- By Dan Veaner
- Business & Technology
Have you ever thought twice before using your credit card in an on-line store? Shopping sites, banking sites, even sites for the lovelorn say they are secure, but what does that mean, really? Can't your credit card number or social security number or grandchildren's names be hijacked as they whiz through the Internet from your browser to the remote site's servers? And if it is really secure, how do you know?
To tell you the truth, I do a lot of shopping on the Internet and haven't had any security problems. I've bought books, software, flowers, gifts, ink and labels for my printer, blank CDs and DVDs and services. I even paid for the Lansing Star's logo over the Web.
The key to Internet security is Hypertext Transfer Protocol over Secure Socket Layer, or HTTPS. Regular Web pages use Hypertext Transfer Protocol (HTTP), and that's why their web addresses start with "http://". HTTP sends plain text, readable by anyone.
If you have shopped on the internet you may have noticed that when you get to the part of an on-line store that actually takes your order that Web address prefix changes to "https://". So the regular address may be something like http://www.myproduct.com and the order taking page might be https://www.myproduct.com/onlineshop/.
HTTPS depends on two things: it needs your web browser to have secure capabilities (virtually all modern browsers do) and it needs the web store you are visiting to have the same capabilities. When your browser sees that it is visiting a secure site, it sends your requests and information using a Secure Socket Layer (SSL) in encrypted form, instead of just plain text. The secure Web site knows how to unencrypt your information once it gets there.
The Web site must have an SSL Certificate on its server. This is a unique file that allows your browser to authenticate that the web site it is communicating with is actually the one you think you are communicating with. There are a few different vendors of these certificates, and they must be renewed annually by the site owner.
Another clue that you are on a secure site is that some browsers have a little symbol that appears when it is securely connected. For example, Internet Explorer shows a little yellow padlock in the lower status bar. Opera shows a gray padlock right next to the web address. Firefox and Mozilla show it in the lower right corner. Netscape shows the padlock in the lower left.
That's what goes on under the hood, but there are some things you should do to be sure you are not sending your personal information to a secure site that is run by thugs.
- Always type the address of sites you trust. Don't click on addresses sent to you in e-mail. Bad guys sometimes send official looking letters with a link that looks OK, but actually goes to a "clone" site instead of the real one.
- Only deal with sites you trust. Amazon.com is trustworthy. TakeMyMoneyAndRun.com probably isn't.
- Check the Web site to see if there is an address and telephone number. If you are still nervous about ordering over the Web you might be able to phone in your order.
- Only deal with reputable companies. You wouldn't hand over your credit card in a storefront called "Sleazebag Emporium" so why would you do it in a questionable Web store?
On-line shopping can be very convenient. With SSL technology to keep your personal information safe it can be a pleasant experience to have your purchase simply show up at your door.
----
v2i5