When it was decided to post an article pertaining to purchasing on the Internet, I figured it would be a snap to write it. Boy was I wrong! There is a lot of security information available for vendors, but there's not a lot of information available for the person who is actually purchasing something. Other than a "Our site is secure" posted someplace on the website, you have to take the vendors word. The fact that there are many different types of "security" only confuses the issue.
After wading through faq's and other help sections I've come to one simple conclusion:
As far as security is concerned, using a credit card on-line
Think about a time you've paid for something with a credit card. You receive a bill and you give someone your credit card. They either run it through the machine in front of your face or they disappear for a while and come back with the charge slip for you to sign. You sign the slip and a copy gets left with the merchant. You have no idea what they do with the copies, where they are stored or who has access to them. Just one purchase allows many possibilities for someone to gain access to your credit card number. And then, what if you lose your receipt? It's doubtful that you'd cancel your credit card. But the lost receipt has your credit card account number printed on it. Anyone can pick it up.
is the same as using it in a store.
These situations suggest that using your credit card on-line is just as safe as using it in a store. I would be more concerned about purchasing an item on-line and never receiving the merchandise, or getting a product that is inferior in quality to what I had expected. I personally wouldn't buy something on-line unless it was from a established merchant. For example, the major bookstores that sell on-line, like Amazon Books and Barnes and Noble. Both these companies are well known. I would expect the same quality of service on-line as I would in their store. I think the security of your credit card and personal information is as safe as the vendor your purchasing from. In other words, if you doubt the vendor don't buy anything.
On to the scary stuff! Security. How safe is your personal information online? If your using e-mail, the safety level is zero. E-mail has been compared to sending a postcard through the postal service. The content is open to anyone who cares to look at it. Unless you use a high-security cryptographic software application such as PGP (Pretty Good (TM) Privacy) that allows people to exchange messages with both privacy and authentication, anyone who cares to make the effort can see what you're sending or receiving.
Most on-line vendors offer secure servers to their customers, yet many retail merchants ask their Internet retail customers to post their credit card to an unsecured form. How do you know if the form is secure or not?
Unless you've disabled this function on your browser, you will get a window that pops up announcing that you are now in a secure area. When you leave the secure area it will inform you as well. The browser also tells you when your in a secure area by showing icons. These icons show up at the bottom of your browser.
- On Netscape you will see a golden key at the bottom of the browser; the broken key means your not in a secure section.
- Microsoft Explorer uses an icon that looks like a gold padlock. If there is no padlock showing, you are not in a secure section.
What all this means is that the form you're filling out is secure because it's encrypted before it's sent back to the merchants server.
It costs a great deal of time and money to decrypt an encrypted credit card number; it can cost 10, 20 or even 100 times more than the value of any possible gain. That's not to say someone won't try to do it. It's important to realize that "secure" browsers and servers are only designed to protect confidential information against network eavesdropping. Without system security on both browser and server sides, confidential documents are vulnerable to interception.
Listed below are some of the companies that offer secure services to vendors, with a brief description of how they make on-line transactions secure. These might give you an idea of what to look for if you decide to purchase something over the Internet.
Visa and Master Card have set forth a plan for Secure Electronic Transactions (SET). This plan relies heavily on RSA encryption. RSA is the world's brand name for cryptography, with more than 300 million copies of RSA encryption and authentication technologies installed and in use worldwide. RSA's encryption technology is embedded in Microsoft Windows, Netscape Navigator, Intuit's Quicken, Lotus Notes, and hundreds of other programs.
CyberCash's encryption technology offers the highest level of security available on the Internet today. CyberCash is not a method of payment; it's a company that enables secure Internet payments of several different kinds. You don't pay with "CyberCash" instead of a credit card; rather, merchants use the CyberCash Secure Internet Payment System to make sure your credit card transaction is secure. With CyberCash, your online payment information is automatically encrypted to ensure maximum protection. Much like shopping in the real world, CyberCash enables shoppers to make purchases online with credit cards, cash or checks. CyberCash's 56-bit DES encryption technology and 768-bit RSA public key technology provide state-of-the-art security for online merchants and their customers.
When using Traditional Service,Secure Exchange handles both the merchandise and payment. Both payment and merchandise are shipped directly to Secure Exchange, which verifies the accuracy and condition of merchandise, and also verifies that funds have been established. Once both ends of the transaction have been verified, payment and merchandise are shipped out the same day. Transactions using the Escrow Service eliminate Secure Exchange handling and verifying the merchandise. When using Escrow, the buyer sends payment to Secure Exchange and once funds are verified, the seller is given the all clear to send merchandise to the buyer. When merchandise is received by the buyer, if satisfied, Secure Exchange then send payment to the seller.
Copyright © 1998-99 The F.U.N. Place. All rights reserved