internet privacy
privacyfinancial privacyfree emailencrypted email
internet privacy
internet browsing risks
email privacy risks
private browsing
shopping privacy
identity theft risks
child privacy
medical privacy
financial privacy risks
password privacy
safe web shopping
privacy cookies
privacy policies
chat room privacy
private email
web browsing safeguards
PC privacy
business privacy help
privacy resources
privacy publications
privacy organizations

Online Shopping Insecurity
Keep your cards close to the vest

Have you ever bought something online with your credit card? If so, then you probably remember that creepy suspicion that raises the little hairs on your neck just before you hit the “submit” button. Is this really secure?

Credit Card Sharks
 The security of using credit cards online is an open question. In the past year, hackers raided more than one million credit card accounts from a variety of e-commerce Web sites, and they circulated illicit information from tens of thousands more accounts to fellow thieves on the Web. The stories are incredible:

•  Two 18-year-old boys in Wales were arrested after allegedly stealing and distributing 26,000 credit card files from 5 different sites. Estimated losses: $3 million.

•  Hackers breached CDUniverse.com and pillaged 380,000 accounts. Credit card holders-including the writer of this story-received frantic letters that the accounts had been canceled and new cards issued.

•  An intruder invaded more than 485,000 credit cards and secretly stored the massive database on a U.S. government agency's Web site. While the credit card companies notified financial institutions, the customers were never informed. Many compromised accounts remain open to this day.

Security...What security?!
 If dedicated hackers don’t grab your credit card number, poor security measures at merchant Web sites could still expose your information for all the online world to see. 

Just out of idle curiosity, a shopper at Outpost.com decided to see what would happen if he changed one digit in his order number. What happened was he gained access to another customer’s record, including email address, billing address, shipping address, type of credit card and order history. Outpost fixed the glitch. 

NFO Interactive found that three-fourths of consumers who browse but don't buy online blame privacy fears. Any why not? Thieves flock to large credit card databases like bears to a honeycomb, and they can use the Web to share thousands of stolen numbers with all ne’er-do-well friends.

Secret Swaps
Have you ever returned to a Web site where you previously registered and found yourself greeted by name? Has the site gone on to suggest products that match your interests to a tee? That’s the result of those little cookies etailers place on your hard drive to track your surfing trail and shopping preferences. These features make your online experience convenient and personalized, but they can also put your privacy at risk.  

Virtually all top online retailers store your identification, shipping address and credit card numbers so you won’t have to re-key it every time. And many merchants ask for additional information so they can customize your shopping experience-and sell you more. The result is, your favorite online merchants collect a lot of information about you that’s worth money to other marketers. And sometimes your private information changes hands.  

While online retailers tout personal service, privacy experts worry about intrusion into people’s lives. So do consumers. A 1999 survey by Jupiter Communications found that nearly two-thirds of consumers worry about merchants selling their information. Once third parties get your number, they can clog up your email, fax and telephone line with unwanted sales pitches. Who needs it?

Your information may be misused in other ways. According to a recent survey conducted for the Electronic Privacy Information Center, a third of top online merchants use information they collect-without your knowledge-to serve up profile-based advertising. DoubleClick seriously stumbled when they tried some new wizard tricks with consumer data. 

DoubleClick uses cookies to track consumer surfing and shopping habits via 5 billion banner ads which they display weekly on a multitude of Web sites. Their subsidiary, Abacus Direct, keeps tabs on 88 million offline consumer records with 2 billion transactions every week. When DoubleClick planned to combine the two sets of data, they landed themselves in a federal investigation. DoubleClick's privacy policy says that it does indeed merge this data, but that all sites posting DoubleClick ads or working with Abacus Direct must give notice to their customers and also give them the opportunity to opt-out from having their information shared. 

They’re not the only ones capable of linking Web and offline information. According to a PC Computing magazine article, KnowledgeBase Marketing claims to own detailed profiles of more than 200 million Americans, including date of birth and income.

Pointers for Safer Web Shopping  
Steps to keep your credit card info secure

The boom in online shopping has created a rich target for would-be thieves. Secure Socket Layer (SSL) technology has made it difficult at best for your credit card numbers to be stolen and decoded while traveling across the ‘Net. However, retailer databases have proven to be much easier targets. That's because far too few Web merchants encrypt your credit card information for storage in secure databases.

Credit card thieves target databases because that’s where the money is…in the form of hundreds of thousands of account numbers, names and addresses.  Here's what you should do to shop more securely:

  • Do business only with companies you have reason to trust. Look for a security seal, such as VeriSign’s “Secure Site” seal, indicating the site uses secure servers to process transactions. The lack of a secure site seal doesn’t necessarily mean a site isn’t safe. Still, it pays to be sure.

  • Don’t submit your credit card number to any site that doesn’t post a privacy policy. We suggest you take the time to read the privacy policy of any site where you intend to make an online purchase. If a site’s privacy policy allows them to share your personal information with third parties, your private information could rapidly become accessible and vulnerable.

  • Check to see that you are on a secure encrypted page before entering and submitting your credit card number on any site. On Netscape’s browsers, check for a key or lock in the lower left corner of the browser. On Internet Explorer, the lock symbol is in the center of the bottom edge of the browser.

  • Do not disable the secure-page warning feature of your browser. These warnings pop up whenever you enter or leave a secure area.

  • Do not pay by credit card at a site that doesn’t display the lock symbol at the bottom of your browser when it serves up the transaction page. If the site is not secured, pay by phone or snail mail. Or, don't purchase. Period.  

  • Use the security button on your Netscape browser to check the security and identity of any page you feel may be non-secure. When using Internet Explorer, you can double click on the lock icon at the bottom of the screen for information about the site as well as its digital credentials.

  • Be wary of allowing a Web store to retain your credit card account number in a database of shopper profiles to simplify future purchasing. Although this allows you to make future purchases with just one or two clicks of the mouse, the downside is your credit card number is stored in a database with thousands of others, a tempting target for hackers. You may wish to trust a few well known online retailers, but be warned: the more sites that store your credit card information, the more times your account number is vulnerable.

  • If you choose to shop at sites that store your credit card number, we suggest you use a single credit card for all online shopping. Although Visa recently announced it would waive the customary $50 deductible for fraudulent purchases made online, it would still be easier to clean up one account than several.

  • Web merchants are not allowed to charge your credit card for goods until they are either shipped or delivered. Your credit card information will be stored temporarily until shipment or delivery has taken place. Be sure it is stored in an encrypted format on a secure server.

  • Be aware that your browser’s cookie files may also store your credit card number – although no trustworthy Web site operator would handle information in that way. If you find a cookie file storing your credit card number, stop shopping at that site, and complain loudly to them.

  • Do not press the button to submit payment before the site has given you a final price including shipping, tax and any fees.

  • Be aware that if a Web store promises you a delivery date, they are required by federal law to make delivery on time…or within 30 days of your order, if they don’t specify a delivery date.

  • If you access the Web through an Internet Service Provider that automatically bills your credit card each month, ask your ISP for specifics on how they store and protect your credit card number. If you don’t get a good answer, you might consider switching to a new ISP.

None of these very real risks mean you should give up the convenience of shopping online. Just learn how to shop safe.


PRIVACY POLICY | SITE MAP
 ©2005 Copyright PerfectlyPrivate, Inc. All Rights Reserved