Why I'm more secure buying online than in person
March 10, 2008
E-commerce is more secure than a retail transaction.
That is a bold claim, but a recent incident has prompted me to revisit the e-commerce security issue, and I can say through personal experience that e-commerce is much more secure than a typical retail transaction.
I had recently gone to a Sunday brunch, and like many of the other folks there that day paid the bill with my Visa. As with every other time I have paid a restaurant bill, the waitress took my card and walked away to run the order through their point-of-sale machine.
I was seated around the corner and couldn’t see where she went. This particular waitress was not in a hurry that day, and so it took about 8 minutes before she returned with my Visa card. My point is simply this:
All that she needed to “pirate” my credit card number was a pen and paper. That is a very low-tech approach to stealing credit card numbers. You don’t need a server room filled with super computers or a PHD in computer science. All you need is a pen and paper.
Not only did she not need super computers to breach the encryption on this order, but she had enough time to make a copy of my credit card number for every employee working in the restaurant. I’m willing to bet that she could have even had time to drive to a store, make photocopies of it for her friends, and then come back with my bill, all with me being none-the-wiser.
I am not implying that this waitress perpetrated this incorrigible act, but she certainly could have.
I hope I am communicating clearly just how secure e-commerce is. There is STRONG encryption used on e-commerce transactions, with 128 bit or 256 bit SSL encryption. This is not low-tech or easy to breach encryption. It is strong – as in hundreds of thousands of hours of computing time to breach with brute force.
No matter what anyone may say to me, that encryption is stronger than the zero encryption used when I hand a credit card to a waiter/waitress. Or a gas station attendant. Or over the telephone if I’m ordering over the telephone.
The point quite simply is that e-commerce is more secure than traditional retail based transactions. If there is anyone out there that feels like debating this point, I will blow any further discussion out of the water by pointing out that in an online or “card-not-present” transaction, my credit card company has a first responsibility to me and NOT to the merchant. That means that if there is a dispute I will get my money back.
I purchase online with great confidence. As a consumer, (and as someone working in this industry) I know that e-commerce is much more secure than a traditional retail based transaction.