No Native Offline Credit Card Processing?

[RodG]

Unless RodG can prove me wrong, I wouldn't do business with a site I knew was processing cards manually.

I'm sure this was just bad wording, but how could I possibly prove whether you would do business with a site processing card manually or not? This is a choice you have obviously made, but I wouldn't know if you actually stick to this choice or not.

There are indeed security and privacy issues.

Blah, blah, blah, blah. The things said and done in the name of 'privacy and security' never cease to amaze me. It take it all with a pinch of salt.

The day that Hosting Providers *dissallow* FTP, and start to *allow* SSH and/or SFTp as the default file transfer protocol will be the day that I will finally accept that there is some sort of alignment between what people think and say about security vs what they actually *do* about security.

MOST PEOPLE ARE HYPOCRITES in this regard.

I'm sure I must be the only person on the planet that will not only shop in stores with no SSL and/or stores that manually process CC's but I'm also the only person to admit to it.

I know I'm somewhat of a unique character, but I'm not THAT unique.

One company I worked for allowed telephone customers to provide their CC numbers to our office people for use in subsequent purchases.
Invariably, those numbers ended up on Post-It notes stuck to monitors, visible to passersby and cleaning crew members.

So on the basis of one company that not flaunted their terms of service with their merchant provider you have decided to avoid *all* stores, sites and businesses that you can identify as doing manual transactions.

Thats a a bit over the top I reckon. Do you also avoid all other online purchase because one company/business does something they shouldn't?

I don't know exactly how the OP handles the transfer of CC numbers from Zencart or telephone customers to his merchant account, but I'd guess the most common method is to write it down on scratch paper, which is eventually tossed in the wastebasket.

Of the millions(?) of online merchants that accept online CC payments, how do you actually determine which of those are feeding the data directly into their own terminal device vs those that record the details and manually enter them into the terminal at a later time?

Seriously, you have no way to tell. No one does. So exactly how do YOU determine which stores you need to avoid? You can't.

I consider your claim to be just another 'I speak and do security' to be just a matter of lip service. Sorry but true.

Cheers
RodG

[stevesh]

Just expressing an opinion, however grammatically incorrect. Obviously (obvious to everyone but you, I'd guess), I meant that unless RodG can prove my thinking incorrect (he hasn't done so yet), I'll stay away from sites which I know use manual CC processing. The example I gave of the company I worked for was just an example of how such processing could expose my (and your) CC information to people who shouldn't have it. Again, I think everyone reading this thread, save Rod, understood that.

[RodG]

Hey Steve, Unless you have memory of an exchange I've long forgotten, I don't think I've ever had a dispute with anything you've ever said before, and I probably wouldn't be having this discussion with you now other than for the fact that you challenged me to prove the unprovable. <g>

On reflection, I probably shouldn't have even tried, but we are here now, soo.....

Just expressing an opinion, however grammatically incorrect.

Please. I have never, and will never intentionally base any of my arguments or discussions on Grammar or Spelling.
True, bad grammar could easily make me misunderstand an important point, but I really don't think that is the case here.

Obviously (obvious to everyone but you, I'd guess),

Whether something is obvious to me or not is irrelevant. Firstly, one of the points of a discussion is to help make the non obvious obvious, and secondly, you *should* know my history by now. I will often play 'devils advocate' to either make a point or advance the discussion.

I meant that unless RodG can prove my thinking incorrect (he hasn't done so yet),

I have as much chance of proving this than I did with your 1st 'challenge' which was to prove whether you do what you say you do or not.

I'll stay away from sites which I know use manual CC processing. The example I gave of the company I worked for was just an example of how such processing could expose my (and your) CC information to people who shouldn't have it. Again, I think everyone reading this thread, save Rod, understood that.

Again, this is personal choice that you have made, and you even have a reason for making it. I've no issues with that. I too would also avoid any merchant that I know is party to this kind of practice, regardless of whether it is against their merchant terms or service or not.

I'm NOT going to limit this choice to just those merchants using manual processing though. I will extend this to any merchant that I *know* is, or has done the wrong thing(s) in this regard - Even those that only use PayPal Express will be avoided in my books if I know that they leave my personal info on sticky notes in their offices (or similar bad practice).

So, on this basis, I will submit that your thinking *is* incorrect, in that you are considering the security weakness here is due to the *manual processing* rather than human stupidity and lack of following the rules.

Rhetorical question: If you knew of a merchant (or even many merchants) using a payment gateway (fully automatic processing), and those merchants sold your name and address details to other parties, would you refuse to deal with Just those merchants, or would you refuse to shop with any store that uses a fully automatic payment system?

The question is rhetorical, because there is only one sensible answer. It is the *merchant* that you/we need to worry about, not the method of payment.

....and this brings me back to the point I was trying to make in my previous reply .. namely, how do you/I/we know if a CC authorised merchant is using an automated processing system or a manual one? The fact is WE CAN'T.

Yes, we can often/easily determine if/when a payment gateway or 3rd party processor is being used, its a bit of a no brainer, but for a merchant that does their own processing there is no way for the end user to know). Ergo, I now resubmit to you that although you claim you won't deal with a business doing manual processing, unless you verify that the stores you purchase from are using a 3rd party gateway (and I'm guessing you don't), then your claim/statement is still 'talk' rather than 'action'.

In addition to this, if you have used your CC to pay for something over the phone, you are dealing with a merchant using a manual system. Simply no way to avoid this.

So, if you *never* use CC to pay by phone, and if you *do* really check that every store you buy from is using a 3rd party processor, then I owe you an apology, as it means you really do practice what you preach. It will also place you in a very small minority group.

Cheers
RodG