Protecting your online payment information

The Internet was made “safe” for E-commerce back in 1995 when Netscape developed encryption for web traffic. However many people did not trust providing their credit card information for Internet purchases. But when the Covid-19 pandemic and lockdowns began in 2020, many more people started to make purchases over the Internet for such basic things as grocery delivery and take out food. Using credit card information on the Internet is fairly safe but there are a number of risks.

Almost all websites use a secure (encrypted) connection, denoted by https instead of http in the address line of a browser, often shown with a lock icon

Lock Icons - Download Free Vector Icons | Noun Project

This means that all the information being sent to the website is encrypted, including your credit card information. 

Breaking encryption is well beyond the capability of any hacker who is intent on stealing your credit card information as it travels over the Internet. However, the NSA (U.S. National Security Agency) is able to break encryption. But this is only after years of spending more than a billion dollars developing widespread network surveillance, large data bases, specialized supercomputers and collaboration with large American technology companies to siphon off Internet traffic (as revealed in documents released by Edward Snowden).
How US and UK spy agencies defeat internet security

A bigger risk is if you happen to have malware on your computer that monitors everything you type. This type of malware, called “spyware”, will record credit card information and send it back to a hacker’s computer. The protection for this is to make sure that you have antivirus software running on your computer that includes anti-spyware. If your antivirus does not include anti-spyware, you can add a separate anti-spyware package.

Another risk is your credit card information being stolen from the website long after you have made a purchase. Most websites store your credit card information. This makes it more convenient for you if you order from them again. But there have been many security breaches in which hackers have broken into the servers of some very large companies and stolen millions of credit cards.
Biggest credit card data breaches

This risk is something that you may be able to minimize. In Europe privacy laws make it illegal for websites to store credit card information without your express consent. But in North America, privacy laws are way behind and there is no such protection. Websites should really ask you if you want to save your information, but most of them do not. And they don’t provide an option for you to remove your credit card information from their servers. 

However, if you use PayPal instead of a credit card, you have more control over websites retaining your payment information. You can go into your PayPal account and look at all the websites that have “Automatic Payment” turned on and turn them off. In general you want to do that for all websites except those in which you have set up a monthly regular payment, such as Netflix which is a monthly subscription service, or services you use regularly such as Uber. When I went through my PayPal account, I found three Automatic Payments to TicketKing going back several years.

PayPal also provides more security for your payment credentials. When you use PayPal to make a purchase on a website, you are directed to PayPal to log into your account. The webserver does not see your password and so it cannot save it. If a hacker breaks into a webserver and steals PayPal account information, it cannot be used to make purchases or access your PayPal account. However there is one caveat here, which is that a hacker may try to break into your PayPal account by  guessing your password. As long as you guard your PayPal login information carefully you will be pretty safe.

Not many PayPal data breaches have been reported compared to credit card breaches but one was reported in 2022. Only personal information was stolen and there was no indication of any financial losses.
PayPal breach

In summary, what can you do to minimize your Internet payment information being compromised?

1. Make sure you have anti-spyware software protecting your computer (it may be part of your antivirus software).

2. Use PayPal whenever possible for online payments instead of credit cards. After completing the transaction, go into your PayPal account and turn off Automatic Payment for that website, unless it is a bona fide subscription service.

Author: Ernie Dainow

I was fascinated with mathematics at an early age. In university I became more interested in how people think and began graduate work in psychology. The possibilities of using computers to try to understand the brain by simulating learning and thinking became an exciting idea and I completed a Master’s degree in Artificial Intelligence in Computer Science. My interest in doing research shifted to an interest in building systems. I worked for 40+ years in the computer field, on large mainframe computers, then personal computers, doing software development for academic and scientific research, business and financial applications, data networks, hardware products and the Internet. After I retired I began writing to help people understand computers, software, smartphones and the Internet. You can download my free books from Apple iBooks, Google Play Books and from https://www.smashwords.com/profile/view/edainow

2 thoughts on “Protecting your online payment information”

  1. This is incredible! Really practical advice. I don’t know how you manage to stay on top of this stuff.
    I have an Apple computer and, if I am not mistaken, they have built in anti spy ware and so it is not necessary to purchase additional anti-virus software???

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *