RETURN TO THE TECH TIPS MAIN PAGE
A recent news story focused on a hacker who stole 300,000 credit card numbers from a popular music Web site. The cyber scoundrel then held the numbers hostage, threatening to post them on the Internet if a ransom wasn’t paid. Rumor has it the cardnapper even sent the last four digits of one credit card number to the Web site and threatened to send additional severed digits if his demands were not met. The story interested me because, as a consumer, I purchase goods and services online with my own credit card. Let’s take a look at the phenomenon of online shopping and explore just how safe it is… or is not.
- - - - - - - - - - -
Some people are adamant about NOT using their credit cards online. When pressed to give specific concerns, the answer is usually some variation of “It’s not safe.” Fact: There has never been a single, documented, verifiable instance of credit card information being intercepted while being transmitted over the Internet, whether by e-mail or using any online form, encrypted (secured) or not.
Let me repeat that… There has never been a single, documented, verifiable instance of credit card information being intercepted while being transmitted over the Internet, whether by e-mail or using any online form, encrypted (secured) or not. Ever!!
Sure, there are lots of “anecdotal” stories that typically begin with something like, "My brother’s friend knows someone whose sister's nephew’s son’s uncle had his credit card number stolen on the Internet.” Trust me. It did NOT happen! They’re just spreading false gossip and false rumors!
“Experts” advise us to shop on secure sites – those that display the little padlock icon in the lower left-hand corner of your browser. Having blind faith in the little padlock, however, is analogous to wearing a seat belt on an airplane believing it will protect you in the event of a nose dive into Mt. McKinley. Yes, it’s a good idea to always wear a seat belt, but it’s also important to understand the limits of what it can and cannot do to protect you. Shopping on a secure site is a good idea and will, indeed, encrypt or scramble the information transmitted to the site. But if there is little or no danger to that data while in transit in the first place, let’s not obsess about protecting that which is already safe.
Purchasing goods and services through a secure site does not guarantee that your data is invincible. Many secure sites receive credit card information in encrypted format, then turn right around and re-send that same information to a merchant or process the information internally via plain, unencrypted e-mail or simply print it out. At some point in the process your credit card information has to be unencrypted, so if you insist on worrying about something, worry about what happens after your information arrives at its destination.
The hacker who snatched the credit card numbers from the Web site managed to find a poorly designed site that stored credit card information on its Web server (computer). Had the orders been properly moved off the server, they wouldn't have been there for someone to hack (take) in the first place. Leaving hundreds of thousands of credit card numbers and related information on the Web server was just plain foolish.
So the focus of the “Hacker Steals Credit Cards” story was misdirected. The real story associated with this incident wasn’t about the dangers of making online purchases; it was about the poor design of the company’s Web site and its blatant disregard of good business practices.
A credit card provides a great deal of protection under any circumstance, online or off and is still your best bet for online purchases. In the U.S., credit card purchases are protected by the Fair Credit Billing Act. If a merchant does not perform, you can challenge the charge by notifying your credit card company. And if your credit card information is "stolen," you have a maximum liability of (only) $50. Banks and credit card issuers rarely require you to pay any amount at all if you report any irregularities in a timely manner.
Using a credit card on the Web to make purchases is actually LESS risky than using it to make purchases at “brick-and-mortar” establishments (“stores”). When you use your credit card to pay for dinner, for example, your food server will typically take your credit card to the back room and bring back a slip for you to sign. You sign it and then what happens? You take your copy of the receipt, leave the other copies on the table and walk away. Talk about bad security!
For some strange and illogical reason, many of the same people who refuse to use credit cards online are very comfortable making credit card purchases by telephone. This is referred to as the “talking-to-a-live-body” syndrome: The misperception that speaking with a person is more secure than interacting with a computer. Think about the “security” associated with that process: You provide your credit card information to somebody you don’t know, at an undisclosed location, and if that’s not bad enough, you usually receive no proof of purchase! We should be worried sick about it, but most of us don’t give the process a second thought because we’re comfortable with using a TELEPHONE!
Credit card fraud is rampant in the world, yet you never read stories about the “dangers” of the telephone or fax machine when those devices are utilized as a vehicle for transmitting credit card information. Have you ever faxed your credit card number on an order or application form? Didn’t you feel just a twinge of apprehension thinking, “What if I dialed the wrong number?”
Let’s examine what happens on the receiving end of your fax: The fax containing your credit card number – and probably your name, address, telephone number – is printed on a piece of paper that will reside in the paper tray of the receiving fax machine until somebody – it could be anybody – comes along and retrieves that piece of paper.
In all probability your order will be processed appropriately, but do you have any idea how many copies are made of the information you fax? The first step for many retailers is to make photocopies of the order information for distribution to appropriate departments within the organization. But what’s to prevent Rudy, the disgruntled copy boy, from making an extra copy? Succinctly stated: Absolutely nothing.
The bottom line is this: Using a credit card online is about as safe as it gets. The next time you read a story involving the Internet and credit cards, ask yourself, “Is it really a story about the dangers of using the Internet to shop online? Or is it a story about an unscrupulous merchant failing to deliver merchandise, bad Web site design and/or questionable business practices?”
There is one golden rule that applies to using credit cards in general: Check your credit card statement each month. If there are any charges you don’t remember making, call the phone number that appears on your statement. If you’re convinced you didn’t make a charge, challenge it, don’t pay for it and wait for the merchant to produce a proof of purchase or some documentation that will jog your memory. If proof is not forthcoming, you’re home free. Safely and soundly.
RETURN TO THE TECH TIPS MAIN PAGE