Security of money on a bank card and payment on aliexpress?

Q

QnANick2021-09-19 12:59:00

Information Security

QnANick, 2021-09-19 12:59:00

When buying on aliexpress, I indicated the data from the card that the service required, as a result, the money for the purchase was written off and the goods were brought. At the same time, I indicated the address for delivery at the time of placing the order.

Later I decided to buy something else, pressed the buy button. The aliexpress web page, on which the further steps of the purchase were supposed to load, hung due to some kind of failure and the product was ordered and paid for without confirmation and entering the address on my part. Moreover, it was also a surprise for me that I didn’t have to re-enter the card data - it turns out that they were saved at the first input and the card was automatically linked to aliexpress. I requested a refund and they were returned, but there was anxiety and thoughts on the topic that something was wrong and the payment scheme I used was not at all safe, if only because my aliexpress account could theoretically be hacked through paying / buying something through this account, money will be debited from my card, but without the possibility of returning it.

What security measures should be taken?

1) As far as I understand, it’s worth creating a new card specifically for shopping on Ali and transferring money to it only before buying, then even if they hack an account with a linked card, they won’t be able to buy anything, because. It is impossible to withdraw the card balance to a minus when shopping on Ali?
2) Is it possible to link a phone to an Ali account, so that any transaction with money requires entering a code from SMS?
3) Is it possible to change the CVC/CVV code of a Sberbank card? Googled and found information that it is impossible. What kind of nonsense, and if third parties suddenly find out this code, only the card will be changed with all the details? Maybe the information is outdated and can actually be changed?
4) Is it possible to set up a Sberbank card in such a way that any withdrawals using a CVV code require SMS confirmation?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

CityCat4, 2021-09-19
@CityCat4

1. And did you really indicate the details of the card with money ? Well, then, my friend, that's it ... This is about the same wise act as walking late at night on the outskirts of the city and hoping not to get hit by a tambourine :) Of course, for shopping on the tyrnet, you need a separate card, which usually has no money on it.
2. No.
3. No. Only reissue of the card, and it can be paid. Another argument for having a separate card for payments - it is usually virtual, and reissuing it costs nothing :)
4. You can even set it up so that any operation requires a control call to the call center and voice approval. Moreover, you can disable this mode only by a personal visit to the office.

U

Uncle Seryozha, 2021-09-19
@Protos

1) As an option, yes, explore other payment methods, you may be interested in them
2) No
3) Only by reissuing a card
4) Yes, but if the bank trusts the merchant, the bank will not require its customers to pass 3D-S.
Most likely, the aliexpress payment gateway has PCI DSS certification and everything is safe. The only way to buy goods on your linked card is to bypass two-factor authentication in your account. You can also dispute the transaction through the bank.