If I make a payment online with my credit card, usually you have to put in an address that goes with it, even if it is just for an online service.
Does this address get seen by the service provider?
Jon
- posted
19 years ago
Credit Card security over the net
Loading thread data ...
- Vote on answer
- posted
19 years ago
part of the validation process, perhaps.
you mean the internet service provider ? only if the authorities are onto your scam and have them intercepting your traffic :-)
Phil
- Vote on answer
- posted
19 years ago
Depends on the protocol you are using: HTTP - yes, secure HTTP - no. Vadim
- Vote on answer
- posted
19 years ago
- Vote on answer
- posted
19 years ago
This is going to be a long response, but it's worthwhile. I recommend you read the whole thing :) There are several entities involved in orders:
- You
- The product vendor,
formatting link
- The credit card processing company - does processing work for vendor
- The credit card company itself (VISA, Mastercard, etc.)
- The Internet Service Providers (ISPs) providing everyone's access
If you are using an SSL/TLS encrypted ("secure") https form then all form data you enter is not seen by the internet service providers, ISPs. This is the goal of https, to securely transport the data from end to end. But what you have to be wary of is who the credit card processing company is and what they do with your information. Credit card orders are ofen not handled by the same company actually selling you the product. Secure transaction systems are very difficult to do properly; this is why I think it's a good idea that a company that specializes in this task does the credit card processing itself. i.e. there are two companies aiding in the sale; the vendor (e.g. a software company) , and the transaction processing company (e.g. ShareIt, DigiBuy, PayPal...)
The credit card processing company does see all data you enter since you are using their web forms. You should check into what they do with it - read their Privacy Policy. Then the credit card processing company will send along most of your data (but not the credit card number) to the actual product vendor. The product vendor may see your address.
The thing to be wary of is improper credit card transactions handled in- house, that is, credit cards being processed by the same company that sells the actual products. I have seen many smaller vendors build very poor, highly insecure systems in order to handle their own credit card payments. The risk here is that your sensitive data will be stored in an insecure fashion. In my work I have encountered improperly built credit card processing systems that have been hacked, with all credit card information and personal data exposed. This is very very bad.
I would not have this worry about large vendors doing their own credit card processing, of course. Nor would I worry about companies that specialize in credit card orders, contracted out by vendors.
So things to make sure: (1) that you only enter the private information over an SSL/TLS secured https form, (2) that you trust the web site providing the credit card processing service, (3) that you are comfortable with that processing company's policies. What is extremely important here is that SSL alone does not guarantee security. It only securely transports your private data to the destination company. Your data at this stage may still be insecurely stored or inappropriately transferred on to other companies.