How to Ensure your online Transactions are Secure

Dennis Faas's picture

Infopackets Reader Jack J. writes:

" Dear Dennis,

I have a question that has been bothering me for some time. I appreciate the professional advice you give in your newsletters to other Readers, and would be very thankful if you could please set me straight on my problem.

My dilemma has to do with Secure web sites. Occasionally, I will buy a product online -- meaning that my web browser often redirected to a secure web page, where I can complete my transaction online with my credit card. I have been told by friends that providing my credit card information is 100% secure, and that I should not worry about hackers getting my personal information, as long as the website is an 'shtml' site or labeled a 'secure' site. At the same time, however, I read about 'key logger' programs that can record every keystroke [including my credit card number] and record it to my hard drive.

If it is true that all my keystrokes can be recorded? It would then seem logical that a hacker can get my credit information by scanning my computer for this information. Am I correct in this assumption? "

My response:

There are a few things to note about your comments before I can answer your question:

  1. A secure site does not necessarily end in a ".shtml" extension (example: http://abc.com/ef.shtml). A secure site, in fact, usually begins with the prefix https (notice the S -- example: https://abc.com). If a web site is secure, a little "lock box" should display somewhere on your web browser. For Internet Explorer, the lock is located on the bottom right of the screen -- but only if you have the "status bar" turned on (View -> Status Bar). For Mozilla FireFox, the web address background color at the top of the page changes to a different color, and a little lock appears next to the URL [web address].
     
  2. Having said that: even if a site shows the lock box, it may not be certified as secure. Security certificate information is available by double-clicking on the lock box in Internet Explorer. If a web site is not 100% certified, the web browser will warn you with a message stating that the transmission is secure, but is not certified.
     
  3. Even if a web site is secure and it has been certified, it is still possible that a key logger [if installed on your system] has the ability to record credit card and personal information. This information does not necessarily have to be stored on your system, as it can be relayed to a third-party connected to the Internet (it all depends on the nature of the key logger).
     
  4. Even if your system was up to date, the web site you were visiting was secure and certified, and there was no key logger installed, it is still possible [although unlikely] that someone could sniff your Internet transmissions if you own a wireless Internet connection and it is not secured properly.

In order best protect yourself and to be relatively secure, you should:

  • Ensure that your Operating System is up to date by visiting the Windows Update web site on a regular basis.
     
  • Ensure you have the latest web browser installed. Internet Explorer 6 comes standard with 128-bit encryption for secure transactions. Even if you don't use Internet Explorer (IE), download the latest version anyway, because IE is a core component of the Windows Operating System and needs to be up-to-date.
     
  • If you use a wireless router with your Internet connection, ensure that you are operating on a secure network and that it is not open to the public.
     
  • Always scan your system regularly for Spyware [key loggers]. I personally use Spy Sweeper on my own system, although Spyware Doctor by PC Tools is just as good. Both Spyware removal utilities are paid subscription models, and offer many more benefits compared to other freeware anti-Spyware solutions. Having said that, many users have told me that they use the paid subscription Spyware removal utilities in tandem with freeware models for redundancy.
  • For further information:

    Spy Sweeper Review

    Spyware Doctor 3.2 Review

    Spyware / Anti-virus redundancy info:

    Use more than one Spyware / Virus Scanner at the same time?

    Securing a wireless Internet connection (Windows XP):

    A Digital Lifestyle to Securing Windows XP

    PC and Internet Security (for Windows 95, 98, NT, 2000, and XP):

    Dennis' Internet and PC Security Guide

    Rate this article: 
    No votes yet