Credit Card security over the net

If I make a payment online with my credit card, usually you have to put in an address that goes with it, even if it is just for an online service.
Does this address get seen by the service provider?
Jon
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

part of the validation process, perhaps.

you mean the internet service provider ? only if the authorities are onto your scam and have them intercepting your traffic :-)
Phil
--
spamcop.net address commissioned 18/06/04
Come on down !
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Depends on the protocol you are using: HTTP - yes, secure HTTP - no.
Vadim
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Vadim Borshchev wrote:

Yes, it's best to think of all internet traffic, other than that you encrypt yourself with something like PGP or a (uncrackable) one-time pad, or using secure socket layers (https), as being like a postcard that everyone can read as it passes them.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

This is going to be a long response, but it's worthwhile. I recommend you read the whole thing :) There are several entities involved in orders:
- You - The product vendor, www.theseller.tld - The credit card processing company - does processing work for vendor - The credit card company itself (VISA, Mastercard, etc.) - The Internet Service Providers (ISPs) providing everyone's access
If you are using an SSL/TLS encrypted ("secure") https form then all form data you enter is not seen by the internet service providers, ISPs. This is the goal of https, to securely transport the data from end to end.
But what you have to be wary of is who the credit card processing company is and what they do with your information. Credit card orders are ofen not handled by the same company actually selling you the product. Secure transaction systems are very difficult to do properly; this is why I think it's a good idea that a company that specializes in this task does the credit card processing itself. i.e. there are two companies aiding in the sale; the vendor (e.g. a software company) , and the transaction processing company (e.g. ShareIt, DigiBuy, PayPal...)
The credit card processing company does see all data you enter since you are using their web forms. You should check into what they do with it - read their Privacy Policy. Then the credit card processing company will send along most of your data (but not the credit card number) to the actual product vendor. The product vendor may see your address.
The thing to be wary of is improper credit card transactions handled in- house, that is, credit cards being processed by the same company that sells the actual products. I have seen many smaller vendors build very poor, highly insecure systems in order to handle their own credit card payments. The risk here is that your sensitive data will be stored in an insecure fashion. In my work I have encountered improperly built credit card processing systems that have been hacked, with all credit card information and personal data exposed. This is very very bad.
I would not have this worry about large vendors doing their own credit card processing, of course. Nor would I worry about companies that specialize in credit card orders, contracted out by vendors.
So things to make sure: (1) that you only enter the private information over an SSL/TLS secured https form, (2) that you trust the web site providing the credit card processing service, (3) that you are comfortable with that processing company's policies.
What is extremely important here is that SSL alone does not guarantee security. It only securely transports your private data to the destination company. Your data at this stage may still be insecurely stored or inappropriately transferred on to other companies.
--
Jem Berkes
http://www.sysdesign.ca/
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

BeanSmart.com is a site by and for consumers of financial services and advice. We are not affiliated with any of the banks, financial services or software manufacturers discussed here. All logos and trade names are the property of their respective owners.

Tax and financial advice you come across on this site is freely given by your peers and professionals on their own time and out of the kindness of their hearts. We can guarantee neither accuracy of such advice nor its applicability for your situation. Simply put, you are fully responsible for the results of using information from this site in real life situations.