Credit Card sercurity and firewalls

mordeith

Hey there. Hoping to pick your brains about credit cards.
Basically what I want to know is what precautions should I use when conducting transactions at home (dial-up ). I always buy stuff over the net at work because of the good security there. I'm a bit nervous of doing this at home though. Am I being paranoid? Should a firewall be enough to keep my details safe? What are the issues I should look at?

Thanks.

liamo

If you are connected to the Internet then you should always use a firewall, anti-virus and anti-spyware, whether you carry out Credit Card transactions or not. Without these (and sometimes even with these) any and all of the data on your PC might be compromised.

As to the question of Credit Card transactions, this is more a question of trust than anything else.

Do you trust the security of the connection? You should never submit Credit Card information unless the connection is secured - you should see a little padlock on your browser (the position may vary from browser to broswer).

Next, do you trust the integrity of the on-line trader? Are you sure that the trader won't use your details in some way other than that for which they were provided. Eg, will he make purchases or unauthorised charges against your Credit Card, or sell on your information to another party?

Third, do you trust the security of the trader? While he may be honest, if he doesn't secure your information properly, your data might be compromised on his system.

Having said all that, I make Credit Card purchases on-line all the time with no problems. Just use common sense and go with the well-known (and trusted) names.

Regards,

Liam

mordeith

Thanks for the tips Liam.
I would always only use reputable companies. I guess I was just worried that some hacker or such could intercept my CC details even if its being processed on a secure server.

Capt'n Midnight

Firewall would have nothing to do with act of entering Credit Card details on the web. Credit Card details if stored on your computer or on the merchants computer could be stolen by hackers or trojans/malware - this is why you never put your CC on your computer and why think before giving it to a merchant - and also why you have AntiVirus + AntiSpyware etc. as well as a firewall.

Never enter details unless it's a an encypted link - like a HTTPS/ site with the little lock in the corner.

Also close all browser windows and open a new one and type in the name of the site or cut/paste from notepad to be avoid cross-site or phishing vunerablities.

So its unlikely that your CC details would be intercepted except at the endpoints. Key stroke loggers like canary could grab it on your machine and depending on the system it's possible that a disgruntled employee could get it at the other end (unlikely if they use a GOOD third party system - but some of the www.sans.org bullitens have scary stuff)

Cake Fiend

To be honest, I'd personally be more wary of ordering from work, believe it or not. If you've done your homework and are careful about your net habits at home, you have little to worry about (hopefully!). OTOH, work networks - while possibly more secure from an outside attack - are rarely protected from internal attacks (whether deliberate, as in a malicious attack from a coworker, or unintentional, such as a trojan or keylogging worm making its way onto your workstation from the network).

rsynnott

Sico wrote:

To be honest, I'd personally be more wary of ordering from work, believe it or not. If you've done your homework and are careful about your net habits at home, you have little to worry about (hopefully!). OTOH, work networks - while possibly more secure from an outside attack - are rarely protected from internal attacks (whether deliberate, as in a malicious attack from a coworker, or unintentional, such as a trojan or keylogging worm making its way onto your workstation from the network).

Plus, your admin may be a dodgy character like this guy: http://www.boards.ie/vbulletin/showthread.php?t=294733

(His concern for his users' privacy is touching)

Blub2k4

rsynnott wrote:

Plus, your admin may be a dodgy character like this guy: http://www.boards.ie/vbulletin/showthread.php?t=294733

(His concern for his users' privacy is touching)

Give him the benefit of the doubt he appears to be willing to learn at least.
Looks like he was thrown in at the deepend and he is a bit over his depth, as long as he is willing to learn he should be fine.

rsynnott

Blub2k4 wrote:

Give him the benefit of the doubt

No. He wants to illegally spy on people. He laughs off all the people who tell him that this isn't a good idea.

Blub2k4

rsynnott wrote:

No. He wants to illegally spy on people. He laughs off all the people who tell him that this isn't a good idea.

ok then dont. Point your finger and laugh it's very constructive and does your ego a world of good.

rsynnott

Blub2k4 wrote:

ok then dont. Point your finger and laugh it's very constructive and does your ego a world of good.

You READ that thread, right?

Blub2k4

rsynnott wrote:

You READ that thread, right?

Yeah I read it, and then I fixed it.

NutJob

3 things before i ever use my credit card on a pc


-The site uses Secure Socket Layer and is a reputable company

-The PC has been just checked and cleaned of spyware

-The Pc I am using has been virus checked (not as important but)


After that u should be ok.

If u don’t want to worry about spyware move to linux but that’s another story completely.