Long time readers of this blog will know that two of my past overseas trips – China and Peru – have resulted in me being attacked by a spammer, trying to kill me. Both times I fended off his evil intentions, but it’d be nice to go someplace where I wouldn’t need to worry about it. To that end, convinced by my girlfriend, we shall be taking a trip later on this year to Belize. As far as I know, Belize is not really a big spamming operation. During the first half of this year, it sent us about a million messages (after IP filtering) of which 99% were marked as spam. However, compared to the 100 other countries ahead of it on my list, this is small potatoes.
One of the things about traveling, especially to the developing world, is that while they have web sites describing their tours and services, they don’t always have online processing of payment information. So, I might read about a nice sailing tour down there, but there’s no way to pay for it online. Or rather, there’s no way to pay for it online without having a human in the middle.
By this, I mean that I got a question from my girlfriend this past week – is it a good idea to send your credit card information by email? The background behind this is that there’s a tour she’d like to book after having seen the web site for it, as well as reviews on TripAdvisor. However, they all require deposits. How do you normally make a deposit? With your credit card, of course. Except that there is no way to book the trip online. To do so, my girlfriend would have to do one of the following:
What should we do in this case? If we don’t do it, we could potentially miss out on the booking of the trip. But if we did do it, this is insecure.
Why is this insecure? If you send an email or fax containing credit card information:
Members of my family sometimes ask me if it is safe to buy things online as opposed to over the phone. The answer I give them is that I feel more secure ordering online as opposed to over the phone. The reason is that so long as you do it from a respected site like Amazon or eBay, and it is one that uses encryption (you’ll see a little lock on the browser), you will be okay. Your credit card information is not transmitted in clear text, it is in cipher text. If someone intercepts it, it will not be useful to them. If you give someone your credit card information over the phone, what is stopping them from writing it down and using it weeks later? It would be difficult to trace that back. When you order online, there is no human processing and the order is done in an automated fashion. While electronic data theft is a problem, it is smaller in instances than human, low tech theft.
That leads me back to the issue of booking a trip to Belize. I’m not sure what to say at this point. If there’s no other options we might have to give out credit card information over the phone using a card with a low balance and anti-theft protection. But I am not too thrilled about doing that.
Many credit card issuers can now give you a "one time use" number for transactions against your account. Might be ideal for this case (for email or fax).
You could split the information: send all details in an email, apart from the number, which you'll fax. My unscientific guess is that the chances of someone intercepting both their email and their fax traffic AND linking the two aren't significantly bigger than someone breaking into your house and stealing your card.