Using Your Credit Card Online
August 25, 2004
By Andrew Shain
Source: The Charlotte Observer, N.C.
It seems that for every person who shops eBay with the comfort of strolling aisles at a Wal-Mart, there's another one or two afraid to even type their credit-card numbers onto a Web page.
Computer users say in surveys that security fears top why they stay away from Internet shopping or online banking.
"Many people don't know what happens with the information on the Web," said George Tubin, a senior analyst with marketing consultant Tower Group. "They just feel more comfortable at the store. They have someone they can hold accountable."
The discovery last week of a security glitch on Mecklenburg County's Web site to pay property taxes did little to soothe folks who think online shopping is risky.
The site had operated for a still undetermined period without scrambling credit-card information. The problem was fixed soon after calls from the Observer. There's no evidence anyone accessed information, but people who used the Mecklenburg system are urged to keep an eye on their credit-card statements.
That said, you can safely spend money over the Web by taking some precautions. You just need to apply some common sense while you shop in your pajamas with a mouse and keyboard.
First some perspective.
The chances of someone stealing your credit card number sent over an unsecured Web site (such as what happened with Mecklenburg) is slightly less than anywhere in the nonelectronic world, said Ted Claypoole, a Charlotte attorney who specializes in technology security issues. Hackers have several obstacles to getting your information, but if they succeed, the numbers are easily read.
A bigger point of attack for hackers is servers where Web operators compile your information to complete purchases, said Jim Brown, managing partner at nGuard, a Charlotte computer security firm.
You'll want to know whether the Web operator continually monitors servers for hacking attempts, he said.
Most big businesses do, though there are breaches. Last month, a hacker gained access to a small number of the 8 million credit card records held by BJ's Wholesale Club.
Just like a waiter who uses an electronic reader to skim information off your card while you're paying for a meal, server attacks are nothing you can prevent.
Your best defense is being a diligent consumer by checking your statements.
You also should:
-- Look for the signs that a Web page is secure when you're asked to share financial information You'll want to see a padlock in the lower right-hand corner of your Web browser and that the Web address starts with "https," not just the usual "http." Both are signs that information you will share will be encrypted and hard for hackers to see. Don't see them? Stop the transaction.
-- Ignore e-mails that look like they come from legitimate businesses asking for financial information or passwords. Real merchants and banks would not have you click a link to some page to share the gateways to your wallet.
The scam, called "phishing," has tried to impersonate eBay, Bank of America, Best Buy and Citibank in recent months.
-- Take a moment to read a site's privacy policy. Reading legal disclaimers is not a hobby for most of us, but you want to know how a site might use information you share with it.
In the end, if you have any questions about security of a Web site, go the low-tech route and call the company.
Andrew Shain covers consumer issues. Reach him at (704) 358-5164 or ashain@charlotteobserver.com
To see more of The Charlotte Observer, or to subscribe to the newspaper, go to http://www.charlotte.com.
Bali Graber M&B Kirsch Comfortex Prestige Value Window Fashions
Source: The Charlotte Observer, N.C.
It seems that for every person who shops eBay with the comfort of strolling aisles at a Wal-Mart, there's another one or two afraid to even type their credit-card numbers onto a Web page.
Computer users say in surveys that security fears top why they stay away from Internet shopping or online banking.
"Many people don't know what happens with the information on the Web," said George Tubin, a senior analyst with marketing consultant Tower Group. "They just feel more comfortable at the store. They have someone they can hold accountable."
The discovery last week of a security glitch on Mecklenburg County's Web site to pay property taxes did little to soothe folks who think online shopping is risky.
The site had operated for a still undetermined period without scrambling credit-card information. The problem was fixed soon after calls from the Observer. There's no evidence anyone accessed information, but people who used the Mecklenburg system are urged to keep an eye on their credit-card statements.
That said, you can safely spend money over the Web by taking some precautions. You just need to apply some common sense while you shop in your pajamas with a mouse and keyboard.
First some perspective.
The chances of someone stealing your credit card number sent over an unsecured Web site (such as what happened with Mecklenburg) is slightly less than anywhere in the nonelectronic world, said Ted Claypoole, a Charlotte attorney who specializes in technology security issues. Hackers have several obstacles to getting your information, but if they succeed, the numbers are easily read.
A bigger point of attack for hackers is servers where Web operators compile your information to complete purchases, said Jim Brown, managing partner at nGuard, a Charlotte computer security firm.
You'll want to know whether the Web operator continually monitors servers for hacking attempts, he said.
Most big businesses do, though there are breaches. Last month, a hacker gained access to a small number of the 8 million credit card records held by BJ's Wholesale Club.
Just like a waiter who uses an electronic reader to skim information off your card while you're paying for a meal, server attacks are nothing you can prevent.
Your best defense is being a diligent consumer by checking your statements.
You also should:
-- Look for the signs that a Web page is secure when you're asked to share financial information You'll want to see a padlock in the lower right-hand corner of your Web browser and that the Web address starts with "https," not just the usual "http." Both are signs that information you will share will be encrypted and hard for hackers to see. Don't see them? Stop the transaction.
-- Ignore e-mails that look like they come from legitimate businesses asking for financial information or passwords. Real merchants and banks would not have you click a link to some page to share the gateways to your wallet.
The scam, called "phishing," has tried to impersonate eBay, Bank of America, Best Buy and Citibank in recent months.
-- Take a moment to read a site's privacy policy. Reading legal disclaimers is not a hobby for most of us, but you want to know how a site might use information you share with it.
In the end, if you have any questions about security of a Web site, go the low-tech route and call the company.
Andrew Shain covers consumer issues. Reach him at (704) 358-5164 or ashain@charlotteobserver.com
To see more of The Charlotte Observer, or to subscribe to the newspaper, go to http://www.charlotte.com.
Bali Graber M&B Kirsch Comfortex Prestige Value Window Fashions
