https + security

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
How secure is it to put debit card details into https sites?


Ps. Browser IE7, cypher strength 256bit
OS. Vista 32bit

Re: https + security


Quoted text here. Click to load it

Hi Not,

You've asked a poorly constrained question unfortunately.  All SSL
does is secure the data in transit between your web browser and the
web site (and the strength of that is dependent on which ciphers the
web site supports, how your browser is configured, and whether "click
and make it happy" users pay attention to certificate warnings that
might tip off a man in the middle attack if it were to occur.  Despite
those smallish risks, with https you can be relatively certain that no
one will sniff your credit card data off the wire for the fractions of
a second it flies over the wire to your web retailer of choice.

Now the bigger trouble lies more on both ends of that connection.
First your own computer--is it clean?  How do you know?  Trojan
keylogger installer perhaps?   Using IE7 and its built in support of
ActiveX makes it an awfully rich target.   Vista has its issues as
well, but isn't really the malware target of choice yet since its
adoption has been tepid at best.

On the website end,  the security of your data is at the mercy of the
web application developers much more so than the SSL.  Web application
vulnerabilities are exceedingly common, and vulnerabilities that allow
attackers to dump database contents are equally common.  

But... do you care?  The liability with your credit card to you
personally is really quite small.  You're very very protected in your
card member agreement against fraudulent charges, probably much more
so than any other form of payment.  If your credt card is compromised,
it's pretty easy to see, charges pretty easy to dispute, and your
personal liability for that is probably limited to $50.  So long as
you do due diligence in scrutinizing your monthly statements you
should be fine.

Be more worried about your personal information,
name/adress/ssn/mothers maiden name and things that could be used to
establish credit in your name that you may not necessarily know

And remember, every time you give your credit card to a waiter at a
restaurant, your credit card it probably more exposed than it'll be at
an online retailer.   And no one much gives that practice a second
thought.  As well they shouldn't--because the card issuer assumes so
much of the liability of unauthoried use.

Now if you wanna get worried... access to your bank account and online
billpay, and auto deductions from your bank account are the scarier

Todd H. /

Re: https + security

Quoted text here. Click to load it

That would depend on the site.

Are you sure that neither the site nor your computer has been compromised?
If so, it is probably as safe as handing your card to the girl at the
restaurant checkout.
Meaning it isn't safe but it is not any more dangerous than driving to

In other words, I put my credit card number into web sites that I trust.
Quoted text here. Click to load it

The compromise is more likely to be on your computer or the site than on
the network along the way, but anything can happen.


please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.   remove ch100-5 to avoid spam trap

Site Timeline