Purchasing On Line -- Could You Get Bit?

So you're looking around a really interesting Web site and you find some items you want to buy. You've got a credit card, and the site owner wants your credit card number so you can buy what you want. Do you send the site owner your number or not?

Two years ago, I would have said, "Nope; it's probably not safe." There were just too many things that a merchant could do wrong in getting your credit card number. Today, though, as long as the merchant is using a secure payment method, it may actually be the safest way to use your credit card.

Despite some hype to the contrary, stealing credit card numbers on the Internet is not very common - and it is nearly impossible if you take certain precautions. In fact, people do stupid things with their credit cards all the time and think nothing of it. Like handing it to a minimum-wage gas jockey at an all-night station. Or giving the number over a telephone - especially a wireless or cellular phone. Every time you pay with a credit card at a store, in a restaurant, or over an 800 number - and every time you throw away a credit card receipt - you are at risk of someone taking the slips and selling them to another party who wants to know your name, credit card number, and what your signature looks like.

We use our cards in these situations anyway, because thefts of this kind rarely happen, and even when they do, we are not held responsible for more than $50. Having someone do this to you is no fun, but most of us take that risk every day, many times a day.

Conversely, while anybody can go rooting through trash cans behind retail stores to find credit card receipts, there are only a skilled few who can intercept Web transactions. Nevertheless, it is especially important that commercial Internet sites guard their data.

Because commercial sites are prominent, those who are up to no good would attempt to steal card numbers there first, so a company engaged in on-line commerce should definitely secure their sites against theft. It's simply good business practice.

By "secure" I mean a system which scrambles the credit card information while it goes from your computer to the merchant's computer. With this kind of scrambling (properly called "encryption"), even if someone saw the message going from you to the merchant, he or she would have to spend hundreds or thousands of dollars to figure out your credit card number. There are a few Web technologies which a shopper should look for to tell them if their order will be secure.

According to people who keep such statistics, at least 90% of Web surfers use a Web browser capable of SSL (Secure Sockets Layer) security. SSL uses public key encryption, one of the strongest encryption methods around. In Netscape Navigator, you can tell that you're in the secure mode when an unbroken key appears in the bottom left corner of your browser window. Internet Explorer displays a padlock on the bottom right of the screen. Another way to tell that a Web site is secured by SSL is when the URL begins with "https:" instead of "http:". Also, a bright blue line appears across the top of your Web browser page (below the buttons, above the main text).

Browser makers and credit card companies are promoting an additional security standard called Secure Electronic Transactions (SET) as well. SET encodes the credit card numbers that sit on vendors' servers so that only banks and credit card companies can read the numbers.

Another type of secure system is called CyberCash. This technology requires that you first download a special piece of software, called the CyberCash Wallet, from CyberCash, Inc. ( http://www.cybercash.com/ ).

Downloading the software takes about fifteen minutes, and provides you with perpetual security in your online purchases. When you first run this software, you will register your credit card information, after which you can then order from any merchant who uses CyberCash. Actual credit card transactions are subsequently made using conventional methods between CyberCash and the vendor.

There are still a couple of ways you should NOT use your credit card on the Internet. You should never send your credit card number via e-mail, at least not until we have secure e-mail, and you should also not submit your credit card number on a Web page of a vendor who is not using a secure system.

No electronic commerce system can guarantee 100% protection, but if you follow these simple precautions you're less likely to get "bit" online than in a traditional store.