.

Regards

Neal

You could always ask for the bank details of NGS and do a bank transfer if you do online banking

Quote from: silly moo on August 22, 2012, 01:27:17 PM
Thank you for the replies, phoning from here would be rather an expensive option though.

One thing I did think of was filling in the order form by hand, scanning it and attaching it to an email,  or would that be even easier to intercept?

I used to spend most of my working life abroad and to save on mobile phone bills, I subscribed to Skype Out. Lets you phone landlines in the UK at a fraction of the cost of a mobile. It costs about 1p per minute.

http://www.skype.com/intl/en-gb/home

Hi Ronnie

I don't know which of the banks down here that you use but you are correct in being very wary. (for the rest of you not in South Africa; we have a very high fraud problem).

If you cannot do it by telephone (using skype to save 'phone charges) do not think about using a non (RSA) secured system. If it goes wrong then the local banks will blame you and you will not get a refund.

It may be better to get a local UK person to purchase, then send the product by courier (in built transit insurance) and pay them by EFT to their personal account through your bank.

It's a pain in the backside, costs a fortune with little or no chance of getting the VAT back.

Give me a call for more if you still want to proceed. On the other hand, maybe the supplier should acknowledge our difficulties and amend their systems for the benefit of all overseas purchasers ?

BobB

What if she were to send the order to one of us in the UK and transfer the payment electronically bank-to-bank, then we could send a normal cheque with the order drawn on a UK bank?


Paul

One option I have used in the past (not with the N Gauge Society so I don't know if they can accept this) is to email part of the main credit card details (ie card number minus say four digits, marked as *).

Then text the missing numbers in order along with the security code along the lines of '1234987' to a known contact in the business. In this case 1234 are the missing card numbers and 987 is the security code

Two different data channels so it should be as safe only the genuine recipient should receive both and know what they are?