LebGeeks

sero

Member

using a credit card on untrusted ISP

Hello

I have a cable internet connection from a local ISP.
Can I safely use my credit card details?

Can the ISP
- view emails I send?
- know which websites I visit?
- see my credentials for various pages (on http and https)?
- and most importantly know the credit card details I use?

anayman_k7

Member

Re: using a credit card on untrusted ISP

Well, few days ago I got my debit card number leaked and 2000$ was drawn from it, I immediately disabled it and applied for fraud claim, yeah I was stupid to use a debit card and now I have a new debit card and an Internet card which should makes things more safe but till now I'm still not sure where and how the number was leaked, I used to buy from these merchants from my Phone and My PC only over Alfa 4G/IDM or Ogero ADSL

Alfa/IDM (Areeba), Amazon, Google Merchant, AliExpress, Banggood and recently I bought from Virgin MegaStore, HiCart and LaptopKeys

I did several scans to PC/Phone and I didn't find anything.

nuclearcat

Member

Re: using a credit card on untrusted ISP

If it is https and not showing any warnings - you are safe.

Hybrid

Member

Re: using a credit card on untrusted ISP

As nuclearcat said, if it's over https and you never added an untrusted certificate to your browser, then you're safe.

Just make sure you never submit any form or any payment if the site is http. And sometimes even if the page is http and the forms are being submitted to an https url, your info can still be hijacked

Your ISP can't figure out what you're doing if the site is over https, they can only know the IP you're visiting and easily figure out the website(s) associated with it, and they can always save the encrypted data, but they can't read it as plain text.

Alfa/IDM (Areeba), Amazon, Google Merchant, AliExpress, Banggood and recently I bought from Virgin MegaStore, HiCart and LaptopKeys

HiCart uses Magento platform which by default stores the credit card as plain text in the database, I have no idea what payment gateways they use but it's the only thing that sounds suspicious in your list.

anayman_k7

Member

Re: using a credit card on untrusted ISP

As nuclearcat said, if it's over https and you never added an untrusted certificate to your browser, then you're safe.

Just make sure you never submit any form or any payment if the site is http. And sometimes even if the page is http and the forms are being submitted to an https url, your info can still be hijacked

Your ISP can't figure out what you're doing if the site is over https, they can only know the IP you're visiting and easily figure out the website(s) associated with it, and they can always save the encrypted data, but they can't read it as plain text.

Alfa/IDM (Areeba), Amazon, Google Merchant, AliExpress, Banggood and recently I bought from Virgin MegaStore, HiCart and LaptopKeys

HiCart uses Magento platform which by default stores the credit card as plain text in the database, I have no idea what payment gateways they use but it's the only thing that sounds suspicious in your list.

I have contacted HiCart to get more details about their payment system, they assured they use Areeba

beezer

Member

Re: using a credit card on untrusted ISP

They can view emails if you're using a client that's not connecting through SSL. But if you're using your web browser then it is most likely HTTPS.

Websites can be known.

Credentials only if it is HTTP.

Credit card details if HTTP.
My credit card requires two factor authentication when being used online (send SMS). I'm sure yours does as well.

AVOlio

Member

Re: using a credit card on untrusted ISP

My credit card requires two factor authentication when being used online (send SMS). I'm sure yours does as well.

The sms part is just an alert of a transaction made on your card, as far as I know.
It's not an authentication factor.

Last edited by AVOlio (July 31 2018)

rolf

Member

Re: using a credit card on untrusted ISP

HTTPS is not perfect but should be safe AFAIK. If you're worried, research SSL vulnerabilities. They were some in the past but they were resolved.

There are other vectors of attack such as Javascript, so make sure that you are using a safe website and safe software.

Set a daily limit on your card (you can always call to have it temporarily lifted) or/and use an internet-only card that you manually recharge (personally I can't be bothered), ask to receive an SMS for every transaction, these are the other things you can do if you are worried.

If you receive an SMS with a suspicious transaction then you can call and have your card blocked.

If someone has stolen money from your card then you can go to the bank and request a chargeback.

Last edited by rolf (July 31 2018)