The Internet and Credit Cards

Posted on November 9, 2005
Filed Under Internet, Security |

a completely secure way to use a credit card–online or offline–but there are precautions one can take.

There are a number of ways to obtain credit card information including picking through garbage to find those swiped paper receipts. Online it usually involves either impersonating a site that would legitimately accept credit card information or intercepting credit card information as it is sent to a legitimate site.

Phishing has become an extremely common way for thieves to get credit card and other personal information from unsuspecting users. The thief will send an unsolicted email that purports to be from a bank, online service, or other agency that might require your credit card information.

Two of the more common phishing schemes use eBay and Paypal as the lures. The email will suggest that eBay or PayPal needs to update your information and invites you to ‘Click Here’ to do so. There is often a sense of urgency to the email message.

Clicking here takes you to an often reasonable impersonation of eBay or PayPal but the site really is not eBay or PayPal at all. When you fill in the information update form, the information is stolen and the phishing scheme has just made a catch.

The safest way to avoid becoming the catch of the day is to simply ignore any email—or other unsolicited request for that matter–that asks you to provide any kind of personal information. If at all in doubt, get in touch with the company who appears to be requesting the information and verify the request. eBay and PayPal aren’t the only schemes either, many banks and lending institutions are also used as bait.

Intercepting transactions as they occur is really not all that difficult but identifying a secure web site is fairly straight forward. To prevent data from being intercepted, the data is encrypted (or scrambled) before it is sent over the Internet.

The traditional method of encrypting data uses Secure Socket Layer (SSL) technology which is based on Public Key Infrastructure (PKI) technology. SSL and PKI are not the easiest technologies to grasp but simply put, they encrypt data in such a way that only the company or organization collecting the data can decrypt it.

 You can tell that you are entering information into a secure SSL site in two ways. First the address of the site will begin with ‘https’ as opposed to the normal ‘http’. This indicates that the site uses SSL and the ‘s’ after ‘http’ literally stands for ‘secure’.

Second, a closed yellow lock will appear on the bottom right hand side of your web browser window. If you don’t see ‘https’ AND the closed yellow lock, don’t enter your credit card or any other personal information.

Using a credit card online can be safe providing a few precautions are taken. Online shopping is here to stay and by using credit cards safely, you can open a world of products and services that couldn’t be imagined when PKI was invented some 30 years ago.

Comments

Leave a Reply

You must be logged in to post a comment.