Tech Cro-magnon man

[23jayhawk]

Can someone who is reasonably knowledgeable about e-commerce tell me if there are any real security concerns?

This came up as I was about to subscribe to DRN, and realized that Paypal is how you pay. I've never used Paypal and am kind of leery about giving them my CC number.

gnarlykaw tried to explain to me that there is no real risk, and if something does happen it's not hard to get it reversed. I just would like to know how companies like Paypal secure your account info.

 

[Hucker]

When you see a website that start with "https://" that means its running a secured server(SSL). Basically it means that both you and the website have a data encryption key that encodes data sent from your brower to their webserver. In order to descramble the info the webserver HAS to have that encryption key. If it doesn't the data is worthless. So, if for some chance, during the transfer of say your Visa #, or your banking info someone gets a hold of it, all it will look like this this..

#$%#$%(#$%*#$%&#$%&^@#^$^#@$

And without that encryption key, the data is unusable. The only 2 parties that have that key are you and the company you are dealing with. So its honestly nothing to worry about. Paypal is linked with a credit card (mine is anyhow) and I can always dispute card charges, so really don't worry about it...

 

[biglou]

I did some reading on encrypting in Popular Mechanics last month. It made my brain hurt. That's how I'm reasonably sure that it's safe! It echoed everything Hucker stated above. That there is some rotating, key using prime numbers, blah-blah-blah...

Also, you'll notice a little gold padlock in the lower right of your IE screen when you are on a secure site. I was leary at first, also. But I figured, hey, everyone else is doing it, so it must be cool, I mean, safe! :)

 

[Tony Eeds]

I don't know a lot about the programming side, but I have been purchasing online for 5 years and a member of PayPal for at least 3, if not 4 years.  I bacame a verifies member where they use my checking account like a debit card does.

I don't worry about it although I do keep an efile of all transactions and match them to my accounts every month.

The cool part is, I am almost finished with Christmas, and I have not been to one store.  :yeehaw:  Everything I have purchased so far is on line.

Tony

 

[Smit-Dog]

It is extremely rare that a secure transaction becomes compromised due to the technology, assuming that the appropriate encryption protocols are implemented, and implemented correctly.

1) Like others mentioned, whenever you are submitting sensitive data over the internet, make sure the URL begins with "HTTPS://", and you see the little padlock icon in the lower right corner of IE (assuming that like 95% of us, you're using IE).

2) Always keep up with the latest security patches for your operating system and browser/email applications.

3) Some of the due diligence relys on the consumer. I have no problem submitting credit card information to Amazon.com, but would never do it with "Billy-Bob's Electronics 'R' Us". It's funny, some people are paranoid about entering CC numbers in Amazon.com, but have no problem handing over their card to the minimum wage 19 year old high school dropout at the local WallyMart. My wife's CC # was stolen just this way.

4) Most credit card info that is stolen off of a server is because the security of the server data and/or box has been compromised. The web site operator has not applied all the latest security patches, has not locked down services/settings appropriately, is storing CC numbers in text files instead of a password-protected and encrypted database. In fact, CC numbers should never even be stored on a web server. They should be stored on a seperate box behind the firewall. Is the database server secure itself? What personal have authorized clearance, IDs, and passwords to physically access the data or the box? Is it in a locked room? Can a janitor grab a backup tape sitting next to the server? I've worked with companies that spend $20,000 on security hardware/software/consulting/development, but leave backup tapes laying all over the place.

So in the end, it is human error and oversight that causes the most breaches in CC transactions, not the technology. Be selective with the e-commerce sites you choose to do CC business with. Reputable ones likes Amazon and PayPal will most likely have invested heavily in putting the appropriate technology in place to guard your sensitive data.

 

[XRpredator]

23jayhawk, take it from a Neanderthal:

Me not know much about picture places on screen of magic box, but me have traded paper for much stuff and have had no worries.  Me even use'm Paypal system when it am needed.

Maybe it help that me wife keep little plastic devil-cards empty of paper money that can be spent on stuff found on magic box. :debil:

 

[23jayhawk]

Thanks for the overview of how it works. Not surprisingly, pretty much over my head. With the encryption key, I guess it would require a hacker to get into both boxes simultaneously to intercept & decode the transaction, which doesn't sound too likely. As far as losing card numbers & authorizations, yeah, that can happen at my local Wal Mart.

Before you know it, I'll be buying my next bike on Eb**. :)

 

[Okiewan]

I guess it would require a hacker to get into both boxes simultaneously to intercept & decode the transaction

That can't happen either as part of the whole scheme is ip based ... not only does the key have to match, but also the host/client IP's.

Smit-Dog makes the ultimate point ... you are WAY MORE exposed to cc fraud doing what you consider to be "normal" transactions. Everyone that uses QVC (or any other shopping channel) seem so secure? PLEASE! SSL encrypted transactions are as secure as ANY transaction can get. Period.

 

[GETMETOCA]

Good topic, thanks for the info.

 

[plykins]

Been using PayPal for about 3 years now( mostly for e-Bay stuff) & have had no problems at all. Using the electronic transfers & saving the cc fee.You did hear e-Bay bought PayPal? :thumb:

 

[Jon K.]

Pay-pal wants me to "get verified". To get a bigger spending limit. OK, but they want my bank account #. Now why in blue blazes do they want my bank info?; as I pay them with a credit card!!!

 

[Jon K.]

(BUMP!!) I would really like an answer to the above question. Anybody? Thank you.

 

[Smit-Dog]

From the PayPal site:

What it Means to be Verified

To become Verified, a PayPal member must provide us with proof that he or she has opened an account at a bank or other financial institution. Because these institutions are required by law to screen account holders, PayPal's verification process increases security when you pay parties you do not know. Please note that PayPal's verification system does not constitute an endorsement of a member, nor a guarantee of a member's business practices. You should always consider other indicators when evaluating members, including length of PayPal membership and reputation scores (on eBay or other auction sites, if applicable).

I'm verified on PayPal. It's just another step to weed out people using fraudulent credit cards. It's not foolproof, but does help others involved in transactions with you that you are who you say you are.

 

[Rooster]

They use your bank account to verify your account. They will make a small deposit or two, you verify the amount. It's all on the up. My account hasn't ever been accessed by them other than for that deposit.

 

[Jon K.]

Ah; fraudulent credit cards. Makes some sense. Thanx!