Why does the ITMS force me to part with my CC info?
I want to use the iTunes Music Store. However I cringe at the thought of giving away my CC information to be stored in some remote Apple server outside my control. I have never done that up to now, and don't see a reason for starting. As far as I know other web stores do not require you to part with your CC info once and for all: you can choose to provide it only as necessary.
I realize that this is a big part of what makes the buying experience so smooth for many users but the choice should still be mine. Asking me to relinquish control over my CC info without a choice is like enabling the common "Remember my password" checkbox by default and not letting me change it. Except it's even worse since this is my CC info!
In fact I always try to avoid storing any super-sensitive information like this on any of my computers, not just on remote servers. Call me paranoid, but if ever I get hacked (or more probably if the remote Apple or other server gets hacked), I want to minimize my losses.
The way I would like to shop on ITMS is basically the way the Shopping Cart option currently works except that I would be asked to enter my CC info at every checkout, just like in any other online shopping transaction.
I realize that this is a big part of what makes the buying experience so smooth for many users but the choice should still be mine. Asking me to relinquish control over my CC info without a choice is like enabling the common "Remember my password" checkbox by default and not letting me change it. Except it's even worse since this is my CC info!
In fact I always try to avoid storing any super-sensitive information like this on any of my computers, not just on remote servers. Call me paranoid, but if ever I get hacked (or more probably if the remote Apple or other server gets hacked), I want to minimize my losses.
The way I would like to shop on ITMS is basically the way the Shopping Cart option currently works except that I would be asked to enter my CC info at every checkout, just like in any other online shopping transaction.
Comments
As I see it, you are much more vulnerable by xmitting your CC info everytime you shop online from your personal computer, opposite what services like Apple, Amazon, Macconnection, etc... offer by means of storing your crucial CC info. Sometimes I am more weary of shopping by phone or handing my CC plastic to a server at a restaurant over One-Click?.
But, you have a valid point and should probably voice your concerns to the Apple Store. There is a link there were you can contact them.
Originally posted by bunge
I really do have mixed feelings about this, but ultimately decided on using a specific CC for online purchases and a second to be kept 100% clean. If the one card gets hacked, I'll drop it ASAP. I know that doesn't really solve your problem, but it's one of the only ways I could solve the same problem for myself.
I should probably do that. In my case I use my VISA checking card as a CC, so it's even scarier as it's directly linked to my checking account! Thankfully my bank provides the same protection as I would get with a real CC. The interesting thing is I've already been defrauded once even before I had ever used my card to make purchases online: somebody made some purchases on real.com, but I got refunded by Real Networks directly even though I discovered the fraud months later.
Originally posted by Bill M
Although I agree with you, meaning you have a valid concern, your bank or financial institution also has your CC info stored in servers beyond your control. In fact, there are much more reports (if any) about these kind of servers being hacked often instead of online stores.
As I see it, you are much more vulnerable by xmitting your CC info everytime you shop online from your personal computer, opposite what services like Apple, Amazon, Macconnection, etc... offer by means of storing your crucial CC info. Sometimes I am more weary of shopping by phone or handing my CC plastic to a server at a restaurant over One-Click?.
But, you have a valid point and should probably voice your concerns to the Apple Store. There is a link there were you can contact them.
About your first point, it is true that my bank has my CC info stored on their servers. However I already trust them with lots of money so I might as well trust them with my CC info. If any business can be entrusted with security, it better be banks!
I would tend to disagree about hearing more reports of hacking of banks and financial institutions than of online stores: I've heard of many music, computer, electronics web stores getting hacked over the years (e.g. MP3.com), but rarely if ever heard of a (big) bank getting hacked.
As for you being more concerned about the security of the transmission of CC data than of its storage, I don't see why: as long as transmission is 128-bit encrypted, I wouldn't worry about it. Again none of the hacks I've heard of were a result of an interception over an encrypted channel. Pretty much all commercial transactions on the Internet are 128-bit encrypted nowadays. OTOH I'd be much more worried about the fate of my CC info in some remote server if ever that server gets hacked. Security of that data is dependent upon many factors which are outside of my control, as a customer.
The examples you gave, like shopping by phone, involve an inherent element of insecurity which isn't present in web-based transactions: humans. I also worry sometimes that the person on the phone might take down the CC info in some scrap piece of paper and keep it on him for when he leaves the company or something (probably what happened in my case with the Real.com fraud).
Thanks for the suggestion about the Music Support Support link. I'll give it a try.
Originally posted by cygsid
About your first point, it is true that my bank has my CC info stored on their servers. However I already trust them with lots of money so I might as well trust them with my CC info. If any business can be entrusted with security, it better be banks!
I would tend to disagree about hearing more reports of hacking of banks and financial institutions than of online stores: I've heard of many music, computer, electronics web stores getting hacked over the years (e.g. MP3.com), but rarely if ever heard of a (big) bank getting hacked.
As for you being more concerned about the security of the transmission of CC data than of its storage, I don't see why: as long as transmission is 128-bit encrypted, I wouldn't worry about it. Again none of the hacks I've heard of were a result of an interception over an encrypted channel. Pretty much all commercial transactions on the Internet are 128-bit encrypted nowadays. OTOH I'd be much more worried about the fate of my CC info in some remote server if ever that server gets hacked. Security of that data is dependent upon many factors which are outside of my control, as a customer.
The examples you gave, like shopping by phone, involve an inherent element of insecurity which isn't present in web-based transactions: humans. I also worry sometimes that the person on the phone might take down the CC info in some scrap piece of paper and keep it on him for when he leaves the company or something (probably what happened in my case with the Real.com fraud).
Thanks for the suggestion about the Music Support Support link. I'll give it a try.
is it not encrypted on that server?
Originally posted by ast3r3x
is it not encrypted on that server?
Not necessarily. Some stores encrypt data before storing it in their database (with a potential performance penalty). Others don't.
Originally posted by cygsid
About your first point, it is true that my bank has my CC info stored on their servers. However I already trust them with lots of money so I might as well trust them with my CC info. If any business can be entrusted with security, it better be banks!
I would tend to disagree about hearing more reports of hacking of banks and financial institutions than of online stores: I've heard of many music, computer, electronics web stores getting hacked over the years (e.g. MP3.com), but rarely if ever heard of a (big) bank getting hacked.
As for you being more concerned about the security of the transmission of CC data than of its storage, I don't see why: as long as transmission is 128-bit encrypted, I wouldn't worry about it. Again none of the hacks I've heard of were a result of an interception over an encrypted channel. Pretty much all commercial transactions on the Internet are 128-bit encrypted nowadays. OTOH I'd be much more worried about the fate of my CC info in some remote server if ever that server gets hacked. Security of that data is dependent upon many factors which are outside of my control, as a customer.
The examples you gave, like shopping by phone, involve an inherent element of insecurity which isn't present in web-based transactions: humans. I also worry sometimes that the person on the phone might take down the CC info in some scrap piece of paper and keep it on him for when he leaves the company or something (probably what happened in my case with the Real.com fraud).
Thanks for the suggestion about the Music Support Support link. I'll give it a try.
As I said before, I agree with your concern. I was just giving my personal opinion on the matter at hand. Regarding Bank vs. OnlineStore for security, you have a good point there, but I wasn't implying that one was better over the other. Just the fact that you don't have control over the digital safekeeping of your financial or credit card info in either of them, as the basis for your concern. So, in that sense, both are the same.
It's true that one has to trust a Bank much more than an online vendor, given your check/savings/credit etc. business with them; but for that same reason, the risk is higher there. An online store like Apple's only has your CC info. Even if it gets hacked, you would still have your Bank's protection. By the way, data is encrypted, specially CC numbers at the Apple Store, so even if some online thief happens to come accross your username / password combo, you would still be safe. Same thing goes for online bank access, as you already know.
By the way, search Google News for CC hacks over the past few years. Most talk about physical access to CC transactions (at retailers) and recently there was a huge break at an online CC transaction support center (for a major bank), where thousands of CC numbers and identities were stolen.
As a last thought, I also agree with the human intervention. If there is a thief working inside any of the above mentioned businesses, there is just not much you can do beyond dealing with cash only; but then again, your wallet could be stolen... etc...
Cheers.
cuz it was to my knowledge that it is just a phone line it uses to transmit the data
Originally posted by cygsid
talking of the devil: http://www.wired.com/news/privacy/0,1848,58718,00.html
awesome its fixed
stupid apple
Originally posted by cygsid
talking of the devil: http://www.wired.com/news/privacy/0,1848,58718,00.html
I stand corrected.
At least I was right regarding the CC itself being encrypted from the intruders eyes, meaning the hacker would be restricted to purchases at the Apple Store only.
On the other hand, I am not sure if this "potentially malicious bug" could actually be successfully exploited beyond e-mail address hijacking. Although it seems like Apple has already corrected this issue, I still have doubts regarding certain pieces of that report. Like the comment about the would be hacker being able to purchase something at the Apple Store while entering a different shipping address. For what is worth, my bank won't authorize online/phone purchases sent to a different address as the one I have registered with them, unless I give them written notice. I know as a fact that my favorite online reseller checks shipping address with my bank before accepting each and every online/phone order I make (I guess this also applies to the Apple Store), but this wouldn't apply to the immediate downloads at the iTMS, as the hacker wouldn't need to change physical shipping address.
Good find cygsid, although no system is 100% hack-proof, this event will for sure make buying from the Apple Store a bit safer. And I just purchashed 2 more albums a few minutes ago, totalling just under $200 iTMS purchases between my wife and I since it started last week.
Tower Records who?
Short: You have no privacy. Cope already.
Long: A) Just about every single credit card company has a 0% liability clause which protects you in case of theft.
C) People make millions of online purchases every day. Apples store is no more or less secure and you certainly aren't giving it out for the first time cygsid
D) Your fears and misgivings make you sound ridiculous (IMHO) and I for one would rather NOT have you buying online since you are a hazard to your own financial future.
Conclusion: What on earth was this tread even created for? How else do you expect to pay for songs? Do you expect Apple to print out an invoice, mail it to you and wait for a check? Hum... With all that additional cost of processing songs are now $2 each and you also must now mail in a check which has your bank account number on it. (brilliant!) So how on earth has a thread about the philosophy of 'credit' end up in Digital Hub.
FACT: Buying online requires online payment. This means your info WILL be put into a database which is prone to hacking, insider theft, and multiple other security hazards. The online world exists because of FAITH in the system and FAITH in online retailers ability to protect your info. If you don't wanna play nice with the rest of the 1 million downloaded song purchasers there is a lovely Walmart down the street where you can go to buy you CDs.
Final Words: I think this thread is useless and should be closed. (IMHO)
On a different note, using your bank card may be the safest as these are routinely limited in the daily output, while your regular credit card isnt. Some dont even bother to verify large transactions that are out of character. Most do as they do have limited to no liability clauses for fraudulent use in their terms, so they dont want to be stuck with a $10K fraudulent bill that they paid without verification of some sorts.
Originally posted by TAZ
Actually, its a VERY valid thread, especially given the hackers out there.
What's a hacker?
Valid is a very relative term. I'd welcome a poll by the admins asking if this thread is worth the 6k it takes up on the server.
There is no difference in what Apple is doing and thousands of other online merchants, and if you (any of you) have issues with the service. Do not use it. Simple eh?
To recant: If this thread has a purpose other then to let insecure folks vent their pent up mental perversions please pray tell share the secret of this threads purpose. Otherwise I am convinced it's a whine fest about parting with .99 cents and having to feel real guilt when paying for the songs you used to steal. Giving out your credit card online is NOT new, neither is the danger of interception. Somebody really needs to give you a reality check about what is worry worthy and what is nonsense.
I agree that if you have reservations about business you shouldnt mess with them, just like if you dont think this thread is worth while you shouldnt bother reading it.