• FuglyDuck@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    9 months ago

    I’m certainly not handing out my card over the phone.

    Many companies won’t accept credit cards or debit because of having cheats charge back, and because to avoid companies abusing cards and charging wrong, the onus is very heavily on the comoany. Basically, a charge back means that contractor or whatever isn’t getting paid.

    The scam is easy enough to avoid. The first is to know who you’re dealing with, and that they’re authorized to authorize the work. Check the county property maps and match it to their ID. (If it’s corporate, or whatever, then an employee ID or something. Property managers have ways of demonstrating agency.)

    Then, take payment before work starts. (Or at least a deposit.)

    If that’s too much, then, when an over-payment does arrive, return the uncashed check and ask for a new one. (Or cash it, let the money settle then give the money back.)

    • evatronic@lemm.ee
      link
      fedilink
      English
      arrow-up
      17
      ·
      9 months ago

      I’m certainly not handing out my card over the phone.

      Wait till you learn your routing and account numbers are right there, unencrypted, on the check, and there’s basically zero protection against unauthorized drafts in the EFT system.

      • FuglyDuck@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        You can’t take account and routing to most websites and buy shit like you can with the card/expiry/secret.

        Is it perfect? No. But my bank should catch that anyhow- because I never write paper checks- I go online and tell them to mail one.

        • evatronic@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          I think you’re assuming that a merchant who collects card details for payment also stores those details. They do not. The information is immediately tokenized and a 1-way authorization token is returned to the merchant. It’s literally what that little spinny circle when you click “pay” is doing. It’s reaching out to the payment network, which is in turn, reaching out to the card issuer who is proxying it to the issuing bank and asking for authorization.

          At no point is your card number retained by the merchant. If the authorization code is somehow leaked, it’s literally only good for a single transaction, and can’t be used to generate future transactions.

          • FuglyDuck@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            9 months ago

            That’s great for PoS terminals.

            Websites are a bit different; you can elect to not store your details, sure, but they’re still running it. Further; you give your card details over the phone, it’s conceivable they can then use it online.

            Especially, for example, for food delivery. It’s best practice to not give details over the phone. Originally the whole point of the secret pin thingy (those 3 or 4 digits on the back that are printed and not embossed) were meant to allow you to give the number/name/expiry for the card and have something that prevents this. But these days, most delivery services will just use their website to ‘place’ the order for you.