Credit Card Security

Credit Card Security - what you need to know.

All payments on this site are handled over a Secure Socket Layer (SSL) site. You will enter our secure area when you commence the payment part of your order.

What is SSL Security

SSL is a protocol to provide secure communications on the Internet.
SSL does three things:

  • SSL authenticates that the server you've connected to is the one it purports to be.
  • SSL creates a secure communication channel by encrypting all communication between the user and the server.
  • SSL conducts a cryptographic word count to ensure data integrity between the server and the user.
How can I tell when a web site is secure?

You can tell if you are in a secure area, if you are using Netscape 4.0, Microsoft 3.0 or higher, check for the picture of a lock in the lower right hand corner of your browsers application window. If the lock is closed you are in a secure area.

Is it safe for me to enter my credit card number over the Internet?

As reported in a Knight-Ridder News Service article (which appeared in the Philadelphia Inquirer), "In 1997, there were no reports of credit-card information stolen on the World Wide Web during a transfer of information over a Secure Socket Layer (SSL) line, the kind of line used by Netscape Navigator and Microsoft Explorer. There were no slip-ups. None." In the same article, Russell Bodoff, stated that consumers need to understand "that the Internet is a safe, reliable place to conduct business.

"In a Washington Post article, David Medine of the Federal Trade Commission suggested that it is much safer to transmit your credit card number over the Internet than to give it to a waiter at a restaurant or read it aloud over a cordless phone -- two activities that are generally taken for granted as safe.

If you need to know more read on if its all a bit confusing then skip to the Dummies Version

Secure Sockets Layer uses public key encryption mechanisms which were developed by RSA Data Security Inc. These are well known, secure algorithms. In the earlier version of SSL a 40 bit key is used for the encryption. It was recently reported that using brute force methods, the key was cracked. Brute force methods basically implies trying every possible combination of bits until the correct one is found. The number of combinations which would need to be examined is 2 to the power of 40, which is 1,099,511,627,776 different keys; and you need to analyse the data for each test key to find out if you've actually hit upon the correct one. Clearly, without a very significant computing resource, a brute force technique is not really going to be viable. One of the first examples of a crack of the 40 bit version key used a network of 120 computers, as well as a number of parallel computers, and it took about 8 days to search half the key space.

However, more recently, RSA challenged users to break the cipher for a reward of $1000. A graduate student claimed to have succeeded in just three and a half hours.

However, he used 250 computers. Obviously, it probably isn't going to be worthwhile cracking a 40 bit key for a credit card number. In the latest versions of the protocol, 128 bit keys are used. Such a key is realistically impossible to crack by brute force methods using current computing technologies. We don't have a computer fast enough to break the key in any reasonable length of time; for this reason, it is often stated that the amount of time required to break the key is infinite, although there would be a finite time to completion and too bad if the universe ends before you have the key.

Dummies Description

Now this is not supposed to be 100% correct its my understanding of how it works. Please don't send me long emails on the technical operation of SSL you would be wasting your time.

What is SSL encryption?

Well put simple it lets you send someone a message or a credit card number without anyone else being able to see it or alter it.

What is encryption?

People have been encrypting or writing in code for centuries. One of the most common ways to code a message was to use text from a book. You would choose a book say "Lord of the Rings" then make up your message using words from the book but rather than write down the words you record where in the book the words are found are i.e. page 14, paragraph 4, word 7 shortened to 14.4.7. So a short message would be 14.4.7, 123.6.23, 24.2.45 etc. Now the book can be considered the padlock to secure your message and the key to unlock it is the name of the book. To unravel the message you need to know which book was used to code the message. The problem with this kind of encryption is that you have to tell the other person the name of the book. If any one else finds out they can read your coded messages and you will not know they have broken your code.

During the 2nd world war the German devised a very complicated coding system called "Enigma". At first the allies could not crack the code however once the allies had recovered a code book from a sunken German U-boat they were able to read the German code and hence all their messages.

How does SSL encryption work?

When the internet arrived the problem of sending sensitive information had to be solved, people were not going to shop online if their details were not secure. SSL software works by encrypting messages so that no one except the secure site can read them. What happens when you log on to a secure site is that when you go to transmit your information the secure site sends you a piece of software code which is a form of padlock. The padlock encrypts your message and sends it to the secure site. The key to that padlock is only known to the secure site so even if someone could intercept it they don't have the key to read it. The security comes from the fact that there are many billions of possible keys to unlock the message and it would take many years to try them all. The difference with SSL is that no one knows the key to unlock it except the secure site and because every piece of information has a different padlock and hence a different key it is impossible to steal your information.

What do you have to do?

Just keep your eye on the little padlock symbol in the corner of the screen and make sure it is locked when you are sending your credit card details.


Privacy Statement
Copyright Michael Coates 1997- 2007