How secure are online transactions? Really. 1

[SuaveRick]

I just wanted to see what you guys thought about online transactions such as banking (bank card numbers, credit cards, etc)? I don't do online stuff myself but I've got family asking me all the time. Should a person feel safe entering a credit card number or something like that with the big banks (Royal, PC Financial, ING Direct, CIBC...)?

I know a good router with a firewall is something to have, anything else that would really enhance the security? Anti-virus, adware removers and the like I assume.

Thanks!

 

[orypecos]

Key stroke" loggers spyware can collect passwords and then send them to the hacker. Cuz of this, some sites now have a keyboard on the screen that u can click on the numbers and letters for your password so the key stroke loggers can't collect it that way. IBM is now integrating a fingerprint reader on some of their computers to assist in security.Many home users aren't using free anti spyware software and estimates are that ALL computers not using anti software have numberous spyware on their computers and are experiencing problems and data stealing.

 

[SuaveRick]

I've heard of key loggers before. I didn't know that some sites were providing online keyboards, that's a great idea.

Does using the on-screen keyboard that comes with windows xp accessibility options do the same thing or would a key logger pick that up as well?

Great info, thanks.

 

[orypecos]

I don't know, but would be interested in knowing. I would think that the spyware would still pick it up, cuz u are still sending the data from your computer to the internet instead of just online. The keyboards online are just starting to be offered. Some credit card providers use to have a credit card scanner that would connect to the computer to make things more secure, but I haven't seen them lately.

 

[SuaveRick]

I'm going to do some digging then and see what I find about the loggers picking up the on-screen keyboard. you'd think it would but to be sure we might as well try. I'll post what I find if I find anything good.

Cheers

 

[vop]

Consider me (slightly?) paranoid.

I generally (and advise others to):

Run SpyBot or Adaware before banking online. Try to do banking only several times a week.

Run a trojan scanner once or twice a week.

Definitely have a trusted SW firewall running - no phoning home should then be possible.

Use a HOSTS file to prevent otherwise normal connections and attempted transmissions to known bad places.

Careful to note a frames based webpage. Apparently, a secure site and frames can make for an unsecure transaction - the SSL encryption icon may fail to show.



I have also been experimenting with the following:

'Tcpview' running and visible long before entering any banking site (want to recognize and to know what is normal (and why certain) ports are listening or pending [time_wait], etc.). Kill anything doubtful - look for any attempted reappearance.

I periodically use 'process explorer' to scan for, kill, and thereafter to investigate any unusual or unknown running processes.

I am also running 'Linklogger' against my Linksys router for inbound and outbound port security ALERT detection.

Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]

 

[orypecos]

Hmmmm..... I will have to look into the "trojan scanner" info and everything else after that. I don't do computers for a living and it appears that I am going to have to go to a linux box to make my experience online secure enough.

 

[chiph]

Probably wouldn't hurt to start using Firefox as your browser, to avoid the spyware which is IE specific.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first

 

[MichealC4]

If you start feeling safe while on the internet, something is wrong. However ... I do do online buying, paypal, etc. But I do my research before buying something from some place or using paypal to send someone money. I don't use IE anymore to do online transactions, it just isn't safe anymore. Not that Firefox, Opera, Konquerer, lynx, etc. haven't had security issues in the past, but they are less prone to spyware being installed without your noticing it.

----------------------------
"Security is like an onion" - Unknown

 

[inusrat]

when we enter credit card number, expiry date and all the other info like address for the credit card. All that information along with geting passed on to the gateway also goes to the website's database. Then don't you think they can use customer credit card whenever they want ..i am wondering then how do banks protect customers from credit card fraud?

http://www.786Marriage.com

http://www.amasspharma.com

http://www.ambdex.com

 

[MichealC4]

That's not necessarily true. Many online shopping sites do not store your credit card information in a database, you have to enter it every time. Can be a pain, but you are safer that way.

Take

http://www.thinkgeek.com/help/#secure

for example.

----------------------------
"Security is like an onion" - Unknown

 

[chiph]

They probably do store it offline in order to deal with chargebacks. If a customer disputes a charge, they need some proof that they followed all the merchant account rules.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first

 

[MichealC4]

They probably do, but it isn't stored online. As for them using it against the customer (besides being unlikely), that's why you do your homework before buying from "some old place online."

----------------------------
"Security is like an onion" - Unknown

 

[nipester]

I use a knoppix CD to boot my system when I want to be safe. obviously, being a CD the binaries cannot have been compromised from past careless behaviour so its almost the same level of safety as a freshly installed linux distro. Besides knoppix I believe there are other live CD distros available too. SuSe has one I know.

Knoppix gets an IP address via DHCP so if you have a NAT router and a PC that boots a live linux CD, bypassing the hard drive completely thats about as secure as you can get at home.

 

[Sympology]

Funny how worried we are about using online transactions. Yet how many have phoned up some random person and given all the details over the phone, i.e traditional mail order. Or shred all our credit card printouts, houshold bills and any personal documents.
Think about it.
some receipts are **********1234
Others are 54321************
Others ****234*****

Get enough and you have all the info you need.

Sensible surfing, good a/v, good firewall. Best way to go.

Either that or you can hand you card over to a waitress in a resturaunt, who'll take off you card around the back, swipe it in a couple of machines and write down the numbers, then hand it back to get the signature, keep the carbon copy forge the signature and go shopping...and you'll have no idea where the thief got your info....



Stu..

Only the truly stupid believe they know everything.
Stu.. 2004