Learning About Internet Security

Credit Card Transactions

This month, the SFBA Chapter web site will begin offering the ability to pay for events and meetings with your credit card online. The Chapter will be using the Shopping Cart method for conducting our e-commerce transactions.  With that subject in mind, the topic for this month's article is Credit Card Transactions.

Introduction 
One of the riskiest misadventures that you can have on the Internet is when a credit card transaction goes bad. Millions of e-commerce transactions are performed annually resulting in billions of dollars in online sales, all in complete safety. But the Internet can also be used for maliciousness, as seen recently when a thwarted extortionist posted millions of customers' credit card information to the Internet in retaliation. It should be noted that, in the previous case, the stolen credit card information was not obtained through Internet transactions since the "cracker" had really only used the Internet to break into the company's computer system and download the victim's customer database information.

Web Browser Protection 
Your credit card number has the potential of being intercepted when transactions are not conducted using a secured connection. Many web browsers have built-in security encryption that you can use to help protect yourself. As long as you have not intentionally disabled this security encryption, your web browser will automatically perform the act of establishing a secured connection for you. An icon resembling a closed padlock or similar concept usually represents this sort of secured connection. Some web browsers may cause a message to automatically appear notifying you when you have entered or exited a secured connection

Shopping Carts 
Online Credit Card Transaction companies give small web site owners the ability to offer safe and secured credit card transactions (via Internet "Shopping Carts") without having to set up and run a secured web server of their own. In this situation, the web site owner subscribes to a service that handles the transaction processing for them. All the web site owner needs to do is set up an online form on their web site that gathers together the order items and prices from the customer. When the customer is ready to pay for their order, the Shopping Cart service steps in and handles the sensitive information. The web owner can retrieve the payment information using a separate process.

Proprietary Credit Card Transactions 
Many large corporations will set up their own secured transaction web server, and purchase/install the recommended Internet security certificates (Thawte, VeriSign, RSA, etc.) to offer assurance of safety to their customers. Traditionally, these same corporations will also develop their own proprietary transaction software to decrease the possibility of theft by "crackers." However, some corporations will simply use traditional technologies on their own web servers for convenience sake and familiarity to customers.

Warning Signs 
There are several fundamental things you should do and know about the recipient of your credit card information before you begin to transmit any sensitive data. These are, in no order of precedence: 

  1. Make sure that you trust the recipient of your information. Use the same common sense precautions that you would use when actually handing someone your real credit card.
  2. Make sure that the amount being charged is correct. Double-check your order for accuracy.
  3. The name, address, and contact information of the recipient. 
  4. The Internet address of the form that you will be using. Looking at the address listed in your web browser, or else right-clicking on the form and inspecting the page's properties can find this information. 
  5. Confirm that your web browser is displaying a secured transaction symbol. 
  6. Obtain a printout of the completed form with your information, but before you have clicked on the "Submit" button on the form. 
  7. Double-check to make sure that all of the required information has been filled in and is correct. If the form is incomplete or contains invalid data, you may be required to completely fill out the form again, or you may be returned to the form with the information pre-filled and something indicating what needs to be changed. Each failed transaction offers the potential for problems. 
  8. Make sure that you understand the terms and conditions under which you are submitting your credit card information. Be wary of situations that allow recurring billing using your credit card number, especially those that are phrased so that if you do not want the billing to reoccur, you will need to formally request it to stop using a separate emailed process.

After the Sale 
Once you have completed your transaction, be sure to printout any, and all, confirmations and additional information that is displayed. In most cases, you can also expect to receive an emailed confirmation of your order, save this too. Be sure to read all order confirmations for any unpleasant surprises. You may also wish to call and confirm the order with your credit card company if you have any suspicions.

Conclusion 
In conclusion, most e-commerce credit card transactions can be conducted without any problems. As long as you follow the suggestions listed above, you should be able to enjoy using this convenient method of purchasing. As a parting thought, always be sure to check your bank statement for any unannounced processing fees for the transaction.

Next Month's Topic: RSACi Parental Control for Web Browsers

By Steve Duell
ASIS SFBA Webmaster