Credit Cards, the Internet, and PayPal
It is interesting that people who are nervous about sending their credit card numbers over the Internet will gladly charge something in a store and sign their name on an electronic screen. (Think of the possibility for fraud: the store has your credit card number AND an electronic version of your signature! In principle, they could use these to create any number of fake transactions and charge them to your account.)
So is it safe to use your credit card to order merchandise over the Internet or not? Is PayPal safe to use? Here is some information you may find useful.
Credit card risks
Sending your credit card number over the Internet exposes you to three types of risks.
Let's look at each of these risks more closely.
This problem is eliminated by using what is called a secure server. Before entering your credit card number, check the web address for the page to ensure that it starts with https:. Many browsers also show a little padlock symbol ( or ) when this is true. This indicates that you're connected to a secure web site--your browser encrypts your account number (and everything else) before sending it, so even if someone is able to view Internet traffic, the account number is indecipherable.
The real danger of buying things with a credit card over the Internet is actually ...
If you go to a store, you can be reasonably sure that the company is legitimate. The expense of the building, the inventory you can see and touch, the people working there, the fact that they were there last month and the year before; these are all indications that the company is for real. You feel comfortable handing your credit card to the clerk in the store because you expect that employees of a real company will behave ethically.
But suppose you get a catalog in the mail from some outfit you've never heard of. Can you really be sure that the company exists? You can call their 800 number (if they have one), but that doesn't prove anything--a rip-off artist will tell you exactly what you want to hear, whether or not it is the truth. The catalog itself is the only evidence you have that the company is legitimate, so sending your credit card number to a mail order firm involves more risk than shopping at a store.
Internet stores are even riskier than mail order companies. It is easy (and cheap) to set up an Internet site that offers goods for sale. Rip-off artists can create a web site that looks just as real, and offers just as many products, as legitimate businesses. You can't tell whether the company is for real just by looking at their web site--everything you see might be made up.
Knowing this, why would anyone order anything over the Internet? The fact is that the vast majority of businesses are legitimate. Nevertheless, you can reduce the odds of being victimized by verifying the company independently before placing an order. (This applies to mail-order catalog companies, too.) Asking the company itself for references doesn't prove anything--the "references" may be part of the scam. Instead, call the Better Business Bureau and the Attorney General of the state in which the business resides to see if anyone has complained about it.
So is KMR Consulting (and this web site) for real? The answer is yes, but you shouldn't believe it just because this web page says so. Verify it for yourself: check out the Association of Software Professionals web site, where you will find a link back to this site. Call the New York State Attorney General (800-771-7755). Call the Better Business Bureau in Buffalo NY (716-856-7180).
If you're still nervous about placing an order with us, consider this: you already have the product! A huckster after an easy buck is going to offer a product that doesn't exist, hoping to entice you to send money. With shareware companies, you know the product exists because you can download it and try it. This is pretty convincing evidence that the company is for real; much more convincing than seeing slick pictures of products in a catalog.
In January of 2000 someone broke into a computer at an on-line company and stole hundreds of thousands of credit card numbers. This made big news, partly because the crook tried to extort money from the credit card companies.
This cannot happen to KMR Consulting because your credit card number isn't on our computers. If you pay using PayPal, they handle the credit card transaction for us and we never see your credit card number. If you pay through our secure web site, we delete the credit card information as soon as the order is processed. Crooks aren't tempted to break into our computers because what they want simply isn't there.
By the way, if you want to see whether your computer is vulnerable to Internet hackers, I highly recommend visiting Gibson Research Corporation's web site. Click the "Shields UP!" logo for a free analysis of your system.
Absolutely. Here are some facts about PayPal:
In fact, we use PayPal to process credit card transactions that customers send to us. This is perfectly safe for you, and their low transaction costs help us keep our prices down.
Wait a minute--I'm sure I heard that there was some problem with PayPal.
You're thinking of something called phishing (pronounced "fishing"). Note that phishing is not limited to PayPal--hackers send email that purports to come from banks, brokerage houses, credit card companies, and more. Basically, any account that contains money and can be accessed over the Internet is a target for phishing attacks.
Phishing is where a hacker sends you an email that looks like it came from PayPal or your bank asking you to log on to your account. The email includes a link--clicking this takes you to a web page that looks exactly like your bank's or PayPal's login page, but it isn't. When you enter your account name and password, it is actually sent directly to the hacker.
How can I protect myself against phishing?
Regarding PayPal specifically:
But phishing is used by hackers to try and get accounts and passwords for all sorts of companies, not just PayPal. Therefore, it is extremely important to be able to recognize phishing emails so you won't be victimized by them.
Fortunately, this is easy to do. Watch out for email that:
NEVER, EVER CLICK THE LINK in such an email message! It will not take you to your account! The page you'll see may look identical to the legitimate login page, but if you enter your account and password you'll be sending it directly to a hacker.
Banks and credit card companies never send emails like this! If you think the email might be legitimate, call the company and ask to speak with a representative. But be sure to use the phone number printed on your statement or your credit card, not a phone number from the suspicious email itself.
What should I do if I think I've been phished?
Suppose you get one of these emails and, without thinking, you click on the link and enter your account and password. What should you do?
Was this web page helpful to you? Did you find what you were looking for? Give us your feedback.
This web site and all contents Copyright © 1999-2010 KMR Consulting