Tech Magazine

When is It Safe to Use Credit Online?

Posted on the 22 September 2011 by Nerdywerds @NerdyWerds

Using your credit card online isn't as scary as people might think

To put it lightly, identity theft is an issue. With the freedom to flash your plastic online comes the risk of having data skimmed by nefarious people. Back in the good old days, let's say 15 years ago, to steal a credit card number you pretty much had to actually steal the credit card. And even once you'd done that, you'd have to a) use it before the owner got wise, b) forge the signature well enough to not arouse suspicion and c) hope that where you were using the card didn't have a policy of proving identity. So needless to say, it wasn't easy for someone to steal from you in that regard. But with online shopping, all you need is the card number and security code and you're all set. If you've ever given a waiter your card at a restaurant, by the time you get it back that person could easily have everything they need to go on a bit of a shopping spree. If you shop online, on unsecured sites, it's even easier to get your information stolen. I'm by no means interested in stealing data, but I see five unsecured wireless networks I can steal data from within range of my home. If you have an unsecured wireless network, protect yourself and secure your network now.

It's not all doom and gloom with your cards however. I've worked in several restaurants and never once seen anyone with the cajones to try and steal a card number. And online, there is a way to safely utilize your card. Do me a quick favor and look at the address bar. The beginning of the address is "http". Whenever you're going to use your credit card, you need to see "https". This indicates that the site you're buying from uses a "secure socket layer" protocol and is safe to buy from. Secure socket layer, or SSL for short, is a protocol that creates an encrypted channel for communicating privately over the internet. Encryption is the process of transforming ordinary text into a coded message. The encoding is done via a special encryption algorithm, a series of steps and operations to transform the data, called a cipher. A rather famous example of an encryption algorithm is the caesar's cipher. Julius Caesar used this to exchange messages with his generals. In this cipher, All characters are shifted by 3. So an "A" becomes a "D", a "W" becomes a "Z" and so on. Without knowing the cipher, the simple phrase "test" would be rather hard to interpret, as it is "whvw" after encoding. Modern encryption techniques are infinitely more complex than this, which is a good thing for your credit card.

Each SSL certificate is comprised of a public key and a private key. The public key is used to do the encryption part of the dance and the private key does the decrypting part. The level of encryption depends on the type of SSL certificate. SSL certificates offer encryption levels up to 256 bits, which is up to 2 to the 256 power digits long. According to Verisign, "At current computing speeds, a hacker with the time, tools, and motivation to attack using brute force would require a trillion years to break into a session protected by an SGC-enabled certificate." That stat is based on 128 bit encryption. More reputable sites and sites needing more security will have comparable SSL certificates, which means your data should be perfectly safe on a site using SSL.

When you first log on to a site, you have what is called the "SSL handshake". This is the exchange of SSL information between your browser and the web site. When you arrive, your browser requests the web server to identify itself. In response, the web server sends your browser a copy of its SSL certificate. This is where, on some sites, your browser will ask if you wish to trust the certificate. If your browser deems the certificate trustworthy, it notifies the server that it thinks everything is copacetic. The server will then send back a digitally signed acknowledgment to start the encrypted session. And then the handshake ends with encrypted data being shared between your browser and the web server. If your browser notifies you that the certificate seems fishy or not trustworthy, you should probably steer clear.

I know a lot of people out there are terrified of having their identity stolen, and with great reason. But if you have your network properly secured and only offer your credit information up to sites secured with SSL, remember to look for "https" in the address bar, you should be fine online. Your bank, your email and anything else requiring sensitive information should provide an SSL certificate; don't think your credit card number is the only thing you need to keep safe. So, the moral of the story is, don't freely give out personal information unless you, and more importantly, your browsers trusts the person you're giving it to. Thanks for reading, and if you have anything to add, please head on over to the Facebook page and let me know!

Back to Featured Articles on Logo Paperblog