Last week Proxiblog received an email from an auctioneer stating Proxibid no longer provides full credit card data used during registration. The auctioneer noted the new policy prevents immediate processing of invoices and implored bidders to “email or call us with full credit card number, expiration date, and security code and inform us whether or not you would like your items charged and shipped soon after the auction.”
Proxiblog doesn’t necessarily blame the auctioneer for feeling pinched by the new policy, although the house seems more concerned about billing than security (more on that momentarily); however, we support Proxibid’s policy fully for a variety of reasons associated with Internet and credit card security.
To understand why, we have to acknowledge what many of us take for granted: online commerce. A little more than a decade ago, only a handful of Internet users (13%) felt secure enough to purchase items online, primarily because scammers, phishers and identity thieves were stealing billions without leaving the comfort of their digital lairs. Data from Forrester Research now informs us that more than 85% of Internet users routinely make online purchases.
The reason for that is simple: Portals like Proxibid (and eBay, for that matter), which rely on Internet for their earnings, invest a substantial portion of profits into online security to remain one click ahead of cyber-thieves.
Also, good security is transparent so we hardly even realize that it is there.
Perhaps this is why the auctioneer in question put a higher premium on immediate billing than on security. How else to explain his request? “It is important that you contact us via email (my italics) or call us … as soon as possible with your full credit card details.”
Perhaps unconsciously, the auctioneer has recommended the worst possible method of informing his company about credit card details, especially the security code. Email? Are you kidding?
That suggestion is a red flag, which brings into question the history of the “card security code” (CSC) also known as “card verification value” (CVV), “card verification code”(CVC) or “card code verification” (CCV). Typically found on the back of a credit card, these are three or four digits initially meant to provide extra credit card security for online purchases.
Proxibid requires the code to provide that security. However, as Internet thieves are omnipresent, all they need is the code to make all manner of unapproved purchases.
Take it from Proxiblog, we’re dealing now not only with professional Internet criminals but also digital natives, several of whom would never shoplift from an auction house but who routinely steal music, movies and video games based on knowledge of how Internet operates. Most long-time auctioneers can remember goods being stolen from their onsite premises. If not, check out the theft occurring at our top-rated auction house, Western Auction, by clicking here.
By emailing credit card data to an auctioneer, bidders expose themselves to a multitude of online dangers at any location that message can be accessed, including a company’s computer file or worse, printed file of CSCs.
Auctioneers also may not be aware of the latest Internet scam undermining the intent of the security code to prevent fraud. Phishers routinely hack into databases containing names and credit card numbers. The phisher then contacts the owner of the credit card and says a purchase cannot be immediately processed without the code. Can the buyer please provide it?
You know how that story ends.
Alas, the convenience of online bidding that Proxibid provides will likely require more security measures in the future. For this, auctioneers and patrons should be grateful in as much as their clientele is often worldwide and bids logged seamlessly during sessions.
In closing, everyone should take a moment to read Proxibid’s security policies, which contain this statement:
- “Proxibid has security measures in place to help protect against the loss, misuse, or alteration of the information under our control. We restrict access to your personal identification and contact information within the company to only those authorized employees who need to use that information for a specific job function.”
Does your auction house have a similar policy? Who has access to your clientele’s data? What measures are you taking to counteract cyber-fraud?
Proxiblog is an independent entity with no connection to the auction portal Proxibid. Our intent is to uphold basic numismatic standards as established by the American Numismatic Association and the National Auctioneer Association and to ensure a pleasurable bidding experience not only on Proxibid but also on similar portals such as iCollector and AuctionZip.