Internet Outlook with Richard Wiggins | 47

Credit Cards on the Internet

Please Swipe My Credit Card

A lot of folks who wouldn't have thought twice about buying from that artist would fret a great deal before conducting a credit card transaction via the Net. They fear that someone might be snooping on the transaction, either at their local connection point, or at an ISP somewhere between them and the company they are doing business with. Is this rational?

The simple answer is: it depends. If you are using a halfway recent version of Netscape Navigator or Microsoft Internet Explorer, and if the company you are doing business with is halfway competent, then you're probably connecting to the server in a secure fashion. Netscape always shows an icon at the bottom of the screen to let you know whether your communications are secured or not. If the key is broken, you're connecting to a non-secure server.

Over a secure connection, all the data you send to the server will be encrypted before it leaves your PC. If someone were electronically listening into the transaction, then all they'd see is gibberish. The encryption schemes in use today aren't uncrackable -- bright graduate students in computer science have broken Netscape's security more than once -- but it's pretty darn hard for most folks to crack the codes.

Many people, aware that the Internet is a network of networks, fear that one of the relay points between you and the company you are doing business with, might be tapping into the conversation. This is very unlikely. The cross-country links your data traverses are generally operated by large telephone companies. MCI, Sprint and the like are too busy moving the bits to sample your data. Besides, if you believe that the phone companies are tapping Internet links, you're probably paranoid enough to believe they're tapping your old fashioned phone calls -- so you'd better not give out that credit card number at all.

Rather than worrying about the long-haul links, consider the starting point. If you enter your credit card number over a connection from school or from work, you're probably connected over a shared Ethernet link. It's relatively easy for a cracker to install "sniffer" software that watches your TCP packets for passwords and credit card numbers. With a secure connection, you can rest easy that the cracker won't gain the number.