Press Room

Online Shopping – A Security Risk?

I saw this really great bargain online and I want to buy it. The problem is that I'm not so sure I should be giving my credit card information over the Internet. Won't someone steal it?

Candice St. A., Aylmer PQ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Dear Candice,

Purchasing goods and services over the Internet is becoming more and more common. From Statistics Canada: "Canadians more than doubled their purchases of goods and services on-line from home in 2000, according to the second annual snapshot of household electronic commerce activity from the Household Internet Use Survey." Here at the Federation, an online "store" is in the works so that people who are interested in our publications and services can purchase them online. Businesses everywhere are moving towards putting their wares on the Internet. Soon, it will be as common as using your debit card to make purchases.

"But what about safety?" you ask.

Did you know that with the proper levels of security encryption you are far less at risk of being ripped off by giving your credit card over the Internet than you are handing it to a waiter or store clerk that swipes your card out of your sight? It's true. Levels of credit card fraud are growing by the day and we, as consumers, need to protect ourselves.

"With all the ‘hackers’ out there, how can it be safer to perform banking, investing and purchasing online?" As I mentioned earlier, encryption is the key.

Encryption is defined as "a method of encoding data for security purposes". There are two types of encryption: 40 bit and 128 bit. The difference between the two is that 40-bit encryption, out of the billions of possible keys to decipher the coded information, only one of them works. Someone intercepting the information would have to find the right key – a nearly impossible task. With 128-bit encryption, there are 300 billion-trillion times as many keys as with 40-bit encryption. It is virtually impossible for an unauthorized party to find the right key, even if they are equipped with the best computers.

To check a site's security status, look at the site's URL in your browser window. An "s" added to the familiar "http" (to make "https") indicates that a secure, encrypted connection is in effect. With Netscape Navigator 3.0 and earlier, the broken key symbol in the lower-left corner of your browser window becomes solid when you are in secure mode. In Netscape Communicator 4.0 and 4.5, the padlock symbol in the corner, usually open, is closed in secure mode. In Internet Explorer 4.0 and higher, a closed padlock appears when you are in secure mode.

Does this mean you can give your credit card number to anyone on the web and feel totally secure? In short, no. There are some guidelines to follow when conducting e-commerce on the Internet.
. Be as careful with giving your credit card number online as you would in any other situation.
. Be concerned with authenticity of business. Some businesses change one letter in the URL of a reputable company's address to disguise themselves as that company. Deal with familiar companies.
. Never disclose your PIN [personal identification number] to anyone, including people who claim to be from your bank or the police, and never send it over the Internet under any circumstances.
. Keep a record of every transaction you do. That is your paper trail in case a purchase is in question.
Ensure that the merchant you are dealing with has a street address and a non-mobile telephone number instead of just an e-mail address and a post office box.
. Only give your credit card information out over a secure connection, never over e-mail.
. Check the terms and conditions of the purchase so you are not hit with charges that are buried in the fine print of the agreement.
. Be extra careful with passwords and ID's. Choose a password and ID that only you will know. Don't use familiar things like your birthday, your children's names or a street address. Often these are the very first things that someone who is out to do you harm will think to try.
. If during a transaction the business asks for your SIN number, driver's license number, bank card number, your mother's maiden name or any other information of that nature, don't do business with them. Giving away that information is a definite security risk!
. Trust your instincts. If an offer sounds too good to be true, it generally is. If it doesn't feel right, don't do it.

There is a lot more I could add, but I hope this helped to answer your question. If you have any more, don't hesitate to e-mail me at awilson@cccf-fcsge.ca.

Happy shopping!
Ali

Alison Wilson is administrative assistant at the CCCF.