Idaho Statesman 04/27/02 Life-1A
By Kim Komando
(Komando hosts a national radio show about computers and the Internet)
Gannett News Service

Do you buy things on the Internet? When you do, do you worry about your credit card information being intercepted and stolen?

That's a common and baseless fear. According to security experts there has never been a recorded instance of credit card information being stolen while in transit on the Internet.

The key is the way Internet information is transmitted.

When data is sent over the Internet, it is broken into pieces. These are called packets, and they hold small bits of information. The packets are coded, so that when they arrive at their destination, a computer reassembles them.

While in transit, the packets join billions of other packets being transmitted over the Internet. A thief would have to be very good to intercept the correct packets and reassemble them.

Further more, the information included in the packets in not easily readable. They are transmitted under the Secure Sockets Layer (SSL) protocol, which includes strong encryption. Without going into the details, I can assure you that breaking that encryption would be a major league chore.

Even if your credit card num was stolen, your liability is minimal. Under the Fair Credit Reporting Act, your legal liability is $50.00 for any theft.


DATABASE DANGERS There is fraud on the Internet, of course. In at least two cases, hacker stole thousands of credit card numbers from databases. There is no way to protect yourself from that. If you use a credit card, you are probably in many databases, even if you have never used the Internet.

The Merchants and backs with whom you deal maintain those databases. If they do not protect their databases, they could be invaded. You could only guard against this by destroying credit cards.

From the consumer's standpoint, credit cards are probably the best way to shop on the Internet. If the goods are not as advertised, or are otherwise unacceptable, payment can be stopped. But you want to avoid using a debit card on the Internet. Those payments are deducted immediately from you bank account.

In the past few years, single-used credit cards have appeared. The big push for this system came from American Express and Discover. Users apply fro a one-time credit card number each time they make a purchase. That way, their permanent card number never appears online.

It probably offers some safeguards against fraud, but it requires the consumer to go through extra steps. Consumers who are savvy enough to use a single-usage number probably also know that their liability is virtually zero [no matter what card they use].


SOME OF THE SOLUTIONS Those problems will have to be addressed, though. Otherwise, the Internet shipping experience will never reach its full potential. Visa and MasterCard are promoting authentication systems that they believe will reduce the fraud problem. Visa calls its system Verified by Visa; MasterCard's is Secure Payment Application.

The two systems are similar for the cardholder, but operate differently on the back end. Using Visa, the consumer first fills out an order form on the merchant's site. The consumer is asked fro a password. If that is entered properly, the order goes through.

MasterCard's system downloads a small program to the cardholder, who sets it up with a password. Then the cardholder makes a purchase, the program sends the purchase information to the card issuer's computer. That computer asks for a password. The cardholder enters the passwords and the purchase is approved.

Visa rolled out its system in December. MasterCard is scheduled to introduce its system this month, although the merchant liability limit won't come until November.