www.developer.com/security/article.php/640401
September 19, 2000 September is security month at Earthweb and I was asked if I could write something dealing with e-commerce. Since I had just finished the process of getting my own VeriSign certificate, I was fairly familiar with what needed to be done to start accepting credit cards over the Web. If you're thinking of starting an e-business, or if you just want to attempt to understand how your credit card is kept safe while you are using it on the Web, read on. This should help you a great deal.
I will never give my credit card number to anyone on the Web! It's not safe!Ah, but you'll tell your credit card number to a complete stranger at a mail order company over the phone, or give it to a waiter who then waltzes out of the room with it, or hand it to a person behind a counter who makes a paper swipe of the number. Now that I've been through the process of actually implimenting a server ID and Secure Socket Layer (SSL) on a Web site, I can honestly say that of all the methods of delivering a credit card number, I personally feel safest using the Web. Contrary to popular belief, your card number does not simply go out into cyberspace for anyone with a computer to steal. It does not (or should not, if the company does it correctly) sit in a file just waiting to be hacked. Plus, and this is the real kicker, you know exactly who is getting the card number. Once that waiter leaves the room, any one of 1,000 different people can get the number. If the waiter is crooked, one phone call later and his buddy has your number and is selling it around town. I don't mean to alarm people, but I know someone who had exactly that happen to her.
So, how is shopping online safer?First, I'll place the concern upon the buyer. You wouldn't hand out your credit card number to just anyone on the street, would you? No, you wouldn't. At least I hope you wouldn't. You hand your credit card number to people whom you feel confident are who they say they are and will process your card only for the reason you offered it.It is the same on the Web. Let the buyer first beware of the seller. If the seller has done what he or she is supposed to, you should be able to see the results right on your browser. For example, let's say you are going to buy a book online. Once you choose your book, place it in your "shopping cart," and go to check out, do you notice if you move into a secure server? Often, your browser will pop up a little box explaining that you have moved into a secure server. If you have disabled that little box, then you'll have to be a little more observant. Look at two places:
There are still sites out there that use a simple "mailto" form to accept your credit card number. If you attempt to buy and cannot find any proof that your information is being encrypted, do not offer any numbers. Text entered to a basic HTML form is as easy to intercept and read as a telephone party line.
|
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 