Credit cards and suppliers and registration and user identities and general info

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • Dave2002
    Full Member
    • Dec 2010
    • 18035

    Credit cards and suppliers and registration and user identities and general info

    OK - so maybe thanks to the EU we have the GDPR which seems to me to have perhaps caused far more trouble than it's really worth.

    I'm not in fact sure whether the GDPR specifies what data a web site or seller can keep, or should ask for, or whether that comes under credit regulations in each country.
    Of course the UK is no longer in the EU, so what we are doing in the UK now I do not know.

    My concern is with web sites which insist on users "registering" and then in order to make a purchase one has to provide a credit card number. Obviously the second part of the process is necessary if a means of payment is to be provided to the vendor, but my concern is that some - maybe many - vendors then keep that credit number on file - "to make it easier for subsequent orders ...".

    This is OK if one wants to have a near permanent relationship with a vendor, or a supplier, but often one only wants a very limited relationship - perhaps to buy just one item. However, one might still want to have a loose relationship with that vendor, to keep up with news, and other offers, but does not wish to have credit card and bank details retained.

    However I do have an ongoing relationship with some suppliers, which does indeed make things simpler if I buy a lot from them. My point is that control and regulation of user registration - is often not at all transparent, and the various "Acts" are so badly implemented, with so little transparency, that laws/rules seemingly put in place to protect consumers may in fact be doing something very different.

    I became aware of this as a problem a year or two back when I wanted to buy something from B&Q. Later I tried to buy something online from the same company, at which point I discovered that it had stored my credit card details. I insisted that those details were then removed.

    It's not that I'm against some more "trusted" firms having some information - such as my name, address and even the credit card details, but I like to know that they haven't just "acquired" those by some means I don't know about, and that they are not keeping data for longer than necessary.

    What do others feel - or even know - about this kind of thing?
  • mikealdren
    Full Member
    • Nov 2010
    • 1203

    #2
    I agree with you although I thought that vendors had to have your permission to store card details.

    Comment

    • Dave2002
      Full Member
      • Dec 2010
      • 18035

      #3
      Originally posted by mikealdren View Post
      I agree with you although I thought that vendors had to have your permission to store card details.
      Maybe they do, but how many actually do, or make it obvious that by supplying a CC number in order to complete an order you are actually agreeing that they can keep that data?

      Comment

      • Frances_iom
        Full Member
        • Mar 2007
        • 2415

        #4
        Many years ago I bought an iPad for a now deceased friend who had had a somewhat debilitating stroke which affected muscular control as well as initially some mental tiredness - he had been sold on the idea by friend who demonstrated hers - I got him one but was appalled that I could not even register it to give access to download material without giving Apple a CC number that formed part + parcel of the registration - I asked around for how I could set my friends machine such that an inadvertent movement of a finger would not cost him dear - answer there came none + I delayed giving him the iPad - fate intervened and it was passed to his executor. Ever since my opinion of Apple has been in the high negativity area with my belief that users of such walled gardens deserve all they get lumbered with.

        Comment

        • ahinton
          Full Member
          • Nov 2010
          • 16123

          #5
          Originally posted by mikealdren View Post
          I agree with you although I thought that vendors had to have your permission to store card details.
          Only if they so choose and the cardholder agrees to their doing so, which can be useful for regular monthly payments or, for example, council tax.

          Comment

          • Cockney Sparrow
            Full Member
            • Jan 2014
            • 2290

            #6
            Originally posted by Dave2002 View Post
            ........ What do others feel - or even know - about this kind of thing?
            Unless I was paying via Sagepay, WorldPay or Paypal, I assume the card number is at risk on the IT system of the seller, and their expenditure on security and IT.

            Hence, I tend to "lose" my credit card at intervals of 12 to 18 months - and get a new card/account number, despite the inconvenience on the few recurring payments etc. (I hardly ever use a debit card).

            Comment

            • Dave2002
              Full Member
              • Dec 2010
              • 18035

              #7
              Originally posted by Frances_iom View Post
              Many years ago I bought an iPad for a now deceased friend who had had a somewhat debilitating stroke which affected muscular control as well as initially some mental tiredness - he had been sold on the idea by friend who demonstrated hers - I got him one but was appalled that I could not even register it to give access to download material without giving Apple a CC number that formed part + parcel of the registration - .....
              I agree, but Apple is by no means the only firm/organisation to be doing that kind of thing. I have over the last year or so been recommending a music notation system, called Musescore. Unfortunately the situation re Musescore is not at all clear, as there are two web sites - one is a MS.org site, and the other is a MS.com site. Apparently both are supported by a music firm called Ultimate Guitar and the .com site might be more commercial. Both sites have similar look and feel. The .org site offers the Musescore program - and apparently the intention is that that will always be free to download and free to use. The .com site does have downloadable scores, many of the created by amateurs who may have written music and given permission for those scores to be downloaded by other "members". There is also an iOS app for Musescore which runs on iPads. It is claimed by some that downloading such scores is easy - provided that there is no commercial or copyright concern. However it is now quite hard to see how this could happen for new users, as the pages I've seen mention a trial version which can only be accessed by registering, and there are suspicions that in order to have a trial version that a credit card number has to be supplied. There is also mention of a free version, but whether this is free or not I don't know, as I've never found a page which shows what accounts are available. I can't personally verify this precisely as I'm already a member, and I don't mind the payments which I've so far incurrred.

              The particular point here is that if an organisation offers "free" or "trial" membership surely it should not ask for CC details until such time as a real charge against the free/trial member is actually incurred, as this potentially puts the end user at risk.

              Additionally, for most people there are several risks - typically (a) divulging email addresses (b) divulging other details, such as physical location and other addresses (c) divulging ethnic group or other personal information (d) divulging details of social class, education, wealth and salary etc - some of which may be based on real data, and some inferred from other "known" data, such as the postcode, and finally (e) specific details of bank accounts and credit cards used for paying for services. Data under (a),(b) and (e) are likely to be required in order to make a purchase and and effective delivery of physical objects. Data under (a) and e) will probably be required for data downloads, such as streaming services, CD downloads etc.

              I mentioned the GDPR at the start of this thread, but I'm not sure that it does address the issues suggested in the previous paragraph. It does annoyingly slow down delivery of many web pages which have to be acknowledged because of a pop-up query, and it may allow users to find out some incredibly interesting things, such as who produced the web site, which web sites communicate with each other etc. - and which most of us have absolutely no interest in whatsoever.

              If I order a washing machine from a firm such as John Lewis I don't necessarily need to know the factory it was produced in, who was on the shift when "my" washing machine rolled off the line, who supplied the motor and the pump etc., which packing services were used, and which delivery firm and delivery teams delivered it to my house. The assumption is that I have a contract with John Lewis to supply a particular machine - possibly a well known brand - and that customers have some faith in the supplier and in the manufacturer. There is generally no need for end users to have knowledge of all the complete supply chain.

              For some other goods and services - for example agriculture - particularly involving livestock - there is usually much more data collected in the supply chain - but again generally by the time food arrives in shops, most customers are not going to be interested - though in the event of problems, public health officials will be interested.
              Last edited by Dave2002; 08-03-21, 17:44.

              Comment

              • Anastasius
                Full Member
                • Mar 2015
                • 1860

                #8
                Originally posted by Dave2002 View Post
                OK - so maybe thanks to the EU we have the GDPR which seems to me to have perhaps caused far more trouble than it's really worth.

                I'm not in fact sure whether the GDPR specifies what data a web site or seller can keep, or should ask for, or whether that comes under credit regulations in each country.
                Of course the UK is no longer in the EU, so what we are doing in the UK now I do not know.

                My concern is with web sites which insist on users "registering" and then in order to make a purchase one has to provide a credit card number. Obviously the second part of the process is necessary if a means of payment is to be provided to the vendor, but my concern is that some - maybe many - vendors then keep that credit number on file - "to make it easier for subsequent orders ...".

                This is OK if one wants to have a near permanent relationship with a vendor, or a supplier, but often one only wants a very limited relationship - perhaps to buy just one item. However, one might still want to have a loose relationship with that vendor, to keep up with news, and other offers, but does not wish to have credit card and bank details retained.

                However I do have an ongoing relationship with some suppliers, which does indeed make things simpler if I buy a lot from them. My point is that control and regulation of user registration - is often not at all transparent, and the various "Acts" are so badly implemented, with so little transparency, that laws/rules seemingly put in place to protect consumers may in fact be doing something very different.

                I became aware of this as a problem a year or two back when I wanted to buy something from B&Q. Later I tried to buy something online from the same company, at which point I discovered that it had stored my credit card details. I insisted that those details were then removed.

                It's not that I'm against some more "trusted" firms having some information - such as my name, address and even the credit card details, but I like to know that they haven't just "acquired" those by some means I don't know about, and that they are not keeping data for longer than necessary.

                What do others feel - or even know - about this kind of thing?
                Frankly, life is too short to worry about this. You can have every regulation in the world. GDPR...(agreed pointless exercise as was/is the cookie law). But at the end of the day, you have absolutely no idea...none...zilch of what happens to your credit card details once you've completed your transaction online. So you simply either accept that that is the fact and stop fretting or go back to high street shopping and use cash. Any other course is pointless.
                Fewer Smart things. More smart people.

                Comment

                • Anastasius
                  Full Member
                  • Mar 2015
                  • 1860

                  #9
                  Originally posted by Frances_iom View Post
                  Many years ago I bought an iPad for a now deceased friend who had had a somewhat debilitating stroke which affected muscular control as well as initially some mental tiredness - he had been sold on the idea by friend who demonstrated hers - I got him one but was appalled that I could not even register it to give access to download material without giving Apple a CC number that formed part + parcel of the registration - I asked around for how I could set my friends machine such that an inadvertent movement of a finger would not cost him dear - answer there came none + I delayed giving him the iPad - fate intervened and it was passed to his executor. Ever since my opinion of Apple has been in the high negativity area with my belief that users of such walled gardens deserve all they get lumbered with.
                  Why single out Apple ? Downloads are usually paid for and so why wouldn't they ask for a CC number ?
                  Fewer Smart things. More smart people.

                  Comment

                  • Anastasius
                    Full Member
                    • Mar 2015
                    • 1860

                    #10
                    Originally posted by Cockney Sparrow View Post
                    Unless I was paying via Sagepay, WorldPay or Paypal, I assume the card number is at risk on the IT system of the seller, and their expenditure on security and IT.

                    Hence, I tend to "lose" my credit card at intervals of 12 to 18 months - and get a new card/account number, despite the inconvenience on the few recurring payments etc. (I hardly ever use a debit card).
                    I find it's not worth the hassle. The times I've had my card details compromised (and always simply resolved after a quick telephone call) is minimal. The fag of having to go back and access all the subscription services with the new card details is too painful to even contemplate.
                    Fewer Smart things. More smart people.

                    Comment

                    • Bryn
                      Banned
                      • Mar 2007
                      • 24688

                      #11
                      Originally posted by Anastasius View Post
                      Frankly, life is too short to worry about this. You can have every regulation in the world. GDPR...(agreed pointless exercise as was/is the cookie law). But at the end of the day, you have absolutely no idea...none...zilch of what happens to your credit card details once you've completed your transaction online. So you simply either accept that that is the fact and stop fretting or go back to high street shopping and use cash. Any other course is pointless.

                      Comment

                      • Anastasius
                        Full Member
                        • Mar 2015
                        • 1860

                        #12
                        Originally posted by Dave2002 View Post
                        ....
                        The particular point here is that if an organisation offers "free" or "trial" membership surely it should not ask for CC details until such time as a real charge against the free/trial member is actually incurred, as this potentially puts the end user at risk.
                        Why does it put the end user at risk ? All the free trials I have partaken have quite clearly upfront said that the subscription kicks in unless cancelled. What happened to the concept of personal responsibility ?

                        Originally posted by Dave2002 View Post
                        .
                        Additionally, for most people there are several risks - typically (a) divulging email addresses (b) divulging other details, such as physical location and other addresses (c) divulging ethnic group or other personal information (d) divulging details of social class, education, wealth and salary etc - some of which may be based on real data, and some inferred from other "known" data, such as the postcode, and finally (e) specific details of bank accounts and credit cards used for paying for services. Data under (a),(b) and (e) are likely to be required in order to make a purchase and and effective delivery of physical objects. Data under (a) and e) will probably be required for data downloads, such as streaming services, CD downloads etc.
                        Do you have ANY evidence of any site asking for (b) (c) or (d)? I have never been asked for those pieces of information. I'm guessing that when the census form comes you will put it straight into the rubbish as being too intrusive ?

                        Originally posted by Dave2002 View Post
                        .
                        If I order a washing machine from a firm such as John Lewis I don't necessarily need to know the factory it was produced in, who was on the shift when "my" washing machine rolled off the line, who supplied the motor and the pump etc., which packing services were used, and which delivery firm and delivery teams delivered it to my house. The assumption is that I have a contract with John Lewis to supply a particular machine - possibly a well known brand - and that customers have some faith in the supplier and in the manufacturer. There is generally no need for end users to have knowledge of all the complete supply chain.
                        What have you been smoking ? Where on earth do you get this last sentence from? I can't even begin to conceive how you've conjured it up? I'm sorry, Dave, usually you make a lot of sense but I'm struggling on this thread. Really am. Teacups. Storm.
                        Fewer Smart things. More smart people.

                        Comment

                        • Frances_iom
                          Full Member
                          • Mar 2007
                          • 2415

                          #13
                          Originally posted by Anastasius View Post
                          Why single out Apple ? Downloads are usually paid for and so why wouldn't they ask for a CC number ?
                          try rereading my post - you presumably have never had to handle a situation where a friend could be severely harmed - it was the difficulty of gaining any service including the use of the paid for device

                          Comment

                          • Dave2002
                            Full Member
                            • Dec 2010
                            • 18035

                            #14
                            Originally posted by Anastasius View Post
                            What have you been smoking ? Where on earth do you get this last sentence from? I can't even begin to conceive how you've conjured it up? I'm sorry, Dave, usually you make a lot of sense but I'm struggling on this thread.
                            OK - so you've never had a credit card compromised, or money stolen from your bank account. I have - several times - and that was before the Internet really kicked off.
                            Oh - just in case you think this is trivial - imagine going to a country, then finding you couldn't get any cash out of an ATM, and you couldn't buy anything on a credit card, and then wondered how you were ever going to get back to the country you started from. You are also on your own, and have only very limited number of personal contacts you know who could help you nearby. Actually you do manage to do that- get a flight back home - because you (thankfully) have other cards, and some cash, but when you get back you discover that several £000s (thousands) have been taken out of your bank account.

                            This did happen to me, though in fact at the time I was travelling between the UK and Sweden, and the details of my CC were taken in England. Eventually I did retrieve all the money, but it was very inconvenient, and I might have been totally stranded - up s*** creek without a paddle.

                            So you say - "don't worry" - and yes, to an extent I agree - and that was precisely the point I was trying to make about JL and the washing machine. Much of what we do is based on trust, and a belief that some companies are going to play fair, and that some products are going to be good. We don't normally ask to see every inspection certificate for the washing machines coming out of a factory, nor details of what statistical sampling methods have been used by the manufacturer. The assumption is that if we buy from a reputable supplier and we buy a what is generally agreed to be a good model (perhaps reviewed in Which) that things will work OK. So why on earth do we need the GDPR to require web sites to provide so many details which a typical end user is never going to want or know about, yet AFAIK it doesn't seem to address matters of real concern to consumers, such as "are my credit card details really safe with this organisation", and "will the company keep my credit card details for more than 1 month", and where will the company keep the details of my credit cards or other personal data? You think these are not important?

                            Then why don't you follow Jeremy Clarkson's example and stick details of all your cards and bank accounts up on a public web site and see what happens?

                            OK - we're not actually discussing doing that, but in the case of some organisations their security might be such that you might just as well do that.

                            Comment

                            • Serial_Apologist
                              Full Member
                              • Dec 2010
                              • 37812

                              #15
                              Originally posted by Dave2002 View Post
                              OK - so you've never had a credit card compromised, or money stolen from your bank account. I have - several times - and that was before the Internet really kicked off.
                              Oh - just in case you think this is trivial - imagine going to a country, then finding you couldn't get any cash out of an ATM, and you couldn't buy anything on a credit card, and then wondered how you were ever going to get back to the country you started from. You are also on your own, and have only very limited number of personal contacts you know who could help you nearby. Actually you do manage to do that- get a flight back home - because you (thankfully) have other cards, and some cash, but when you get back you discover that several £000s (thousands) have been taken out of your bank account.

                              This did happen to me, though in fact at the time I was travelling between the UK and Sweden, and the details of my CC were taken in England. Eventually I did retrieve all the money, but it was very inconvenient, and I might have been totally stranded - up s*** creek without a paddle.

                              So you say - "don't worry" - and yes, to an extent I agree - and that was precisely the point I was trying to make about JL and the washing machine. Much of what we do is based on trust, and a belief that some companies are going to play fair, and that some products are going to be good. We don't normally ask to see every inspection certificate for the washing machines coming out of a factory, nor details of what statistical sampling methods have been used by the manufacturer. The assumption is that if we buy from a reputable supplier and we buy a what is generally agreed to be a good model (perhaps reviewed in Which) that things will work OK. So why on earth do we need the GDPR to require web sites to provide so many details which a typical end user is never going to want or know about, yet AFAIK it doesn't seem to address matters of real concern to consumers, such as "are my credit card details really safe with this organisation", and "will the company keep my credit card details for more than 1 month", and where will the company keep the details of my credit cards or other personal data? You think these are not important?

                              Then why don't you follow Jeremy Clarkson's example and stick details of all your cards and bank accounts up on a public web site and see what happens?

                              OK - we're not actually discussing doing that, but in the case of some organisations their security might be such that you might just as well do that.
                              I rather think Anastasius holds to the Panglossian view of today's version of capitalism, Dave.

                              Comment

                              Working...
                              X