Home
Products
Download
Ordering
Support
About Shareware
About KMR Consulting
Contacting Us
Links
Logo

Credit Cards, the Internet, and PayPal

It is interesting that people who are nervous about sending their credit card numbers over the Internet will gladly charge something in a store and sign their name on an electronic screen. (Think of the possibility for fraud: the store has your credit card number AND an electronic version of your signature! In principle, they could use these to create any number of fake transactions and charge them to your account.)

So is it safe to use your credit card to order merchandise over the Internet or not? Is PayPal safe to use? Here is some information you may find useful.

Credit card risks

Sending your credit card number over the Internet exposes you to three types of risks.

  1. Someone who is watching Internet traffic may see your account number as it goes by and use it to buy stuff for themselves.
  2. You don't really know who you're sending your account number to.
  3. Someone might break into our computer and steal your credit card number.

Let's look at each of these risks more closely.

Risk 1: Internet security

This problem is eliminated by using what is called a secure server. Before entering your credit card number, check the web address for the page to ensure that it starts with https:. Many browsers also show a little padlock symbol ( or ) when this is true. This indicates that you're connected to a secure web site--your browser encrypts your account number (and everything else) before sending it, so even if someone is able to view Internet traffic, the account number is indecipherable.

The real danger of buying things with a credit card over the Internet is actually ...

Risk 2: Verifying authenticity

If you go to a store, you can be reasonably sure that the company is legitimate. The expense of the building, the inventory you can see and touch, the people working there, the fact that they were there last month and the year before; these are all indications that the company is for real. You feel comfortable handing your credit card to the clerk in the store because you expect that employees of a real company will behave ethically.

But suppose you get a catalog in the mail from some outfit you've never heard of. Can you really be sure that the company exists? You can call their 800 number (if they have one), but that doesn't prove anything--a rip-off artist will tell you exactly what you want to hear, whether or not it is the truth. The catalog itself is the only evidence you have that the company is legitimate, so sending your credit card number to a mail order firm involves more risk than shopping at a store.

Internet stores are even riskier than mail order companies. It is easy (and cheap) to set up an Internet site that offers goods for sale. Rip-off artists can create a web site that looks just as real, and offers just as many products, as legitimate businesses. You can't tell whether the company is for real just by looking at their web site--everything you see might be made up.

Knowing this, why would anyone order anything over the Internet? The fact is that the vast majority of businesses are legitimate. Nevertheless, you can reduce the odds of being victimized by verifying the company independently before placing an order. (This applies to mail-order catalog companies, too.) Asking the company itself for references doesn't prove anything--the "references" may be part of the scam. Instead, call the Better Business Bureau and the Attorney General of the state in which the business resides to see if anyone has complained about it.

So is KMR Consulting (and this web site) for real? The answer is yes, but you shouldn't believe it just because this web page says so. Verify it for yourself: check out the Association of Software Professionals web site, where you will find a link back to this site. Call the New York State Attorney General (800-771-7755). Call the Better Business Bureau in Buffalo NY (716-856-7180).

If you're still nervous about placing an order with us, consider this: you already have the product! A huckster after an easy buck is going to offer a product that doesn't exist, hoping to entice you to send money. With shareware companies, you know the product exists because you can download it and try it. This is pretty convincing evidence that the company is for real; much more convincing than seeing slick pictures of products in a catalog.

Risk 3: Our computer security

In January of 2000 someone broke into a computer at an on-line company and stole hundreds of thousands of credit card numbers. This made big news, partly because the crook tried to extort money from the credit card companies.

This cannot happen to KMR Consulting because your credit card number isn't on our computers. If you pay using PayPal, they handle the credit card transaction for us and we never see your credit card number. If you pay through our secure web site, we delete the credit card information as soon as the order is processed. Crooks aren't tempted to break into our computers because what they want simply isn't there.

By the way, if you want to see whether your computer is vulnerable to Internet hackers, I highly recommend visiting Gibson Research Corporation's web site. Click the "Shields UP!" logo for a free analysis of your system.

Is PayPal safe for me to use?

Absolutely. Here are some facts about PayPal:

  • PayPal has been in business since 1998, and has more than 70 million active accounts worldwide.
  • They use secure servers (https:) so that you can safely enter your credit card number.
  • You do not need to have an account with PayPal to use your credit card to buy our products.
  • PayPal allows you to pay a merchant without giving your credit card information to that merchant.
  • PayPal gives you 100% protection for unauthorized payments sent from your PayPal account

In fact, we use PayPal to process credit card transactions that customers send to us. This is perfectly safe for you, and their low transaction costs help us keep our prices down.

Wait a minute--I'm sure I heard that there was some problem with PayPal.

You're thinking of something called phishing (pronounced "fishing"). Note that phishing is not limited to PayPal--hackers send email that purports to come from banks, brokerage houses, credit card companies, and more. Basically, any account that contains money and can be accessed over the Internet is a target for phishing attacks.

Phishing is where a hacker sends you an email that looks like it came from PayPal or your bank asking you to log on to your account. The email includes a link--clicking this takes you to a web page that looks exactly like your bank's or PayPal's login page, but it isn't. When you enter your account name and password, it is actually sent directly to the hacker.

How can I protect myself against phishing?

Regarding PayPal specifically:

  1. If you don't have a PayPal account, you are not at risk. You simply don't have what the hacker wants.
  2. If you have a PayPal account but you don't keep any money in it, and don't have it linked to your checking account, you are also not at risk.

But phishing is used by hackers to try and get accounts and passwords for all sorts of companies, not just PayPal. Therefore, it is extremely important to be able to recognize phishing emails so you won't be victimized by them.

Fortunately, this is easy to do. Watch out for email that:

  • claims to come from your bank, credit card company, etc.
  • may include official-looking logos from this company.
  • states that there is some problem with your account, or that you must change your password.
  • includes a link to click that will take you to your account.
  • if you click the link, your browser may show a different URL than what the link said.
  • if you look closely at the email, you may see grammatical errors or misspelled words.
  • you may have gotten several identical or nearly identical copies of the email.

NEVER, EVER CLICK THE LINK in such an email message! It will not take you to your account! The page you'll see may look identical to the legitimate login page, but if you enter your account and password you'll be sending it directly to a hacker.

Banks and credit card companies never send emails like this! If you think the email might be legitimate, call the company and ask to speak with a representative. But be sure to use the phone number printed on your statement or your credit card, not a phone number from the suspicious email itself.

What should I do if I think I've been phished?

Suppose you get one of these emails and, without thinking, you click on the link and enter your account and password. What should you do?

  1. DO THESE STEPS IMMEDIATELY--DO NOT WAIT!
  2. Quit your browser, and then start it up again.
  3. Go to the web site for the company mentioned in the email, but type the web link (URL) directly into your browser--do not use the link in the email.
  4. Log onto your accont and change the password.
  5. Call the company in question, speak with a person, and tell them what has happened. They may give you additional steps you can follow to protect your account.

Was this web page helpful to you? Did you find what you were looking for? Give us your feedback.
This web site and all contents Copyright © 1999-2010 KMR Consulting