Since the inception of e-commerce about 15 years ago, there have been many myths regarding its safety. Online shopping and banking are extremely useful, particularly when you live in a remote location. But, how safe is it?
The short answer is that there are some risks. However, these are smaller than many people think.
For example, many worry about sending their credit card number through the Internet. However, these transactions are encrypted using what is called public key encryption.
This works on the following principle: there are two large numbers (128 digits long) used for math calculations that change the information into undecipherable text and then convert it back to readable format. The undecipherable text is your private key.
When you log into your shopping or bank site, you exchange public keys with the server. Information sent to the server is encrypted using their public key. Information sent back to you in encrypted using your public key. But because the private key is required to read the information, such transactions are incredibly safe. The possibility that your credit card information can be intercepted and decrypted is minimal.
The browser you use will provide a display indicating that it is a secure transaction. The easiest thing to do is check the address box to see that the address is the site you believe it is and https:// should be the first part of the address.
The biggest risk lies in what the server does with your credit card information after the transaction. Many do not store credit card numbers, but those that do create some risk. The largest thefts of credit card numbers have come from criminals hacking the online merchants and stealing credit card numbers from them.
Many sites allow you to create a profile and save your credit card information for later transactions. This is not a wise practice. The extra work of entering your card number on a repeat visit is little price to pay for the additional security.
Review your monthly card statements. If a transaction looks odd, contact your bank.
The agreements you have will vary with the type of credit card and bank, but most will not hold you responsible if you can show that you did not make the purchase and that you did not give away your card information and PIN (in the case of chip cards) to anyone unauthorized.
Since most fraudulent sales happen away from the city where you live, proving that they were not your purchase is often easy. It is, however, an inconvenient process and you should check your cardholder agreement to determine the exact rules for your bank and card.
Interestingly, people tend to trust debit cards more than credit cards. However, there are far more cases of fraudulent use of debit cards.
Online banking and shopping provide great convenience, but a little caution provides some added security to this convenience.
Doug Rutherford teaches computer networking and security for Yukon College and three post-secondary educational institutions in British Columbia.