Many banks are now requiring that I have the 3 digit security # on the back of your credit card when I manually enter charges from here at the main office. Since I do not actually have your credit card to be able to swipe it, and I have to manually key them, I am asking that anyone who pays with a credit card to write your 3 digit security # from the back of your credit card on your pre-entry form or license application when sending those in. Next year we will have a permanent place on the forms for that to be written in.
For those that have already sent in pre entry do we need to call into you?
Is there not a better way? Correct me if i am wrong but dont the forms also have a persons social security number on them also? So SS. number, CC number, CC security code, Address.... The only thing missing is mothers maiden name and the bad guys have everything they need. If this was misplaced it could be very dangerous....
Are you guys shredding this paperwork?
Cant the card machines be present at the registration tables so the owner can swipe the card at that point, the card number could still be used for preregistration "lock in"....
Just asking.
If you have already sent your pre-entry in don't worry about it. Everything has gone through so far. This is to put everyone on alert that this change is coming and I will need that 3 digit # in the future.
As far as in registration, there is a credit card machine there. This notice is only for anything that is sent here to the Fort Worth office for processing because I have to manually key the credit cards. This is not my decision it is the banks.
Is it possible to set up a Paypal account for this type of thing? I mean everyone pretty much has a paypal account. I know there is a fee to use paypal, so tack on an extra $3 to do it that way. Covers the fee and less personal info sent around. You get your money instantly. Just another option for those that are concerned about identity theft. Me? I just register and pay when I get to the track.
For what it's worth, has CCS considered www.MotorsportReg.com as a service for online race entry? It appears to be simple, secure, and convenient.
There was a roadracingworld article recently noting that Miller Motorsports Park is using it for their local race series...
Just a thought.
--Justin
Wow, both very good ideas. Actually with paypal, it is probobly only 1% higher than d your current merchant services fee so not much more money but peace of mind and instant payments for you. You can actually open a business paypal account and link them to your website.
I agree- go electronic....PLEASE! As a copper, I could shock you at how many identity theft cases we have to handle. One of the very first questions we ask is, "Have you sent any mail recently that had your name and CC# on it?" One of the mail sorting centers here in St. Louis had a # of people arrested for mail theft. All it takes is one dirtbag who works at the Ft. Worth mail processing center to know that anything going to your address has names, dates of birth, CC#'s.....and it ends up being a nightmare.
+1 for going digital. Instant payment for you....piece of mind for us. Heck, even our local club has been doing online registration and payment for years. If its the actual signature you're worried about getting- make them sign at registration.
C'mon CCS- get out of the stone age! lol
I think I've been sending entries into CCS and WERA for well over 20 years. I have yet to have any indentity theft from that, but I have had our credit card number stolen and used some how even though we never, ever used that card number for anything that was a purchase where the number wasn't encripted on a trusted site, etc.
For license applications, they have to be sent in as they are required to have an actual signature. A fas is not acceptable for an application like that, and certainly not electronic.
CCS had on-line entries seven or eight years ago. It was "ok". I don't know the particular problems that CCS had with it, but from a racer stand point, it wasn't the greatest at all, and I generally faxed in my entries as did others.
CCS deals with thousands of entries a year, and I know that I've given them tens of thousands of dollars over the years via their methods with no problems. Singular units like Miller seem to have no problems with their entries according to what people are saying here. Similarly, CRA, which is near by, has electronic entries, and, personally, the only way I could enter over charged me. STT has been doing on-line entries for some time, and their card numbers became exposed, and $250,000 of purchases were made on customer cards. Maybe electronic entries are neat, but I just don't think it's the stone age if current system is a simple system that works for an organization for so long for almost all of their customers with no recognition of problems.
Dave, your examples are of companies who choose to create their own E-Commerce sites, we are referring to Paypal. Not even comparable, the level of security at paypal is very high because of who they are owned by.
As for the stone age, and doing things as they have always been done, NOTHING is the same as the 'Old Days'. Closing your eyes and hoping everything will be safe is just not the right thing to do.
I just don't recognize that the current system is broken. We can disagree, no?
Dave- I don't think it's broken, persay. But it could definitely be improved upon. I love using Paypal. Never had an issue, and I love the instant verification of the $$ having been sent, along with the instant receipt. Seriously- for CCs to set up online registration, and a link to Paypal would be very easy to do. As for the all important signature- you sign your John Hancock on the form at registration.
I think it could lessen the CCS office's burden and likely streamline their registration process. They could always leave the option for people to snail-mail in their registration, social security numbers and credit card number for those who wish to keep status quo.
Just my two pennies worth.
Dave, the point isn't that the system is broken but that it is outdated. I received a letter from a company that handles the accounting for the City of Chicago Ambulance Service. Seems that I gave my personal info to the paramedics when I had my accident at work, since I don't remember giving them my SS or other sensitive information that was stolen from the accounting service I think the paramedics went through my wallet. Long story short there are a lot of links in the chain between sealing the envelope and Fort Worth opening it, were one fo those links to break you might rethink your position and the fault would not be CCS's but the racer that sent their info all in one neat little package. If you've never had it happen to you count your blessings.
I completely agree that all the information being sent in one envelope is a disaster waiting to happen. The fact that is hasn't happened i would say is more a mater of good fortune then real proof that there isn't a substantial risk of it happening.
Pay-pal is a GREAT idea IMO. I would be willing to pay the couple percent more it would cost in order to use pay-pal if that is the issue. Please show me if i am wrong, but i have yet to see complaints about pay-pal, and they must handle millions of transactions yearly.
Quote from: HAWK on April 12, 2009, 12:18:40 AMLong story short there are a lot of links in the chain between sealing the envelope and Fort Worth opening it, were one fo those links to break you might rethink your position and the fault would not be CCS's but the racer that sent their info all in one neat little package. If you've never had it happen to you count your blessings.
I understand what you're saying.
I have had the link broken, but never within the checks, mail, faxes, CC#'s, etc. between me and WERA, CCS, MRA, AHRMA, CRA, CMRA, LRRS, MCRA, etc. I have had that information taken directly from the credit card company though. And taken directly from my wallet out of my shorts at Road Atlanta.
Don't attack the messenger. :)
I work in financial services mostly on application security, what all of you are saying is correct - but one thing to thing about further - the most recent loss of card information I'm aware of was from Mastercard itself, the only real protection you have is going through your charges monthly at a minimum and determining if there is anything on the list not yours, only deal with reputable websites (btw paypal is MUCH better now than in years past, you really don't want to know the old stories...), and make sure the mail you send is tightly closed and doesn't tell someone what is inside if at all possible - I do hope the sheets with the CCV/CCV2 (number on the back of the card) are being shredded, there are compliance rules set forth by the CC companies that dictate things like that (PCI complaince required bit) and if CCS hasn't seen the requirements yet it would be a good thing to take a quick peek at the document as more requirements are likely coming.
Just my humble input, but if the mail bit bugs you that much can always fax it in instead, that does cut down the number of hands it passes through.