Home                    Last Updated 02/11/07

[ Back ] [ Home ] [ Next ]

Important!

What you, and many web site operators, need to know.

Have you made a credit card purchase online? It was fast, convenient and the business assured you that your personal and credit card information were secure, using SSL encryption.  After all, didn't the little icon at the bottom of your browser indicate that you were in a secure area?

Well, here's something you should know, that nobody seems to be talking about. Maybe it's because they don't know it themselves, or they're afraid it will put a damper on the e-business, or maybe they think it would cost them too much in either service fees or manual processing.

Whatever the reason, here is what you need to know about many of the web sites that claim secure on-line ordering.

Many web operators and web site owners create an order form to purchase their products or services. This order form is put in a secure server which is accessed by the customer who is visiting the website, and wants to make a purchase. This is often accomplished by the customer clicking on a button that says "buy now" or "purchase" etc.

A little icon appears at the bottom of your browser, indicating that you are in a secure area, and that you can securely fill out the order form with your personal and credit card information. So far, so good. At this point, the information you are providing is, indeed, secure.

But when you click that "submit" button, there's a good chance that your personal  and credit card information is suddenly no longer secure, and vulnerable to interception and fraudulent use.

Whether your information becomes vulnerable or not depends on what happens after you click on the "submit" button.

Obviously, the business from which you just ordered a product or service wants to know when an order has been placed. A standard mechanism for notifying a business that an order has been received is to have his/her website set up so that when the order form is submitted, a copy of the information is emailed to the company so that they can process the order and payment.

Most medium sized to small businesses don't have their own server and use web hosting services that could literally be thousands of miles from the company's office(s).   Also, these businesses have an existing relationship with their bank for checking, a business credit line and credit card processing capability. So when they receive the order and credit card information, they input the credit card and sales information, by keypad, into a modem, which processes the credit card information and provides an approval code (or, in some cases, decline) for the purchase.

The problem, and breach of security, for the information that you have provided occurs when the email is sent to the business so that they can process the order. The email is sent "in-the-clear" and can be intercepted and easily read.

This security problem could be easily circumvented by having the order form stowed in a "folder" on the secure server, which can be accessed by the business through a secure connection, retrieve the information and process the order and payment in their normal manner.  It's much easier and more convenient to receive the information by automatic email than to assign someone to go through the process of logging on and checking the secure folder for orders.  And many web site operators may be unaware that the email is sent to them over a non-secure channel.

Larger companies doing business on the internet may have their own server and don't have to rely on web hosting services for their web site. If this is the case, they may have their own automated credit card purchasing and verification ability, and don't have to process the orders and payment manually.

But many small-to-medium sized companies don't have this option because the hardware and software are too expensive, and their internet business volume is not adequate to justify the expense.

Many business owners are not familiar with third party on-line credit card processing services such as PayPal or Billpoint.

We use PayPal services on our site for secure on-line ordering. The potential negative that customer may perceive is that by using PayPal, the customer has to set up an account with PayPal. This process takes only a couple of minutes, and only requires the same information required to complete an on-line transaction. It's fast, easy, convenient, free to the customer and secure. It has the added advantage that, if the customer makes another purchase from either the same business or another, non-related business, when he/she accesses PayPal to complete the order form and make credit card payment, that persons personal and shipping information is automatically filled in on the order form.

Once the order credit card information has been approved and verified, PayPal generates an email to the business, notifying the business they have just received money into their PayPal account. Included in this email is a product description of the product, it's price and shipping costs. The business can then go ahead, process the order and ship the item. The business never sees the credit card information, which never leaves a secure server. The credit card information is never transmitted over a non-secure connection, removing the chance that it can be intercepted in-the-clear.

This is not an advertisement for PayPal, but there are several reasons why we use PayPal, not the least of which is the aspect of providing our customer with true security. It provides the convenience of receiving email notifications of purchases, and they charge the business a lower transaction fee than is ordinarily incurred by having their own bank process the credit card.

So, the next time you go to make an on-line purchase, you might want to contact the business, prior to submitting the order, to find out how your order and credit card information are going to be processed.

With the terabytes of information crossing the internet, it is unlikely that you would be singled out to have your information compromised. But it is possible. It's happening on the internet on a daily basis.

I hope you find this information helpful and enlightening  Feel assured, that if you make a purchase on our web site, your personal and credit information is secure.

That being said, the following is an advertisement for PayPal. Click on the banner below to set up your PayPal account. Pay for on-line transactions, auctions and other things, and be able to send money via email.

PayPal Banner to be inserted here.

[ Back ] [ Home ] [ Next ] 

For any questions or comments about this website, please direct your email to: webmaster@millenniawood.com

Copyright ©2000 - Millennia Wood - All rights reserved.                                   You are visitor # since November 16, 2001

Privacy Policy