by Dave Hartsock for Daves Computer Tips
This is the second of a three part series.
OK . . . you’ve decided that you want to make your purchase from AcmeExplosives.com (after all, Wiley Coyote gets his dynamite from there, so he trusts it).
And it has an SSL Cert that you’ve checked out (Part 1). So what’s this “layered security” business and what more do I have to do?
Well, how far you want to go on this really depends on how much you want to use the particular vendor and also how much you want to protect your credit card account number. There may come a point where further scrutiny just doesn’t make sense. Drop it and either reach a comfort level with the site or go on to the next one. Each of us may have different levels of scrutiny we want to apply.
A good guideline is expressed in this quote: “Between the extremes of caution and blissful ignorance, there is some comfort point, which will be different for everyone. I choose to run some risks, if they entail compensatory advantages, while avoiding others. ” (I got that from somebody’s signature in a security newsgroup years ago, but it certainly rings true still.)
You definitely want to make sure that at least you implement the SSL check in Part 1. If the site handles the transaction (as opposed to redirecting you to PayPal) and doesn’t encrypt your purchase transaction, that’s IT! Don’t make the purchase there from that site. You need go no further. When you’re on the checkout page, look up at the address bar . . . no SSL, just close out the tab/window and certainly don’t press “Submit”.
So what about if it transmits via SSL? Is that enough? NO! Remember those unscrupulous CA’s?
This excerpt is shared with permission from davescomputertips.com.