 
 
 
|
A brief discussion on
credit card security on the Web
Many people are concerned about putting their credit card number on an order form on the Internet. Rightly so. Anytime someone doesn't understand what's going on "in the back room" they should worry. So, let me explain what goes on in the back room. First, if you're thinking about putting your credit card number in a site's order form, look around on the page. Somewhere (usually near the bottom of the page) you should see a symbol that looks like one of the SECURE images below. Those symbols mean you're on a secure commerce server. If you DON'T see one of the secure images below, DO NOT enter your credit card number. If you see any of the symbols labeled un-secure below, you're on an un-secure server and almost anyone (with the right tools and a lot of initiative) could look at your credit card number.
|
So, what's a secure server? It's just like an ordinary web site server that uses data encryption (coding). Most secure servers in the United States use 128 bit encryption (that means it's put into a coded message that the recipient must decode with the same 128 bit key). That may not sound so secure, but think of it this way....128 bit encryption is a tougher coding scheme than that found on bank ATM machines. 128-bit encryption is classified by the United States as a munition. It's so good, that its export is prohibited. If you're outside the U.S. or Canada, the best encryption you can buy commercially right now is 40-bit. Even that's still tough, but nowhere near as secure as 128-bit encryption. It would literally take years to break the code using high speed computers and trying all the possible code combinations. Why? Well, 128-bit encoding means that there are 340,280,000,000,000,000,000,000,000,000,000,000,000 possible keys to choose from.
Okay, so now you've decided to put your number into an order form. What happens next? Well, the card number goes to our bank where we have our merchant account. If the transaction is approved for your card, we never see your card number. The only thing we get from the bank is a statement showing the transfer of funds from your credit card company to our bank account.
Is that ALWAYS the way it works? No, it's not. Sometimes (very rarely) a credit card will trigger an alert (one example of this is if the card has been used VERY OFTEN over a short period of time). This is a service that the credit card company provides for YOUR protection against card theft. If the alert is triggered, as a merchant we'll get a notice of the alert which means we have to call you on the phone to verify your order. If we don't, the charge won't be made to our account.
Now, let's put security in perspective. Which is safer, handing your card to a waiter in a restaurant who then takes your card out of your sight to the back room for processing, or using a secure 128-bit encrypted commerce server? That one's easy. Anytime your card is out of your sight you're at substantially greater risk. What's to keep that same person (just an example waiters, don't be offended) from jotting down your card number and then using it to make phone orders? Nothing at all.
Okay, so maybe you go to that restaurant often and know everyone there. Do you know the telemarketer that you just gave your credit card number to for some new computer memory over the phone? Or that sales rep that you just gave your credit card number to for that new shirt or dress? Probably not. So, you've just given your credit card to a complete stranger in a different city. At least with a 128-bit encrypted server the potential criminal will have to work hard, very hard, to break the code and get your card number.
If you're still not convinced I can't imagine anything else I could tell you that would convince you. And for those of you who remain skeptical, we have phone and fax ordering to fill your needs. Our toll free phone number is 877-359-7375, and our fax number is 801-359-7376. I hope this information has been helpful.
Tim Bergquist
President, International Chocolate Company
|
|
