SSL Alone Is Not Enough to Protect You

We all know that Google has forked the web thereby dictating the direction the entire internet should go, only few have put up resistance but largely we are all still under the control of this red neck giant.

The SSL is now compulsory for search result in the search engine but primarily to lead us all to believe we are in a secure site once we see the green padlock or bar. SSL only protect data from being intercepted once in transit from the customer computer to the merchant site. We awake daily to the news of constant financial data theft that involve credit card numbers.

Most of us don’t blink twice when handling over our credit card to an SSL protected website but that is false sense of security.

Protecting Credit Card Information Online
You probably already know to look for the presence of an SSL “lock” icon in your browser when shopping online. SSL is a security technology that encrypts a connection to prevent eavesdropping, and it’s used at the checkout stage or anywhere that personal data will be transmitted. In the unlikely event you encounter an online merchant that isn’t using SSL, don’t touch that site with a 10-foot pole.

But while SSL is a good start, it’s not the end of security. In fact, the presence of SSL can often lead to a false sense of security because while it protects your data from being intercepted while in transit from your computer to a merchant’s site, it can’t do anything to safeguard it after it reaches its destination.

For example, most retailers offer the option to store credit card account info on their servers to save you the trouble of having to re-enter it every time you make a purchase. That’s certainly convenient, but it’s not a good idea from a security standpoint because once your credit card info is stored by a merchant you’re at the mercy of whatever security measures are in place on its network. Although merchants usually store the customer financial data behind layers of security (usually involving masking and encrypting the numbers), as we’ve seen many times in the past, you can’t assume those measures will necessarily keep your data safe.

To be sure, keeping credit card numbers on file with a merchant is sometimes necessary (for example, when you need to make recurring payments for a subscription-based product or service) but aside from that scenario you should generally avoid the option. While the risks may be somewhat limited when you store your data at, say, a single heavily frequented merchant, they grow considerably if you do that with multiple vendors around the Web.

“Virtual” Credit Cards
If you just don’t like the notion of using your credit card over the Web, you may want to look into the availability of so-called “virtual,” credit cards offered by some banks and card issuers (Bank of America calls their program ShopSafe, while Discover dubs theirs DeskShop). They let you shop online use specially generated and unique numbers that are only valid for a single purchase, a limited time, or a fixed dollar amount, allowing you to keep your plastic card safely holstered.

You may be wondering if protecting your credit card numbers using the methods described above is worth the added effort given that liability for fraudulent charges is often limited (usually to $50 and in some cases is even $0). That decision comes down finding your own happy medium between convenience and security, to things that are usually at odds with one another.

One thing to keep in mind is that even if you’re not liable for much (or any) money, there is still the hassle of having to file fraudulent charge claims, get new account numbers and so on, which can be a frustrating and time-consuming process.