What's to stop ?

asrampd

What's to stop anyone I buy from, either online or by phone, from using the details about my card to make purchases themselves.
 Bareing in mind I gave them - Name as on Card - Long number - expirey date - 3  digits from the back
David from Reading

[Deleted User]

Their own security systems, delivery and billing address mismatches and the encryption by whichever card processor they use. 

But obviously if you choose to shop at Big Jim's Discounted iphone Emporium, you can expect to lose some cash one way or another.

JamoLew

Technically nothing

In reality  they would be committing a criminal offence

That's why you should only ever give that info to people you "trust" (or as much as you can)

Ebe_Scrooge

Nothing.  Of course, any reputable company would never do this, the damage to their reputation would far outweigh the relatively small amount they stood to gain from it.  But an unscrupulous person could certainly do it.  You wouldn't be held liable though, and the card issuer would obviously investigate and get the perpetrator arrested.

Many many years ago, a local petrol station had this happen.  It seems that one of their cashiers was noting down the credit card details when you handed your card over (this was in the days where they used to swipe your card through a carbon-paper printing machine), and making fraudulent transactions.  I got scammed, but actually the bank phoned me up before I'd even received my statement and knew about it.  They refunded me immediately, and I heard later that the cashier in question had been arrested - he'd scammed loads of people.

phillw

There is also nothing to stop the cashiers from putting through items onto your bill that you do actually pay for.
My dad had someone charge him for cigarettes (he doesn't smoke). He spotted it on the receipt as he walked out of the door.
Check your receipts and statements and contact your card issuer if you dispute any transactions.

Sandtree

asrampd said:

What's to stop anyone I buy from, either online or by phone, from using the details about my card to make purchases themselves.
 Bareing in mind I gave them - Name as on Card - Long number - expirey date - 3  digits from the back
David from Reading

Who's the "anyone"? The "company" or the person taking the details?

In contact centres they normally take a fair amount or precautions these days... staff are not allowed to have mobile phones, note paper etc on their desks. They are often given dry wipe mini boards for making notes but these have to be wiped clean after each call and often telephony is linked to the computer so once the operator moves the cursor into the credit card details section the call recording stops and only restarts after they've hit the submit or cancel button. This stops the call auditor from being able to take down the card number etc as they will have access to stationary etc.

Data like this is normally heavily encrypted and who can unencrypt it is both limited and explicitly recorded plus CCV numbers are not allowed to be stored in systems anyway. 

Outside of that there is the general threat of being fired and getting a criminal record... its unrealistic that many would get away with enough fraudulent transactions to get anywhere near close to making it worth while doing so the only risk really is those in an absolutely dire situation where sense goes out the window or those on the cusp of having their reputation ruined already and so has little else to lose. Your more likely to get a much lower level of fraud like scanning an extra item for themselves which could be "an accident" than actually taking card numbers and trying to put through a new transaction elsewhere.

As to companies, its similar, for a start a company still requires a person to be making those decisions so see the notes above but its even more got to weigh up the reputational damage and loss of future business -v- the possible short term gain from trying to sell card numbers etc.

[Deleted User]

There was a story going around in the early days of camera phones of supermarket staff taking photos of cards in the US - there many states have "at will" employment - where you can quit or be fired without any notice, so I guess it could have been lucrative if you were that way inclined

Fighter1986

asrampd said:

What's to stop anyone I buy from, either online or by phone, from using the details about my card to make purchases themselves.
 Bareing in mind I gave them - Name as on Card - Long number - expirey date - 3  digits from the back
David from Reading

Most call centres have strict call and CCTV monitoring and strict procedures about personal devices on the call centre floor.

All computer activity will be logged by the firm all calls will be recorded (even what we say while we're on hold, it's often a good laugh listening back to those, everything we say while listening to the music can be used in training; and oh boy it has).

Personal devices like mobile phones etc often have to be left in a locker and call centre operatives often have their activites recorded by CCTV on top of all the above.

As for online; payment portals are secure and not run by the shop owner, they usually are a portal operated by a payments processor like Sagepay or Barclaycard. No human ever sees or has access to this data, it is end to end encrypted and only ever communicated electronically between your keyboard and the bank. Any cached data will be unreadable by a person if they were so inclined to go into the files as they would be encrypted.

Of course, no system is flawless, which is why card providers help you resolve issues related to fraudulent transactions.

eskbanker

PCI-DSS is also a significant factor, the set of published data security standards to which all parties accessing payment card data must comply.  As above, many small merchants can work round this by effectively outsourcing their card processing to compliant third parties, without ever seeing the card numbers themselves - when contracting with payment processors, merchants will be required to demonstrate compliance, and any who aren't compliant are on the hook for any associated fraud costs and will be expected to pay higher costs and/or fines....