|
Exactly how safe is it to submit your credit card details over the net? While most of us do it every day without batting an eyelid, there are always those horror stories of people who had their bank accounts wiped out by malicious hackers, or even fraudulent websites. How can you tell when a site is safe? We spoke to Roger Morgado, a technical supporter at Thawte, who helped explain it further…
What is SSL?
SSL (Secure Socket Layering), an Internet protocol, is a set of specifications that allow two applications to communication with each other via the Internet, in a secure environment. SSL allows a web browser or client to authenticate the existence and identity of a website using digital keys and certificates. It also allows for all information that it sends to be encrypted, ensuring that information cannot be intercepted or stolen while in transit.
How does SSL work?
SSL works on the basis of two keys, a private and a public key, known as a 'keypair'. When you request an SSL session to a server, the client browser will negotiate a 'SSL Handshake' with that server. The client browser then creates a third unique key, known as the Pre Master Secret Key, which is encrypted using the public key (included in the certificate) and sent to the server. The server then decrypts the session key with the private key, and both then create the final Master Secret Key, which will be used for this session only. In a nutshell, the client uses the public key to authenticate the signature made by the private key.
How do you know whether a website is secure?
In order to create a SSL session, a user will reference the domain using https - so check to see that the URL starts with this. The client browser will also verify any information contained in the certificate. The client browser will also check that the Certification Authority (CA - e.g. Thawte) is a trusted CA by verifying the signature on that server certificate. Finally, the client browser will check that the domain name of the browser matches that of the certificate, and will pop up a warning message if it does not trust one of the fields. Should the user continue with the transaction, it would be at his or her own risk - your credit card details could be going to a fraudulent site. You can view the certificate by right clicking on the page, go to page properties, then certificates details, or alternatively, click on the padlock in the bottom right-hand corner (although this does not always appear). If all is in order you can continue.
Are my credit card details therefore safe?
If all of the above comply, your credit card information should be secure. Nothing is however foolproof, as the aim of encryption is not to be unbreakable, as new technology is always being developed, but rather to make it inconvenient, so that the time needed to break it would put anyone off from trying!
|
