https + security

How secure is it to put debit card details into https sites?

Thanks

Ps. Browser IE7, cypher strength 256bit
OS. Vista 32bit

Re: https + security

"not_here.5.species8350@xoxy.net"
writes:

> How secure is it to put debit card details into https sites?
>
> Thanks
>
> Ps. Browser IE7, cypher strength 256bit
> OS. Vista 32bit

Hi Not,

You've asked a poorly constrained question unfortunately. All SSL
does is secure the data in transit between your web browser and the
web site (and the strength of that is dependent on which ciphers the
web site supports, how your browser is configured, and whether "click
and make it happy" users pay attention to certificate warnings that
might tip off a man in the middle attack if it were to occur. Despite
those smallish risks, with https you can be relatively certain that no
one will sniff your credit card data off the wire for the fractions of
a second it flies over the wire to your web retailer of choice.

Now the bigger trouble lies more on both ends of that connection.
First your own computer--is it clean? How do you know? Trojan
keylogger installer perhaps? Using IE7 and its built in support of
ActiveX makes it an awfully rich target. Vista has its issues as
well, but isn't really the malware target of choice yet since its
adoption has been tepid at best.

On the website end, the security of your data is at the mercy of the
web application developers much more so than the SSL. Web application
vulnerabilities are exceedingly common, and vulnerabilities that allow
attackers to dump database contents are equally common.

But... do you care? The liability with your credit card to you
personally is really quite small. You're very very protected in your
card member agreement against fraudulent charges, probably much more
so than any other form of payment. If your credt card is compromised,
it's pretty easy to see, charges pretty easy to dispute, and your
personal liability for that is probably limited to $50. So long as
you do due diligence in scrutinizing your monthly statements you
should be fine.

Be more worried about your personal information,
name/adress/ssn/mothers maiden name and things that could be used to
establish credit in your name that you may not necessarily know
about.

And remember, every time you give your credit card to a waiter at a
restaurant, your credit card it probably more exposed than it'll be at
an online retailer. And no one much gives that practice a second
thought. As well they shouldn't--because the card issuer assumes so
much of the liability of unauthoried use.

Now if you wanna get worried... access to your bank account and online
billpay, and auto deductions from your bank account are the scarier
bits.

--
Todd H.
http://www.toddh.net/

Re: https + security

"not_here.5.species8350@xoxy.net" wrote
in news:2706c613-ce30-4549-af4d-b08701e876fb@u10g2000prn.google groups.com:

> How secure is it to put debit card details into https sites?

That would depend on the site.

Are you sure that neither the site nor your computer has been compromised?

If so, it is probably as safe as handing your card to the girl at the
restaurant checkout.
Meaning it isn't safe but it is not any more dangerous than driving to
work.

In other words, I put my credit card number into web sites that I trust.

>
> Thanks
>
> Ps. Browser IE7, cypher strength 256bit
> OS. Vista 32bit

The compromise is more likely to be on your computer or the site than on
the network along the way, but anything can happen.



--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap

Re: https + security

In article <2706c613-ce30-4549-af4d-b08701e876fb@u10g2000prn.googlegroups.com>
not_here.5.species8350@xoxy.net
"not_here.5.species8350@xoxy.net" writes:

> How secure is it to put debit card details into https sites?
>
> Thanks
>
> Ps. Browser IE7, cypher strength 256bit
> OS. Vista 32bit

Others have replied on the SSL issues, which will apply equally
for both credit and debit cards. The higher risk with a debit
card is that, if you are unlucky enough to have your card details
compromised, the miscreant could possibly empty your bank account
rather than simply run up a large credit bill (for which the
credit card company will likely offer some protection).

On a happier note, some/most banks have pretty sophisticated
software that monitors "unusual" transactions and will phone you
before allowing such transactions (well, mine did!).

For added peace of mind when using a debit card online, keep the
cash balance in your account on which it draws as low as you can
live with, and top it up as necessary from another account (which
you don't use online or for which you don't have a debit card).
At least that way the damage will be limited if all the checks and
stops fail...

Pete
--
"We have not inherited the earth from our ancestors,
we have borrowed it from our descendants."

Re: https + security

On Apr 2, 5:40=A0am, p...@nospam.demon.co.uk wrote:
> In article =A0<2706c613-ce30-4549-af4d-b08701e87...@u10g2000prn.googlegrou=
ps.com>
> =A0 =A0 =A0 =A0 =A0 =A0not_here.5.species8...@xoxy.net
> =A0 =A0 =A0 =A0 =A0 =A0"not_here.5.species8...@xoxy.net" writes:
>
> > How secure is it to put debit card details into https sites?
>
> > Thanks
>
> > Ps. Browser IE7, cypher strength 256bit
> > OS. Vista 32bit
>
> Others have replied on the SSL issues, which will apply equally
> for both credit and debit cards. =A0The higher risk with a debit
> card is that, if you are unlucky enough to have your card details
> compromised, the miscreant could possibly empty your bank account
> rather than simply run up a large credit bill (for which the
> credit card company will likely offer some protection).
>
> On a happier note, some/most banks have pretty sophisticated
> software that monitors "unusual" transactions and will phone you
> before allowing such transactions (well, mine did!).
>
> For added peace of mind when using a debit card online, keep the
> cash balance in your account on which it draws as low as you can
> live with, and top it up as necessary from another account (which
> you don't use online or for which you don't have a debit card). =A0
> At least that way the damage will be limited if all the checks and
> stops fail...
>
> Pete
> --
> =A0 =A0"We have not inherited the earth from our ancestors,
> =A0 =A0 we have borrowed it from our descendants."

Thanks to all for responding.

To be on the safe side, I think I'll call the company and complete the
transaction over the phone.

Best wishes

N