|
Overview: Security on the Internet
The Internet works by sending information from computer to computer until the information reaches its destination. When data is sent from point A to point B, every computer in between has an opportunity to look at what's being sent. This can pose a security problem. For example, you are viewing a clothing catalog on the World Wide Web and you decide to buy a shirt. This requires that you type information into an order form, including
your credit-card number. You know the clothing company in question is reputable, so you type your credit-card number and other information, and then send the completed form. Your information passes from computer to computer on its way to the clothing company. Unfortunately, one of the computers in between has been infiltrated by criminals who watch the data passing through that computer until they see something interesting, such as your credit-card number.
How often does something like this happen? It's hard to say, but the important thing is that it's technically possible. And, as the Internet grows, it could happen more and more.
How does Microsoft Internet Explorer or Netscape help protect you and your data?
Many Internet sites are equipped to prevent unauthorized people from seeing the data sent to or from those sites. These are called "secure" sites like Wealthwood. Because Internet Explorer and Netscape support the security protocols used by secure sites, you can send information to a secure site with safety and confidence. (When you are viewing a page from a secure site, Internet Explorer and Netscape display a "lock" icon on the status bar.)
Internet Explorer and Netscape can also notify you when you are about to do something that might pose a security risk. For example, if you are about to send your credit-card number to a non-secure site, Internet Explorer and Netscape can warn you that the site is not secure. If the site claims to be secure but its security credentials are suspect, Internet Explorer and Netscape can warn you that the site might have been tampered with or might be misrepresenting itself.
When to be concerned:
There are two steps to understand using Netscape and Explorer when dealing with security.
First is a warning message about sending information over the internet. You may get a warning message (depending on how Explorer or Netscape is set up) whenever you enter information going to another site. An example is entering personalization information in our shopping cart system. As long as you are not concerned about what you are entering or sending, you do not need to worry (i.e.
Entering size, color, personalization information). If someone sees it, who cares!
Second is when you are ready to provide your name, address, telephone, credit card number, etc. NEVER GIVE OUT THIS TYPE OF INFORMATION WITHOUT SEEING A "SECURE KEY" ON THE TOP OF THE SCREEN. Our shopping cart does not go into secure mode until we are ready to collect your personal information (i.e. Name, Address, CC info) in the final stages of the ordering procedure, so you can go in and out all
you want until you are ready to provide your credit card information, etc.
General Credit Card Security Information
You should be concerned with security when shopping on the Internet. However, there is much misinformation about risks when you use your credit card. On this page will give your a brief discussion of some of the concerns and risks of using a credit card for shopping.
A Typical In-Store Credit Card Transaction
Your card is presented to a cashier at a checkout area of the store. The cashier either uses electronic approval and prints a receipt, or the card is imprinted on a receipt. After the signature is in place the merchant copy is placed safely in the cash register. The card is in plain sight the entire time and there is a risk that the number or card being stolen by the clerk reprinting the receipt after you leave the store, or may have embossed two receipts simultaneously, or may even
make a handwritten copy of the receipt from the store copy. Your card number can easily fall into the hands of a dishonest employee. This a not a secure transaction but we are used to it, and accustomed to the risk, if we even think of it.
A Typical Restaurant Credit Card Transaction
A Restaurant is probably one of the riskiest places to use a credit card, yet we do it all the time. The server drops the check on our table and we put our credit card on the little tray and wait for the server to take it away. Where do they take it, what do they do with it? They come back with it a few minutes later with a receipt which we sign and leave on the table. Who could pick the receipt up after we leave? This transaction is incredibly risky and insecure, but we are used to
it.
A Telephone Order
Two major risks, there is nothing preventing the telephone agent from writing down the credit card number and others in the company typically have access to customer and credit information. Again, we are used to it.
An Unsecured Internet Transaction
Don't do it! When you send your card number over the Internet, you have no way of knowing if the merchant is really a merchant, and anyone in the world could be listening in and picking off your card number. Then the number is stored on a server until it is sent to the merchant via e-mail or ftp. Again, anyone could be listening, or someone could break into the server and steal all of the numbers that are just sitting there like fruit to be picked. Even with all of these risks, the Internet
is so huge, that the chance of someone actually getting your credit card number are pretty small.
A Partially Secure Internet Transaction
The interaction between you and the typical shopping cart is done using a Secure Socket Layer (SSL), which means the information is encoded. This gets your information safely to the store's web site. However, getting the information from the stores web site to their office for processing may not be secure. If the information is saved on the site in a file at the web site, there is a risk that someone could break the password scheme and get the credit card information. If the information
is sent via e-mail without using SSL, there is a risk of someone getting the information. This looks good while you are placing your order but it has greater risks.
A Secure Internet Transaction
The interaction between you and the typical shopping cart is done using a Secure Socket Layer, which means the information is encoded. This gets your information safely to the store's web site. Getting the information from the stores web site to their office for processing may or may not be secure. If the information is saved on the site in a file, there is a risk that someone could break the password scheme and get the credit card information. If the information is sent via e-mail using
SSL, the risk is low. The other major alternative is to split up the credit card information into two separate transmissions from the web site to the stores office for processing so it is difficult to put the two parts together. Therefore, this transaction is more secure than any other transaction commonly in use today.
Summary
Is it possible to do credit card transactions with an acceptable amount of risk? Yes. Here at Wealthwood Gifts Inc, we use the Secure Socket Layer to capture the credit card information, split the credit card number and expiration date into two separate pieces of information and send them separately to our offices. This provides a very secure way of handling your credit information.
In addition, since we are a smaller organization, we do not have the problem of many people having access to our data files (Two persons at the present time). Both of us have extensive experience in the mail order business and have both had to deal with credit in a large mail order company. We fully understand the risks and your concerns. We will not violate your trust and we will take every effort to provide you a safe
and secure shopping environment. Please
e-mail us or call us at 218 678 3831 if you have any questions or concerns. Thank you.
Ken Johnson
Helpful Links:
The best way to avoid problems is being informed. Here are some links to help you be more informed about fraud on the Internet.
Better Business Bureau On Line
Federal Trade Commission
National Fraud Information Center
Wealthwood Gifts Inc
38809 240th Street
Aitkin MN 56431
(218) 678-3831
All rights reserved. The pages and images on this web site are the property of Wealthwood Gifts Inc.
Page last updated 01/06/2008.
|
