Secure e-commerce and credit card security

For the prevention of credit card fraud, the internet has both advantages and disadvantages.

One advantage is that you can test the legitimacy of online vendors according to the test I give below. Another advantage is that there is no paper copy of your number on any receipt, unlike some hotels, grocery stores and other storefront vendors' operations.

Paper copies of credit cards are common targets of unscrupulous employees up and down the line. Besides paper copies, any time your credit card leaves your sight, e.g., at a restaurant, the information can be copied. (Many people who steal credit card numbers, such as restaurant waiters and cashiers, have well tuned memories.) The most common theft are ordinary employees at near minimum wage and who have no valuable skill to sell.

A disadvantage of the internet is that you may not know the person on the other end as well as you know a vendor's operation down the street. It could work either way, which one you know better.

On the internet, nobody sees your card, and there is no paper copy.

The main issue on the internet are whether the vendor's e-commerce operation is set up well.

"The Test"

When you are asked for your credit card information on a form, simply fill in incorrect information. Make up a name, credit card number and expiration date. If it says "OK, thank you for your order" then never give them your real credit card information because it's not as secure as it should be. Simply send them a message cancelling your order and forget them.

If, on the other hand, you get a message saying something like "Invalid credit card information" immediately, then they apparently have true e-commerce. You should be able to do as many tests as you wish, but the first time you put in your true credit card information you should get a "Card information verified OK" or another statement like that immediately. Each time you click on the submit button, you should get an acceptance or rejection message within seconds.

We have true e-commerce. When you place an order, your credit card information goes straight into a national processing center and is checked automatically in a matter of seconds. It does not go onto our hard disk. All we get on our hard disk is a transaction tracking number (which contains none of the information on your credit card) from the national processing center. Our e-commerce center is in the U.S. (Boston, Massachusetts), and your credit card number never leaves a computer in the U.S. All our websites are in the U.S. (Only our bodies and employees are overseas, and never does credit card information leave the processing center in the U.S.) For your information, we use AuthorizeNet.

Nearly all the credit card fraud on the internet is due to vendors saying they have secure e-commerce when they don't. They don't pass the above test, but few people know how to test them. When you give them your credit card number, it is saved on their hard disk. There, it's vulnerable to theft by anyone who has access to their hard disk, e.g., unscrupulous employees or hackers.

If they fail the above test, it does not mean that they are guilty of wanting to steal your credit card. They might be. However, they might just not have true e-commerce, and might print out your credit card number and then go to an e-commerce reseller or a friend or business associate who can handle credit cards. It might cause no problems, but it sure does increase the risk of credit card fraud, because they have the number on their hard disk, and possibly on a piece of paper they give someone else, and where does that paper end up? There are cases of thousands of credit cards being stolen from a single source which did not have true e-commerce but sold a lot of goods and services over the internet.

Don't misunderstand

The test above is the best way to check out how "secure" your card should be. Do not rely on any messages that pop up in your browser saying that you are entering a secure connection, or any other messages saying that your information is "secure".

The only test that really counts is the one where you put in a false name and false card number and confirm a rejection.

There are actually two security steps. Don't misunderstand the first step to mean that everything's secure.

When you enter a credit card transaction, you first get a message from your browser saying that you are entering a "secure" connection (using "SSL", a technical acronym for Secure Socket Layer). All this does is encrypt information between your computer and the other computer, so that nobody in-between can intercept the communication. It does not mean you are connecting to a legitimate computer on the other end. You could possibly have a secure connection to a computer on the other end run by a thief, or which has lax security in-house, or other problems as discussed above.

Once you have established this "secure" connection, you should still do the false name and card number test.

Any questions? Contact us by e-mail or click on the icon below for live chat/instant messaging.










Copyright © 1999-2002, All Rights Reserved.

Outlook | Services | Quality | FAQ | Employment | Company | Contact | Home

www.OffshoreLabor.com is a service of Export Quality Services Co., Ltd.
 

Your choice of skilled labor for outsourcing
is no longer limited to local consultants,
since internet is now mainstream in business.

The world's best talent is now available, as well
as meticulous detail work, at widely varying rates.








Offshore laborLabor outsourcing offshoreOffshoreLabor.comWorld peace via interdependence, trade and dialog