Jan 23, 2002 06:52 PM
7183 Views
(Updated Jan 24, 2002 09:40 AM)
While shopping or conducting banking related transactions online from the comfort of one’s home or office has its own advantages, there are certain worrying issues, specifically pertaining to the disclosure of sensitive information such as credit card numbers. While there are many facets to online shopping, I haven't shopped online by using a card but did a lot of banking transactions without any security problems so far.
How safe is it to leave credit card numbers on the net?
For an online transaction there are 3 critical details required. One is the card number itself, the second is a 3 digit number printed behind the card on the signature panel and the third is the expiry date on the face of the card. Anyone with access to these 3 details can play havoc on the net, shopping and making merry as they wish. The big question now is, “Are you taking an unreasonable risk when you use your credit card to shop over the Internet?” probably NOT! The main fear people have is that some prodigious and innovative hacker will intercept their credit card data and ruin their credit worth with an unauthorized shopping spree.
Come to think of it, we don’t take any particular care in normal life to safeguard these features of our credit card in the first place. We routinely hand over our cards to waiters at restaurants and cashiers at merchant establishments apart from a hundred others in daily life. We also trust the Indian Postal System and the courier services when the card is first delivered by the company to us, don’t we? The card itself might be not be physically with us for a period ranging between 2-3 minutes to 1 day in the above cases, but that duration is more than enough for someone with malafide intentions to get all the information they want. While we have heard, read and are more familiar with stories of how cyber crooks have stolen such sensitive information on the internet, we are more experienced when it comes to routinely losing cards. There have also been many cases wherein people have not lost their cards but ended up with massive billings on occasions because someone close to them(probably at the office) would have picked up the above-mentioned 3 details without their knowledge and used it for some fanciful shopping. Is it not safer then, to shop on the internet where your information is sent out on something called a “Secured Server” for a few nanoseconds?
What happens when I give out my credit card details on the net?
At the time of placing an order to buy a product on the net, the customer fills out an “Order Form”. This form contains all details of the order placed and us in most cases, “Secured”(more about this later) with the information from the customer being encrypted between the customer's computer and the company’s server. At the server, the information is stored in a database and the merchant is then notified of the order via email(which does not contain any of the sensitive details), and finally, the merchant retrieves the information via another secure session. This is what happens when the company is big enough to afford its own servers and communication lines. In a few cases, smaller companies cannot afford the luxury of having their own web servers and they resort to what is known as'third-party hosting.' That is where the insecurity comes into play. You have to trust the web hosting provider, whom you have no knowledge of, and you have to trust that the company has a secure means of getting the information from the server back to themselves. Unfortunately, most companies do not have such a system and this is where most incidents of hacking take place.
What is this “Security” Thing?
A secure ordering system uses a form script that encodes or encrypts the credit card information right at the users computer. The resulting information which is garbled then goes out over the Internet via a path that nobody knows about ahead of time, and on to the server that will process the order. There are various degrees or levels of encryption with the 128 bit encryption being the most common and reliable one these days. With 128 bit encryption, there are 300 billion trillion “keys” which makes it virtually impossible for an unauthorized party to find the right key, even if they are equipped with the best computers thus making it hack-proof. This encryption is done through something called Secured Socket Layer(SSL) which is an encoding technology that ensures that the information sent over the Internet is scrambled, so that unauthorised peeping toms cannot read it.
How do I know if a particular site is secured or not?
To check a site's security status, look at the site's URL in your browser window. An's'(Secured site) added to the familiar'http'(which now reads'https') indicates that SSL is in effect. In Netscape Communicator 4.0 and above, the lock symbol on the bottom right hand corner, usually open, is closed in the secure mode. The same applies to Internet Explorer 4.0 and above also. Moreover, If a customer about to send information to a site that's not using SSL, IE gives out a warning message asking if the user wants to continue.
Do the above fundas apply to Internet Banking too?
Yes, the same set of guidelines as described above apply to Internet Banking too. Here too, Banks rely on encryption to protect the information of all internet related transactions. Before the customer’s computer transmits information to an online financial service, the information is encrypted. When the information reaches its destination, it is decoded and anyone who intercepts the information during the course of the transmission receives only gibberish.
What should I ensure before embarking on an online credit shopping spree?
Ensure that the latest version of your browser is installed
Common browsers like IE and Netscape come out with regular updated versions which contain the latest security features. Update as soon as you get a chance.
Make sure that the site you're purchasing from uses SSL technology
Look out or the additional alphabet “s” after “http”. When SSL is in use, the information you exchange with others on the Internet is encoded so if it is intercepted by an unauthorized party, all that party sees is gibberish.
Shop with big companies that have web servers of their own and have a reputation for security
Larger, well-known companies are eager to protect the reputation of their brands and can afford to invest in the latest technologies. These companies are more likely to have properly secured their sites for online shoppers.
Keep a record of your transactions
Most e-commerce sites present a summary of the transaction before the customer finalises the purchase decision. Take a print out of this summary and file it for personal record, never know when it might come in handy and remember, you’re not getting a ready bill anyway.
Be extra careful with passwords and user Ids
Opt for IDs and passwords that others cannot guess easily.
Phew! I think I’ve covered most of what I wanted to.there’s no place for more anyway. There’s no unreasonable risk in giving out your credit card details online, as long as you take the basic prescribed precautions as given above. There will always be some'Smart Alecs' who'll find a way to hack. Nothing in this world is foolproof and crimes worth millions of dollars do take place online too. i've spelt out the facts and leave the rest for you to decide.Adios!
