Yes, it's best to think of all internet traffic, other than that you
encrypt yourself with something like PGP or a (uncrackable) one-time
pad, or using secure socket layers (https), as being like a postcard
that everyone can read as it passes them.
This is going to be a long response, but it's worthwhile. I recommend you
read the whole thing :) There are several entities involved in orders:
- The product vendor, www.theseller.tld
- The credit card processing company - does processing work for vendor
- The credit card company itself (VISA, Mastercard, etc.)
- The Internet Service Providers (ISPs) providing everyone's access
If you are using an SSL/TLS encrypted ("secure") https form then all form
data you enter is not seen by the internet service providers, ISPs. This
is the goal of https, to securely transport the data from end to end.
But what you have to be wary of is who the credit card processing company
is and what they do with your information. Credit card orders are ofen
not handled by the same company actually selling you the product. Secure
transaction systems are very difficult to do properly; this is why I
think it's a good idea that a company that specializes in this task does
the credit card processing itself. i.e. there are two companies aiding in
the sale; the vendor (e.g. a software company) , and the transaction
processing company (e.g. ShareIt, DigiBuy, PayPal...)
The credit card processing company does see all data you enter since you
are using their web forms. You should check into what they do with it -
send along most of your data (but not the credit card number) to the
actual product vendor. The product vendor may see your address.
The thing to be wary of is improper credit card transactions handled in-
house, that is, credit cards being processed by the same company that
sells the actual products. I have seen many smaller vendors build very
poor, highly insecure systems in order to handle their own credit card
payments. The risk here is that your sensitive data will be stored in an
insecure fashion. In my work I have encountered improperly built credit
card processing systems that have been hacked, with all credit card
information and personal data exposed. This is very very bad.
I would not have this worry about large vendors doing their own credit
card processing, of course. Nor would I worry about companies that
specialize in credit card orders, contracted out by vendors.
So things to make sure: (1) that you only enter the private information
over an SSL/TLS secured https form, (2) that you trust the web site
providing the credit card processing service, (3) that you are
comfortable with that processing company's policies.
What is extremely important here is that SSL alone does not guarantee
security. It only securely transports your private data to the
destination company. Your data at this stage may still be insecurely
stored or inappropriately transferred on to other companies.
BeanSmart.com is a site by and for consumers of financial services and advice. We are not affiliated with any of the banks, financial services or software manufacturers discussed here.
All logos and trade names are the property of their respective owners.
Tax and financial advice you come across on this site is freely given by your peers and professionals on their own time and out of the kindness of their hearts. We can guarantee
neither accuracy of such advice nor its applicability for your situation. Simply put, you are fully responsible for the results of using information from this site in real life situations.