(SkyNewswire.com) If you have surfed around on the Internet, you have no doubt ran across many different credit card companies, offering you cards at what they claim are the best in terms of interest rates and fees. Credit card companies operate both offline and online, and you can even apply for your card directly through their website. Even though many people understand how this process works, there are some who do not.
There are a lot of credit card companies who can process your application online instantly, or within a few minutes. Keep in mind that it does not mean you can shop instantly, simply because you can not print out your new credit card and take it out to the store. You can still shop, although you will not be able to use your new credit card – you have to wait until it is mailed out to you.
Although your application will only take you a few minutes, you will still have to wait for your new credit card. It will be sent to you via mail, so you will need to a wait a few short days before it arrives. Online credit cards are a smart choice, as most will tell you instantly whether or not you have been approved. Even though you will have to wait on the card, it does not take near as long as applying the old fashioned way.
When you compare the old fashioned method of getting credit cards to the online method, you will see some major differences. The first difference is the time, as it can take a long time to return the credit card offer to the company and receive a response. Snail mail can take forever when you are waiting on a response, especially if there are problems with processing your application.
The traditional method of getting a credit card will not allow you to compare what other companies have to offer. If you choose to apply for your credit card online, you will have the option of looking at several different companies. This way, you can find the best deal for your money and know without a doubt that you found the best deal. There are literally hundreds of credit cards online, all you have to do is find one that interests you and apply for it.
Keep in mind that even though applying online is a great way to get credit cards, there are limitations on instant approval. As you may already know, online credit cards with instant approval are meant for those who already have good credit. Even though you may not have good or perfect credit, there are ways that you can get approved online. With the market being very competitive these days, there are some companies that will approve you regardless, just for the simple fact that it gives them business. A lot of online companies are looking to get more business, so they will let the line slide quite a bit, and approve almost anyone now days.
If you are looking for a credit card, all you have to do is look online. You will find many to choose from, giving you plenty of available options. Credit card companies are easy to find online, with there being more online than offline. Getting approved online for your credit card is easier than ever, as all you need to do is apply and wait for a response. With a little luck, you may end up getting approved. Once your application is approved, all you do is sit back and wait for your credit card to arrive – it is as easy as that.
Getting Your Online Credit Card Application Approved Instantly
Bill to Limit Credit Card Solicitation on U.S. Campuses
By Brian Racow
Banks and credit card companies will no longer be permitted to use merchandise giveaways to entice college students to apply for credit cards at public universities in California if a bill passed by the State legislature in September is signed into law by Gov. Arnold Schwarzenegger (R).
In recent years, several states, including New York, and some individual schools have enacted similar policies in response to a national trend of college students accruing thousands of dollars of credit card debt by the time they graduate.
Before credit card companies can advertise on campus, the New York education law requires colleges to have a written credit card marketing policy that features a program to educate students about credit usage. John Gutenberger, director of Cornell’s community relations department, said that the University is currently reviewing its policies regarding credit card solicitors. He does not believe that the policies in place are going to change.
“We don’t want to allow private marketers on our tax-exempt land,” said Gutenberger.
In the past, certain exceptions were given for limited times and locations to marketers who sought permission through the University. These companies were not restricted from giving out gifts to students who applied for a credit card.
“Companies can get pretty innovative with gimmicks to get at this demographic, but we’re doing our best to keep them at bay,” said Gutenberger. “We’d get word of non-authorized marketers on campus from time to time and have to politely ask them to leave.”
According to an article in USA Today, banks and credit card companies look to attract students because they are the one demographic sector that has not already been over-saturated with credit card application requests. Additionally, students are attractive customers because they tend to remain loyal to whichever company issues them their first card. However, consumer protection groups, such as the U.S. Public Interest Research Group, have alleged that these companies target college students because young people lack significant financial experience, making them especially prone to incurring interest fees and overages. In 2004, the average undergraduate student had a credit debt of $2,169, a problem that may also be compounded by college students’ use of credit cards to pay back their student loans.
Such figures have compelled lawmakers to pass legislation making it more difficult for credit card companies to solicit on college campuses via ploys such as giving out free food, t-shirts or frisbees to students who apply for credit cards.
At schools that have prohibited marketers from campus entirely, the companies have legally avoided this restriction by setting up credit card application booths directly across the street from campus, particularly in areas that are heavily trafficked by students, according to USA Today. In addition, credit card companies have gained access to campuses that have banned marketing by sponsoring seminars on financial knowledge at which credit card applications are handed out. Not all colleges have attempted to prevent credit card companies from marketing to students. Some of the largest public universities in the country have received payments of millions of dollars annually from banks in return for the exclusive right to solicit students to apply for credit cards, according to USA Today.
Michelle Kremer ’11 said she has not experienced any difficulties meeting her monthly credit card payments since arriving at Cornell. However, she considers it an unfair practice that her bank charges such a high interest fee on cash she takes from her credit account because the transaction is considered a “minor loan.”
“And that’s on top of the $2 ATM charge,” said Kremer.
Last week, student activists from PIRG began a campaign to disseminate information on college campuses about the exploitative practices of credit card companies. The group even mimicked one of the companies’ tactics, distributing free lollipops that read, “don’t be a sucker” to students who took an information pamphlet. Advocacy groups hope that by raising awareness about the aggressive methods banks use to attract college students to credit, it will pressure the banks to amend their practices. Despite the fact that most incoming college students lack income and have not established a credit history, credit card companies are willing to sign up students, even those who have outstanding balances on another credit card. According to USA Today, approximately 40 percent of college students have four or more credit cards.
Credit Cards for Easier Payments
Posted by EditorsChoice
First and foremost is the annual fee that credit card companies charge. The annual fees may range from $25 to more than $100. The fee depends on the type of card you choose. To attract customers banks sometimes waive the first year annual fee and often offer a one-time membership charge. You should also find out beforehand the other type of fees that the company charges - balance transfer fee, over-the-credit-limit fee, credit-limit-increase fee and others.
The grace period to make payments is another important consideration. The grace period is normally a certain number of days from the statement date. Payments not made within the grace period will incur late payment fees.
Most credit cards allow cash advances from ATMs. For cash advances, a cash advance fee is charged, which is normally a percentage of the cash withdrawal made. Most cards do not allow any grace period for cash advances and interest is charged from the day of the cash advance.
Credit cards may be of many types - silver, gold or platinum. The credit limit normally depends on the type of card you choose. The type of card offered depends on your income level. Cards with higher credit limits normally attract higher fees but also come with additional features. Additional features may include discounts on purchases, money back on frequent use, accident insurance etc.
It is important that you carefully read the application form before signing on the dotted line. An application does not imply acceptance by the company. Credit card processing takes time and your personal details will be thoroughly checked before your application is accepted.
It is always advisable to make purchases within your financial limits. However, there are many people who face credit card debt problems. The best way to eliminate these debt is to enroll in a credit card debt consolidation program. Debt consolidation programs help reduce the debt burden and allow repayment with easy monthly installments. Do a thorough research and check the credibility of the company before choosing a debt consolidation plan.
10 reasons websites get hacked
Written by Jakub Maslowski
Below you will find list of top 10 web vulnerabilities classified by OWASP, here is also description of the problem and some examples.
I will just give you the list in case you missed it before, i will not comment on any of these as there is already hot discussion about this matter on several sites/forums.
So here it starts:
1. Cross site scripting (XSS)
The problem: The “most prevalent and pernicious” Web application security vulnerability, XSS flaws happen when an application sends user data to a Web browser without first validating or encoding the content. This lets hackers execute malicious scripts in a browser, letting them hijack user sessions, deface Web sites, insert hostile content and conduct phishing and malware attacks.
Attacks are usually executed with JavaScript, letting hackers manipulate any aspect of a page. In a worst-case scenario, a hacker could steal information and impersonate a user on a bank’s Web site, according to Snyder.
Real-world example: PayPal was targeted last year when attackers redirected PayPal visitors to a page warning users their accounts had been compromised. Victims were redirected to a phishing site and prompted to enter PayPal login information, Social Security numbers and credit card details. PayPal said it closed the vulnerability in June 2006.
How to protect users: Use a whitelist to validate all incoming data, which rejects any data that’s not specified on the whitelist as being good. This approach is the opposite of blacklisting, which rejects only inputs known to be bad. Additionally, use appropriate encoding of all output data. “Validation allows the detection of attacks, and encoding prevents any successful script injection from running in the browser,” OWASP says.
2. Injection flaws
The problem: When user-supplied data is sent to interpreters as part of a command or query, hackers trick the interpreter — which interprets text-based commands — into executing unintended commands. “Injection flaws allow attackers to create, read, update, or delete any arbitrary data available to the application,” OWASP writes. “In the worst-case scenario, these flaws allow an attacker to completely compromise the application and the underlying systems, even bypassing deeply nested firewalled environments.”
Real-world example: Russian hackers broke into a Rhode Island government Web site to steal credit card data in January 2006. Hackers claimed the SQL injection attack stole 53,000 credit card numbers, while the hosting service provider claims it was only 4,113.
How to protect users: Avoid using interpreters if possible. “If you must invoke an interpreter, the key method to avoid injections is the use of safe APIs, such as strongly typed parameterized queries and object relational mapping libraries,” OWASP writes.
3. Malicious file execution
The problem: Hackers can perform remote code execution, remote installation of rootkits, or completely compromise a system. Any type of Web application is vulnerable if it accepts filenames or files from users. The vulnerability may be most common with PHP, a widely used scripting language for Web development.
Real-world example: A teenage programmer discovered in 2002 that Guess.com was vulnerable to attacks that could steal more than 200,000 customer records from the Guess database, including names, credit card numbers and expiration dates. Guess agreed to upgrade its information security the next year after being investigated by the Federal Trade Commission.
How to protect users: Don’t use input supplied by users in any filename for server-based resources, such as images and script inclusions. Set firewall rules to prevent new connections to external Web sites and internal systems.
4. Insecure direct object reference
The problem: Attackers manipulate direct object references to gain unauthorized access to other objects. It happens when URLs or form parameters contain references to objects such as files, directories, database records or keys.
Banking Web sites commonly use a customer account number as the primary key, and may expose account numbers in the Web interface.
“References to database keys are frequently exposed,” OWASP writes. “An attacker can attack these parameters simply by guessing or searching for another valid key. Often, these are sequential in nature.”
Real-world example: An Australian Taxation Office site was hacked in 2000 by a user who changed a tax ID present in a URL to access details on 17,000 companies. The hacker e-mailed the 17,000 businesses to notify them of the security breach.
How to protect users: Use an index, indirect reference map or another indirect method to avoid exposure of direct object references. If you can’t avoid direct references, authorize Web site visitors before using them
5. Cross site request forgery
The problem: “Simple and devastating,” this attack takes control of victim’s browser when it is logged onto a Web site, and sends malicious requests to the Web application. Web sites are extremely vulnerable, partly because they tend to authorize requests based on session cookies or “remember me” functionality. Banks are potential targets.
“Ninety-nine percent of the applications on the Internet are susceptible to cross site request forgery,” Williams says. “Has there been an actual exploit where someone’s lost money? Probably the banks don’t even know. To the bank, all it looks like is a legitimate transaction from a logged-in user.”
Real-world example: A hacker known as Samy gained more than a million “friends” on MySpace.com with a worm in late 2005, automatically including the message “Samy is my hero” in thousands of MySpace pages. The attack itself may not have been that harmful, but it was said to demonstrate the power of combining cross site scripting with cross site request forgery. Another example that came to light one year ago exposed a Google vulnerability allowing outside sites to change a Google user’s language preferences.
How to protect users: Don’t rely on credentials or tokens automatically submitted by browsers. “The only solution is to use a custom token that the browser will not ‘remember,’” OWASP writes.
6. Information leakage and improper error handling
The problem: Error messages that applications generate and display to users are useful to hackers when they violate privacy or unintentionally leak information about the program’s configuration and internal workings.
“Web applications will often leak information about their internal state through detailed or debug error messages. Often, this information can be leveraged to launch or even automate more powerful attacks,” OWASP says.
Real-world example: Information leakage goes well beyond error handling, applying also to breaches occurring when confidential data is left in plain sight. The ChoicePoint debacle in early 2005 thus falls somewhere in this category. The records of 163,000 consumers were compromised after criminals pretending to be legitimate ChoicePoint customers sought details about individuals listed in the company’s database of personal information. ChoicePoint subsequently limited its sales of information products containing sensitive data.
How to protect users: Use a testing tool such as OWASP’S WebScarab Project to see what errors your application generates. “Applications that have not been tested in this way will almost certainly generate unexpected error output,” OWASP writes.
7. Broken authentication and session management
The problem: User and administrative accounts can be hijacked when applications fail to protect credentials and session tokens from beginning to end. Watch out for privacy violations and the undermining of authorization and accountability controls.
“Flaws in the main authentication mechanism are not uncommon, but weaknesses are more often introduced through ancillary authentication functions such as logout, password management, timeout, remember me, secret question and account update,” OWASP writes.
Real-world example: Microsoft had to eliminate a vulnerability in Hotmail that could have let malicious JavaScript programmers steal user passwords in 2002. Revealed by a networking products reseller, the flaw was vulnerable to e-mails containing Trojans that altered the Hotmail user interface, forcing users to repeatedly reenter their passwords and unwittingly send them to hackers.
How to protect users: Communication and credential storage has to be secure. The SSL protocol for transmitting private documents should be the only option for authenticated parts of the application, and credentials should be stored in hashed or encrypted form.
Another tip: get rid of custom cookies used for authentication or session management.
8. Insecure cryptographic storage
The problem: Many Web developers fail to encrypt sensitive data in storage, even though cryptography is a key part of most Web applications. Even when encryption is present, it’s often poorly designed, using inappropriate ciphers.
“These flaws can lead to disclosure of sensitive data and compliance violations,” OWASP writes.
Real-world example: The TJX data breach that exposed 45.7 million credit and debit card numbers. A Canadian government investigation faulted TJX for failing to upgrade its data encryption system before it was targeted by electronic eavesdropping starting in July 2005.
How to protect users: Don’t invent your own cryptographic algorithms. “Only use approved public algorithms such as AES, RSA public key cryptography, and SHA-256 or better for hashing,” OWASP advises.
Furthermore, generate keys offline, and never transmit private keys over insecure channels.
9. Insecure communications
The problem: Similar to No. 8, this is a failure to encrypt network traffic when it’s necessary to protect sensitive communications. Attackers can access unprotected conversations, including transmissions of credentials and sensitive information. For this reason, PCI standards require encryption of credit card information transmitted over the Internet.
Real-world example: TJX again. Investigators believe hackers used a telescope-shaped antenna and laptop computer to steal data exchanged wirelessly between portable price-checking devices, cash registers and store computers, the Wall Street Journal reported.
“The $17.4-billion retailer's wireless network had less security than many people have on their home networks,” the Journal wrote. TJX was using the WEP encoding system, rather than the more robust WPA.
How to protect users: Use SSL on any authenticated connection or during the transmission of sensitive data, such as user credentials, credit card details, health records and other private information. SSL or a similar encryption protocol should also be applied to client, partner, staff and administrative access to online systems. Use transport layer security or protocol level encryption to protect communications between parts of your infrastructure, such as Web servers and database systems.
10. Failure to restrict URL access
The problem: Some Web pages are supposed to be restricted to a small subset of privileged users, such as administrators. Yet often there’s no real protection of these pages, and hackers can find the URLs by making educated guesses. Say a URL refers to an ID number such as “123456.” A hacker might say ‘I wonder what’s in 123457?’ Williams says.
The attacks targeting this vulnerability are called forced browsing, “which encompasses guessing links and brute force techniques to find unprotected pages,” OWASP says.
Real-world example: A hole on the Macworld Conference & Expo Web site this year let users get “Platinum” passes worth nearly $1,700 and special access to a Steve Jobs keynote speech, all for free. The flaw was code that evaluated privileges on the client but not on the server, letting people grab free passes via JavaScript on the browser, rather than the server.
How to protect users: Don’t assume users will be unaware of hidden URLs. All URLs and business functions should be protected by an effective access control mechanism that verifies the user’s role and privileges. “Make sure this is done … every step of the way, not just once towards the beginning of any multi-step process,’ OWASP advises.
Comments and introduction to Top-10 list can be found on following:
www.owasp.org ( www.owasp.org )
www.networkworld.com (http://www.networkworld.com/news/2007/100407-web-site-vulnerabilities.html?page=1)
www.infoworld.com (http://www.infoworld.com/article/07/10/05/Top-10-reasons-Web-sites-get-hacked_1.html)
www.computerworld.com.au (http://www.computerworld.com.au/index.php?id=1126870565&eid=-6787)
Feel free to comment on these and join the disscussion!
