[django11]

I just got an app that allows meto pay the parking meter with my smart phone and credit card.  How do make sure that I am secure  and that nobody can get my cc info?

Thanks!

[wilsynet]

You can't.  The credit card information is likely stored at the server.  You either trust them to keep it secured, or you choose not to use the service.  If its any consolation, they probably don't store the card verification number on the back of the card.

[decal]

They store everything you are willing to provide them with.

[django11]

Of course   !  I should have figured that out myself.  That takes care of that.  However when I signed up I sent my credit card info over the wireless cellphone network.  How do I know if I am secure when doing that?

[decal]

You don't know. That's the chance you take doing cyber business.

[vortrex]

Of course   !  I should have figured that out myself.  That takes care of that.  However when I signed up I sent my credit card info over the wireless cellphone network.  How do I know if I am secure when doing that?

I'm sure it was encrypted,  just like any other thing that handles online payment info.

[galyons]

You are OK.  The Payment Card Industry Data Storage Security, (PCI DSS),  prohibits:

• The storage of full mag strip track 1 or track 2 info
• The storage of card validation code (the 3 or 4 digit security code
• The storage of the PIN, (personal identification number) 

If required for business purposes, the cardholder’s name, PAN, expiration date, and service code may be stored as long as they are protected in accordance with PCI DSS requirements. This includes strong encryption of data and restricted, secured access to servers.

On top of all of this, the card issuers and networks eat the fraud, not you.

Cheers,
Geary

[jqp]

Not much is 'encrypted', really, unless you encrypt it on your machine - and the Government can get at pretty much anything that flows on the wires now. Safest approach is to not put anything critical out of your personal control at home.

There are certain things that you may not care about being unencrypted, and my neices and nephews are very cavalier about their communications on Web 2.0. Also consider the case of Evernote, a wonderful comprehensive organizational tool that can span all your devices, not encrypted. So some things you would organize in the cloud you aren't concerned about, but when you really want to organize all your famlies important life documents and accounts/policies and information about friends/clients, all of a sudden the Web 2.0 has some real gotchas.

For buying groceries and coffee, where you would use NFC, I put those transactions in a low risk category where the card issuers handle the risks as stated above. You could open an account just for buying these things in this type of category.

[galyons]

Not much is encrypted, really, unless you encrypt it on your machine -

In terms of card payments this is not correct, if the purchase is through a PCI compliant point-of-sale interface, regardless of the communication methodology, it is encrypted.  If you blast your card info via voice, text or email, you are on your own, in terms of security.  But the issuers and networks still cover fraud losses if reported in the required time frames. 

Paranoia about the government, well, that does not apply here, based on the OP.  He was worried about paying the government for parking. He paid the agency, so....

Cheers,
Geary

[django11]

Not concerned about the gov't.

 I use my hardwired internet connection for all manner of banking and shopping but haven't used my smartphone for doing any of that stuff.  I was wondering if sending my credit card info or bank account number and pin over the "air" was riskier than doing it through my wired connection and if there was any special measures I need to take to protect myself?  For example I have installed Avast Mobile on my phone...

[wilsynet]

I do not believe sending it over the air is materially more dangerous.

I could come up with reasons why it's less safe, but the complex answer would yield the same conclusion as the simple answer, which is:  it's really not any riskier.

Besides, trying to harvest credit card information by trying to snoop the Wifi or 3G medium is remarkably inefficient versus targeting a web site that stores credit card information and walking away with thousands rather than dozens of credit card numbers.

[django11]

Thanks for all the info guys! 

[jqp]

In terms of card payments this is not correct, if the purchase is through a PCI compliant point-of-sale interface, regardless of the communication methodology, it is encrypted.  If you blast your card info via voice, text or email, you are on your own, in terms of security.  But the issuers and networks still cover fraud losses if reported in the required time frames. 

Paranoia about the government, well, that does not apply here, based on the OP.  He was worried about paying the government for parking. He paid the agency, so....

Cheers,
Geary

mmm...Maybe... - in my city the parking meters are outsourced to a non-govt company. Also dog licensing, and tax payments!

Some of my my points were probably a little out of scope, was more about security with new communication systems in genera,l and what we need to consider in making our choices. It is in flux in some ways, and there are good safety nets in place for these smaller transactions.