Comments on: How To Keep Your Credit Cards Safe When Shopping Online http://www.makeuseof.com/tag/how-to-keep-your-credit-cards-safe-when-shopping-online/ Cool Websites, Software and Internet Tips Sun, 22 Nov 2009 10:23:32 -0500 http://wordpress.org/?v=2.8.4 hourly 1 By: Encryption Software http://www.makeuseof.com/tag/how-to-keep-your-credit-cards-safe-when-shopping-online/comment-page-1/#comment-414692 Encryption Software Tue, 27 Oct 2009 16:30:51 +0000 http://www.makeuseof.com/?p=13371#comment-414692 I feel that I have enough common sense not to shop online at underdeveloped websites or for illegal products. However I am very insecure that my computer is not free from all malware. I use Windows OS and I am quite aware of Windows' unique susceptibility to infection. Even the best malware scanners often miss keylogger viral infection, which will immediately record CC information and send it directly to the cybercriminal who designed it. Linux and Mac users have more secure platforms from which to shop online. I feel that I have enough common sense not to shop online at underdeveloped websites or for illegal products. However I am very insecure that my computer is not free from all malware. I use Windows OS and I am quite aware of Windows’ unique susceptibility to infection. Even the best malware scanners often miss keylogger viral infection, which will immediately record CC information and send it directly to the cybercriminal who designed it. Linux and Mac users have more secure platforms from which to shop online.

]]> By: John http://www.makeuseof.com/tag/how-to-keep-your-credit-cards-safe-when-shopping-online/comment-page-1/#comment-381400 John Thu, 02 Apr 2009 00:39:51 +0000 http://www.makeuseof.com/?p=13371#comment-381400 AVG is free but you have to subscribe to trial(netflix or other) to get license. AVG is free but you have to subscribe to trial(netflix or other) to get license.

]]> By: Ryan Dube http://www.makeuseof.com/tag/how-to-keep-your-credit-cards-safe-when-shopping-online/comment-page-1/#comment-377963 Ryan Dube Sat, 07 Mar 2009 00:35:19 +0000 http://www.makeuseof.com/?p=13371#comment-377963 Mackenzie, thank you for providing some insight on the technology behind the SSL certificate. Very cool, and I learned something new - thanks! Mackenzie, thank you for providing some insight on the technology behind the SSL certificate. Very cool, and I learned something new – thanks!

]]> By: Ryan Dube http://www.makeuseof.com/tag/how-to-keep-your-credit-cards-safe-when-shopping-online/comment-page-1/#comment-377960 Ryan Dube Sat, 07 Mar 2009 00:21:39 +0000 http://www.makeuseof.com/?p=13371#comment-377960 Marc - excellent point, one-use credit cards are definitely the single most secure way to shop online. In fact, you don't even need to use a bank, many drug stores or grocery stores actually sell mastercard/visa disposable credit cards in various increments ($10, $25, $50, $100, etc..) Excellent way to shop anonymously and securely. Thanks for the advice! Marc – excellent point, one-use credit cards are definitely the single most secure way to shop online. In fact, you don’t even need to use a bank, many drug stores or grocery stores actually sell mastercard/visa disposable credit cards in various increments ($10, $25, $50, $100, etc..) Excellent way to shop anonymously and securely. Thanks for the advice!

]]> By: richcasto http://www.makeuseof.com/tag/how-to-keep-your-credit-cards-safe-when-shopping-online/comment-page-1/#comment-377925 richcasto Fri, 06 Mar 2009 19:00:44 +0000 http://www.makeuseof.com/?p=13371#comment-377925 I agree with Marc about Bank of America "Shopsafe" feature - it takes the worry about online shopping! I agree with Marc about Bank of America “Shopsafe” feature – it takes the worry about online shopping!

]]> By: Mackenzie http://www.makeuseof.com/tag/how-to-keep-your-credit-cards-safe-when-shopping-online/comment-page-1/#comment-377917 Mackenzie Fri, 06 Mar 2009 17:57:42 +0000 http://www.makeuseof.com/?p=13371#comment-377917 The lock is misleading. It does *not* necessarily mean the site is secure. It only means that the site has a potentially valid SSL certificate. I say "potentially valid" because the cert may have been revoked, but browsers don't check the revocation lists, so for all you know that certificate was compromised anyway. Firefox puts a light blue background behind the favicon in your address bar if it likes the SSL certificate as well. A valid SSL certificate means that there is encryption and yes the certificate belongs to the domain in your address bar (maybe, see above). That's all. It does nothing to verify that the site you're on is the site you think it is. There is a way for a site's relationship to a legal entity to be verified. It's called Extended Validation, or EV. It requires that a legal entity go to one of Verisign's lawyers and give lots of proof about who they are and what their business is. If this has been done, Firefox will display the legal entity's name along with the jurisdiction in which they are verified, on a green background. IE fills in the address bar with green. Check out PayPal for an example. If you personally typed in your bank's URL which you know is correct, the lack of a green bar doesn't really mean anything, but you should still watch for the lock and blue background to be sure a man-in-the-middle hasn't turned off SSL. If, however, you are directed to a URL via a link, confirming the identity of the humans behind the website is a good idea. The lock is misleading. It does *not* necessarily mean the site is secure. It only means that the site has a potentially valid SSL certificate. I say “potentially valid” because the cert may have been revoked, but browsers don’t check the revocation lists, so for all you know that certificate was compromised anyway. Firefox puts a light blue background behind the favicon in your address bar if it likes the SSL certificate as well.

A valid SSL certificate means that there is encryption and yes the certificate belongs to the domain in your address bar (maybe, see above). That’s all. It does nothing to verify that the site you’re on is the site you think it is.

There is a way for a site’s relationship to a legal entity to be verified. It’s called Extended Validation, or EV. It requires that a legal entity go to one of Verisign’s lawyers and give lots of proof about who they are and what their business is. If this has been done, Firefox will display the legal entity’s name along with the jurisdiction in which they are verified, on a green background. IE fills in the address bar with green. Check out PayPal for an example.

If you personally typed in your bank’s URL which you know is correct, the lack of a green bar doesn’t really mean anything, but you should still watch for the lock and blue background to be sure a man-in-the-middle hasn’t turned off SSL. If, however, you are directed to a URL via a link, confirming the identity of the humans behind the website is a good idea.

]]> By: Marc http://www.makeuseof.com/tag/how-to-keep-your-credit-cards-safe-when-shopping-online/comment-page-1/#comment-377902 Marc Fri, 06 Mar 2009 15:24:38 +0000 http://www.makeuseof.com/?p=13371#comment-377902 Yes - but take it a step further. We have NO control over what happens to credit card info once we've given it to a vender. I use disposable Credit Card numbers whenever I shop online. These are unique credit card numbers that (a) can only be used by one vendor; and (b)- sometimes - can have a dollar and exp date date that you set. (a) means that if your card is stolen, it cannot be used by anyone other then the original vendor. Discover card has "Secure Online Account Numbers" which are generated by their custom flash application. The number generated has the same exp date as your real Discover card, a unique CVC code and no dollar limit. But it will only accept charges from the first vendor that uses it. My Bank of America MC and Visa cards offers "ShopSafe" which no only generates a unique number, but also user defined dollar limits and expiry date, for example, $50 and 2 months. I feel very comfortable using this when I'm purchasing something from an unknown company and I'm willing to risk the dollar limit I specify. Both of these services are easily accessible from my browser toolbar. Highly recommended!!! -Marc Yes – but take it a step further. We have NO control over what happens to credit card info once we’ve given it to a vender. I use disposable Credit Card numbers whenever I shop online. These are unique credit card numbers that (a) can only be used by one vendor; and (b)- sometimes – can have a dollar and exp date date that you set. (a) means that if your card is stolen, it cannot be used by anyone other then the original vendor.

Discover card has “Secure Online Account Numbers” which are generated by their custom flash application. The number generated has the same exp date as your real Discover card, a unique CVC code and no dollar limit. But it will only accept charges from the first vendor that uses it.

My Bank of America MC and Visa cards offers “ShopSafe” which no only generates a unique number, but also user defined dollar limits and expiry date, for example, $50 and 2 months. I feel very comfortable using this when I’m purchasing something from an unknown company and I’m willing to risk the dollar limit I specify.

Both of these services are easily accessible from my browser toolbar. Highly recommended!!!

-Marc

]]> By: Dan http://www.makeuseof.com/tag/how-to-keep-your-credit-cards-safe-when-shopping-online/comment-page-1/#comment-377830 Dan Fri, 06 Mar 2009 04:16:38 +0000 http://www.makeuseof.com/?p=13371#comment-377830 Good stuff, thanks. Good stuff, thanks.

]]>