Is it safe? Yes, one hundred percent - okay 99.999 per cent -  assuming you follow a few simple guidelines.

Credit card numbers do get stolen. They get stolen every day - from wallets, from carbon copies in trash cans, from computers which keep lists of them, but only very, very rarely from Internet usage.

While you may have read newspaper or magazine articles expressing strong concerns about a "lack of security" on the Internet and the danger of using a credit card or sending private information over the Internet, the truth is quite different.

Charge! (it)
The fact is, today, it is safer to use your credit card on a secured web server than to give your credit card over the phone or hand it to a waiter to take into the back room.

I've been using my credit cards on the internet for several years and not had any problems. I did however have some charges show up on a bill made to a credit card (that I never used on the Internet) which I had lost and had canceled, over a year after I canceled the card and had a new one issued.

This is not to say you should not use caution and common sense.

Always-Do's and Never-Do's

Always check to make sure any web site accepting your credit card is using a secure server. You can tell by a couple ways.

• The protocol should be https rather than http in the web address line. For example, as far as sending credit card or confidential information, https://www.amercianexpress.com is safe http://www.americanexpress.com is not.
• A small picture of a closed yellow padlock should appear in the bottom status line of your browser window. If the lock is not there or if the picture is of an open lock, your data transmissions are not secure.

Always keep your own log of credit card transactions to immediately compare to you bill. Many credit card companies offer to your account via the Internet. If your credit card doesn't do this consider switching companies.

Careful when using a credit card NOT on the Internet!
The bottom line is that it is probably safer to use your credit card over the Internet than it is to use it in a restaurant or store!

No one is peeking over your shoulder nor is there a physical paper trail for someone to pick up and "dumpster dive" for. (You might be surprised at how much commercial and industrial espionage takes place by people rummaging through garbage - even with the use of shredders).

David Medine of the Federal Trade Commission was quoted, back in 1996 in the Washington Post as saying that it is much safer to transmit your credit card number over the Internet than to give it to a waiter at a restaurant or read it aloud over a cordless phone - both activities considered safe by most people.

AT&T's Universal Card division reports no cases to date of credit card number theft during transmission over the Internet.

Secure Sockets Layer (SSL) technology built into many webservers and the leading web browsers is used to protect sensitive data during transmission. They use encryption (applying a secret code to scramble the data) and decryption (use of another secret code to unscramble the data). In between, the data is gibberish and useless to anyone who captures it.

No completely unbreakable encryption system exists - except "one time pads" which are impractical to implement over a computer network-  but the processing power, money and skills required to do it are probably at work on other projects than stealing your credit card.

According to Eric Greenberg, group security product manager at Netscape Communications Corp.,   "There is no documented case of a credit card number being stolen while it was being transmitted through SSL. Not one.''

What's at risk?
In general, credit card companies are very quick to delete verifiable unauthorized charges from your bill.

Almost all major credit card companies cover all charges that result from unauthorized use of your credit card with your liability limited to $50.00 US - the maximum liability allowed under the U.S. Fair Credit Billing Act. (For additional information on the Fair Credit Billing Act, visit their web site at www.ftc.gov)

But you just said...
Carlos Felipe Salgado was arrested by the FBI in 1997 and confessed to having stolen 100,000 credit card numbers from a computer in San Diego.

However, the credit card numbers were not stolen while they were being transmitted across the Internet. The problem was that the credit card data was stored on an insecure computer. It has always been possible for hackers to break into companies computers and steal data, well before the Internet.

Companies should store all customer information, not only credit card data, in encrypted files. Then, even if hackers gets to the data,  they won't be able to use it.

Y2K and credit cards
And then again, all bets are off after December 31, 1999. Already there have been problems with credit card transactions not being accepted because the credit cards have expirations dates of  "01/00" (January, 2000). If that happens, at least you won't have to worry about someone stealing that credit card - and being able to use it!

Feedback
Hate this column? Love this column? Have ideas for what should be covered - Send suggestions for Internet Basics topics by email to basics@y2kegypt.com or kilenm@bigfoot.com.
The best suggestion gets a PC World-Egypt T-shirt! Kilen Matthews (kilenm@bigfoot.com) is an Internet and Year 2000 Consultant for Y2KEgypt LLC (www.y2kegypt.com).