|
|
Five Tips For Safe Online ShoppingOct 20 '00 Write an essay on this topic.So you're wondering whether it's safe to shop online with your credit card. Why are you wondering? Probably because of all the scare stories on TV and in magazines. Yes, your credit card information can be stolen. Yes, it's possible for this to escalate into a case of identity theft. But, online shopping is the best invention since... well, since shopping, and you just can't pass it up. I'm here to tell you that yes, you can shop the Internet safely, if you use your head. Most of the attention on the subject of online shopping security goes to encrypted transmissions. Articles tell you how encryption protects your information from prying eyes. Sites have entire pages telling you why encryption means it's safe to shop there. You've been taught since arriving on the net to look for that little lock icon when you're about to submit sensitive information. The lock is your friend. If you see the lock, you're okay. Nonsense. Let's imagine a web with no encryption. A web where all your transactions are sent as normal web requests, in the clear. Do you know how hard it would be for a hacker to sniff out your credit card information? I do. It's nearly impossible, unless that hacker happens to work for your ISP, or runs one of the perhaps two or three networks your connection passes through to get to its destination. Even then, it would still be difficult. Not impossible, though, which is why Tip Number One is to always make sure credit card submissions are done over a secure connection. The lock is indeed your friend. But this is, for the most part, a false sense of security. The transmission of information over the Internet is the part of the process that most people don't entirely understand, so that's where all the evil monsters lurk in peoples' minds. But that's not where the real risk is. Think about it - what happens to your information after it goes over that nice, secure, safe connection, and gets to the other end? It gets decrypted, of course, and stored on the web server, in a file, as plain text. Anyone with sufficient access to that server can obtain the information. So, anyone wanting to steal credit card numbers is going to forget about sniffing Internet traffic, and will instead target the web server of a company doing online transactions. So, should you be afraid of this? Sure, but don't panic yet. After all, you use your credit cards in much less safe ways all the time, and never worry about it. When you're in a restaurant, you will happily hand over your card to some underpaid college kid, who will then take it and disappear with it for a while. Personally, I worry more about that than I do about submitting it to a website. A company doing online credit card transactions will secure their server to the best of their ability. This is where Tip Number Two comes in. Always do business with a reputable merchant. It's not that difficult to set up an insecure web server. You want to be reasonably assured that the company at the other end of your connection is trying. I work for a company that does business on the net, by having people submit credit card information. That information, as I mentioned, ends up decrypted and stored on the web server. In our case, another little program comes along every so often and collects this information, and sends it off to another server, which is behind a firewall so tight that I can't even get through it, and I'm a systems admin for the company. The information is then deleted from the web server. So, if someone were to hack into the server, the best they could do is to steal the information of only those people who paid us in the last few minutes. The connection between the internal customer database and the web server is one-way; the database can connect to the web server to obtain and then delete the new orders, but neither the web server nor any other system can connect in the other direction, for any reason, ever. Is this how everyone does it? Probably not. But it's probably pretty close to how most reputable merchants do it. When I shop online, I don't price-hunt. I don't look all over and take whoever can save me 47 cents, even if I've never heard of them. I deal with professional and reputable stores - if Amazon.com sells it, I buy it there. Tip Two Point Five, which is a part of Tip Number Two, is to do your research. Find out if the company is reputable. Sure, you don't want to deal with a company that has some half-assed website that looks like a fifth-grader made it, but as the saying goes, "on the Internet, no one knows you're a dog." Anyone can make a site that looks as professional as Amazon's. That doesn't mean you can trust them. Recently, someone in either Serbia or Croatia copied my company's entire website, replaced our name and logo with another one, and put the result up on the net. Presto, instant professional website, including an order form. They did this to get people to send them their credit card information. It was shut down after being up for a week or so, but they probably got some peoples' information while they were up. None of those people did even a trivial amount of research. Search the net for mentions of the company. Go to Deja.com and search Usenet. Search Epinions. See what people are saying. Now, with all that, it's still possible to have your credit card information stolen from a merchant's server. Even the best get hacked sometimes. This brings me to Tip Number Three: get an American Express card. American Express has a feature where you can either use their website, or a Windows program that sits in your system tray, which will generate an Amex credit card number and expiration date. This number is tied to your account, but it's only good for a single transaction, and it expires in a month or two. You can use this number instead of the one on your card when making an online purchase. With this, you don't even have to give the merchant your credit card number. If the merchant is dishonest, or someone steals your number off their server, not only will it not work, but if they try to use it, Amex security will know exactly where the "leak" happened. Now, obviously you can't use this nifty feature for recurring charges like your ISP bill, where they want a card they can charge every month. And you can't store it on Amazon's server to avoid having to type it every time. But it's an extremely nice way to eliminate the chance of having your card information stolen off a merchant's server, or even by sniffing your Internet traffic. If your information does get stolen, American Express security are the guys you want on your side. Your liability is zero. And Amex's fraud detection software seems to be pretty nice; while other companies have such systems, Amex's seems from all reports to be better. If you make some charges that don't jive at all with your usual account activity, and they're for a large amount of money, you will probably get a call from Amex security, and you will appreciate them looking out for you. And if the charges were fraudulent, you'll have a new card by next-day courier. If you don't like American Express because you have to pay your balance every month and pay an annual fee, look at the Amex Blue card, which I've reviewed on Epinions. It's a no-fee revolving credit card with low interest. Tip Number Four doesn't matter if you've followed Number Three. Never use a debit card. Never use a debit card. NEVER USE A DEBIT CARD!! While debit cards these days typically have some kind of protection against unauthorized use (limiting your liability in the same way as a regular credit card), anyone who steals one of these is getting direct access to the money in your bank account. If someone goes on a shopping spree with it, you might get the charges eliminated, but until you do, that money is gone, your checks are bouncing, and you can't pay your bills. Never use a debit card to buy anything, ever, online or offline, period. If your bank gives you the option of getting a card that is just an ATM card, with no Visa logo, get that. Unfortunately, fewer banks are offering such an option. Finally, we have Tip Number Five. (I know you were wondering just how bloody long this was going to be.) Use credit cards that have online account access. If you've followed Tip Number Three, you have such a card. With online account access, you don't have to wait for your statement to arrive in the mail to see what's been charged to your account. If someone has taken your card number and is using it, you will know within a day or two, and you can minimize the damage. If you take the extra step of using a financial management program like Microsoft Money (see my review elsewhere on Epinions), you don't even have to remember to go the credit card company's website to check; transactions will appear in your register as if by magic. Now, go explore the world of online shopping and feel safe.  |
| Read all comments (5)|Write your own comment |
|
Ads by Google
|
