Security of Internet Credit Card Transactions
Have you ever used your credit card in a store or a restaurant? Of course, but you know there are dozens of people in each who would have the ability to see your credit card number. How can you be absolutely sure that none of them will use your number to buy something for himself? You can't be sure, but you figure it's a small risk, so you make the transaction. If you didn't make the transaction, why have a credit card?
Charging with your credit card over the Internet is the same thing, as long as it's a secure site. There are a handful of people at the company that processes your card who could see your credit card number. However, I have been doing business with RegSoft for over a year and have not heard of any problems from anyone.
It would not be wise, however, to send your card through a web site which is not secure. This is because potentially thousands of people could find your card number, and some of them might have automatic programs scanning through thousands of web page submissions, looking for something resembling a credit card number. But virtually every web site nowadays which asks for your card number is a secure site, so this is not possible. To see whether a web site is secure, look in Netscape's lower left corner for the lock symbol. If it's open as it is with this page, it's not a secure site (this page isn't but the credit card page is). If you're stuck with Internet Explorer instead, a secure web site will have a closed lock symbol near the bottom right.
More About Secure Transactions
Secure web sites use a cool encryption technique called public-key encryption. Let's say I want to send a secret message to you so that only you could read it. In the olden days, we would have to communicate with each other beforehand in order to exchange a key to encrypt and decrypt the message. But in the late 1970's, some very smart mathematicians figured out that there is a way to have a pair of keys working together, where one key can decrypt information which was encoded by the other key, but a key could not decrypt a message that it itself encoded. This allows someone to keep one of the keys private, but make the other available for everyone to see. If I want to send a secret message to you, I first encode it with your public key, and only your private key can read the message. Everyone else, who all have access to your public key, cannot, because a message encoded with the public key can only be decoded with the private key.
In fact, you can do this with e-mail using a program called PGP (for Pretty Good Privacy). The US government was on the back of the creator of this program for a few years, because not even the government can break the encryption. If you have PGP, you're invited to send me an encrypted message using my public key.
Secure web sites use a very similar encryption technique. When you sign on to the online dominoes registration page, your web browser looks up the public key of the recipient. When you fill in the blanks and submit the info, it is first encrypted with RegSoft's public key, so that only RegSoft can read the message. Anyone who snoops and can read web traffic will see only unintelligible, random-looking pages of letters.
So I hope I've made these points:
- It was at one time unwise to send credit card over the Internet, before secure sites were around, because potentially thousands of people would be able to see your information.
- With a secure web site, no one but the recipient can read the information you send.
- Using a card over the Internet is every bit as safe as using it in a restaurant, and probably less risky than reading the number to someone over the phone.
Back to main page...