Do you buy things on the Internet? When you do, do you worry
about your credit card information being intercepted and
stolen?
You're not the only one. That's a common fear among
consumers.
And a baseless one. According to security experts, there has
never been a recorded instance of credit card information
being stolen while in transit on the Internet.
In fact, you're at greater risk when using the card in a
retail
store. Why? The way Internet information is transmitted.
When data is sent over the Internet, it is broken into
pieces.
These are called packets, and they hold small bits of
information. The packets are coded, so that when they arrive
at their destination, a computer reassembles them.
While in transit, the packets join billions of other packets
being transmitted over the Internet. A thief would
have to be very good to intercept the correct packets
and reassemble them.
Furthermore, the information included in the packets is not
easily readable. They transmit under the Secure Sockets
Layer protocol, which includes strong encryption.
Even if your credit card number was stolen, your liability
is
virtually nil. Under the Fair Credit Reporting Act, your
legal
liability is $50 for any theft.
Keep your liability limits in mind if you receive an offer
over the phone or by e-mail for credit card insurance. If
the
purveyor wants to insure you against fraud, forget about it.
There is fraud on the Internet, of course. There have been
some highly publicized credit card thefts over the Internet.
In at least two cases, hackers stole thousands of credit
card
numbers from databases. There is no way you can protect
yourself from that. If you use a credit card, you are
probably
in many databases, even if you have never used the Internet.
Those databases are maintained by merchants and banks with
whom you deal. If they do not protect their databases, they
could be invaded. You could only guard against this by
destroying your credit cards. That's a bit extreme.
From the consumer's standpoint, credit cards are probably
the best way to shop on the Internet. If the goods are not
as advertised, or are otherwise unacceptable, payment
can be stopped.
In the past few years, single-usage credit cards have
appeared.
The big push for this system came from American Express
and Discover. Users apply for a one-time credit card number
each time they make a purchase. That way, their permanent
card number never makes an appearance on the Internet.
However, single usage does not seem to have been a huge
hit with consumers. It probably offers some safeguards
against
fraud, but requires the consumer to go through extra steps.
Consumers savvy enough to use a single-usage number
probably also know that their liability is virtually zero,
anyway.
Visa and MasterCard are promoting authentication
systems that they believe will reduce the fraud problem.
Visa calls its system Verified by Visa; MasterCard's is
Secure
Payment Application.
The two systems are similar for the cardholder, but operate
differently on the back end. Using Visa, the consumer first
fills out an order form on the Internet merchant's site. The
order is detoured to the credit card issuer's site. The
consumer
is asked for a password. If it's right, the order goes
through.
MasterCard's system downloads a small program to the
cardholder, who sets it up with a password. When the
cardholder makes a purchase, the program sends the purchase
information to the card issuer's computer. That computer
asks
for a password. The cardholder enters the password and the
purchase is approved.
This has obvious benefits for the merchant, and, to a lesser
degree, the consumer. The card issuer will be responsible
for
fraud, taking the merchant off the hook. But the merchant
and
the card issuer must invest in new equipment. The consumer
gets some peace of mind. Consumers are used to giving
passwords, so that is not a big change for them.
