Is It Safe to Use Your Credit Card Online?

from the June 2002 Newsletter
by Rob Zorn

 

Being in the Internet industry, and dealing with customers on a regular basis, we often come across people who feel a real debilitating unease about using their credit cards to make online purchases. While it is reasonably common to read about Internet scams, stolen identities and so forth, my contention is that it is no more unsafe to use your credit card online than it is to use it anywhere else.

The fear is that when you enter your credit card details into a field on a website, you don't know where those details are going to end up, or you're not sure who might be "listening" to the transaction. These are legitimate concerns, but really, they aren't significantly different to you giving your credit card to a waiter in a restaurant. How hard would it be for a member of the waiting staff to make a quick copy of your card number and expiry date? How hard would it be for him to retrieve such records from sales documentation and go on a shopping spree courtesy of you, once he had your details?

I guess what I'm saying is that in reality it is virtually never 100% safe to use your credit card. However, just as one tends to exercise care with credit cards in the physical world, so can one exercise similar care in cyberspace that will result in a similar level of safety and security.

First of all, a waiter is unlikely to steal your credit card numbers. He or she knows that with the amount of electronic record-keeping and verification that goes on, the likelihood of being traced and caught for using your card illegally is pretty high. We know, too, that reputable firms are likely to have policies and practices in place to prevent staff from being easily able to abuse knowledge of your credit card details - but the operative word here is "reputable firms." So, the first and most obvious piece of advice is to only use your credit card to purchase online from firms you feel you can trust - firms that have known physical premises, places that have been around a while and have been conducting online transactions for a some time without major problems. You should feel a lot more confidence giving Amazon.com your details than when you're using them at Fred's Online Porn Palace.

Secondly, you should never enter your credit card details over an unsecured site.  A secure site will use encryption to protect your data as it travels between your computer and theirs. Anyone intercepting that data between the two sites will not be able to make sense of it and it will be of no use to them.  You'll know you're on such a secure page by the fact that the http:// in the page address changes to https://, and/or a little closed lock icon appears in the lower portion of your web browser.

Thirdly, it is definitely unwise to send your credit card details via e-mail. In reality, e-mail travels between computers pretty much like a postcard travels through the post. It can be intercepted and read by parties you're unaware of along the way (unless you're using some form of e-mail encryption that not many people bother with). Sending your details by e-mail also means that an electronic copy of those details is on your machine, and is probably saved on someone else's as well. This means that if your computer (or theirs) is hacked or stolen, someone else may be able to retrieve the details and put them to nefarious use. Some people recommend sending credit card details broken up into two or more separate e-mails. This might reduce the risk a little, but not much more than doing the same thing with two or more postcards through the post.

Lastly, in a worst case scenario, if someone does manage to get your credit card details and use them for their own ends, you're not likely to be liable for the debt anyway. I spoke with someone at ANZ Credit Cards in New Zealand who informed me that Internet vendors are required to verify you are who you say you are before they accept a credit card purchase. If you can make a good case that it was not you that made the purchases, and the vendors didn't attempt to verify your authenticity, then the credit card companies will pursue the debt with the vendor and not with you.   Please be aware that I write this on the basis of one telephone conversation with one ANZ employee. You are advised to check this sort of policy yourself with the bank or lending institution through which you have your credit card.

Credit card companies are aware that many people remain reluctant to use their cards online. Of course they want you to use your card as often as possible, so initiatives are currently underway by the major companies to address people's security concerns. Visa are developing a procedure called "Verified by Visa" that will be based on a secret password that only you know and that can be transmitted to the vendor without him learning it. Mastercard are working on their own security technique called S.E.T. (Secure Electronic Transaction) that will use further encryption to make things at least appear more secure to the public. You can read about these initiatives on the respective websites http://www.visa-asia.com/verified/index.shtml and http://www.mastercard.com/nz/shoponline/set/index.html.

Then There's Always PayPal

Paypal is a reasonably neat little service that allows you to pay individuals (who wouldn't normally accept credit cards) and some businesses, using your credit card and without sending any details to anyone at all (except once to PayPal, of course). You pay PayPal instead, who then pay the person on your behalf. You can receive money from people in the same way. You provide PayPal with your credit card and your cheque account details. If you pay someone, PayPal debits your card and pays into the other person's cheque account. If your receiving money, PayPal debits their card and forwards the money to you. You can leave your balance at PayPal and use it to pay others, or you can choose to have your balance paid out into your cheque account (for a small fee). It's a great and reliable service used by many people on the Internet. It is very well known and widely accepted, and loved by online Auction enthusiasts who often buy from individuals overseas.

It's free to register with Paypal (www.paypal.com).

It's an Online World

The thing is, E-commerce (commerce over the Internet) is rapidly becoming a way of life. It's getting easier and safer to purchase online, and it is just so darn convenient. Many so-called Net experts go so far as to say that within 10 years we'll be buying just about all our groceries online and having them delivered because it will be cheaper for supermarkets to do it this way than to hire uniformed checkout staff and maintain enticing storefronts. More and more people are using sites like Ebay (www.ebay.com) to shop for birthday presents or to further their hobbies. It's often cheaper to buy books or music overseas (where you're more likely to find what you really want) and have them shipped here than to buy the same items at a downtown store. 

The web doesn't just bring us information. It brings us wider choice, enhanced opportunity and convenience. If you're still uncomfortable using your credit card online, then don't, but it would be a shame for you to miss out on all that choice and convenience unnecessarily due to mistaken fears.