Q: Level with me—how safe is my credit card info on the Internet? I’ve been reading freaky stories about Russian mobsters swiping Visa numbers, then selling them to the highest bidder. How long until I get stuck with a 2 million ruble charge?
Russians aren’t the only nimble-fingered hackers in the credit card racket. Romanians, Bulgarians, Kazakhs—the post-Soviet realm is riddled with semi-talented programmers out for a fast buck. Southeast Asia, too, where resource-strapped cops have bigger fish to fry than 18-year-old nerds. Credit card bazaars, where purloined numbers go for as little as 40 cents a pop, are hosted on servers from Kiev to Kuala Lumpur.
That said, there’s no need to go Chicken Little on e-commerce. The danger’s been overhyped by peddlers of security software, who have a vested interest in your paranoia; be skeptical of news stories citing figures from a high-tech company with “security” in its name. About .25 percent of online credit card transactions are fraudulent—300 percent higher than the meatspace figure, but nowhere near enough to spook you off eBay.
A little common sense will foil most crooks. First off, remember, encryption is your friend. Make sure you’re using an up-to-date browser, since the latest versions feature rock-solid 128-bit scrambling. Truly devoted hackers can still crack this, but unless your last name is Trump or Bloomberg, your Capital One Visa isn’t worth the effort.
Avoid using campus networks, which are virtual hacker playgrounds. Just last week, the Secret Service warned that Russian hoods had installed card-filching sniffers at several Sunbelt universities. And don’t be so quick to click through boxes that blare “Invalid certificate.” Yeah, they’re annoying, but those alarms steer you away from shady sites—take heed.
Before doling out your digits, consider where your info is heading. Fly-by-night casinos or lowbrow porn sites don’t pay as much attention to security as, say, Amazon.com. If you must traipse through the cybermuck, look for outfits that use domestic third-party billing services like CCBill; you’ll sleep better knowing your numbers aren’t sitting on an unsecured Tandy in Antigua.
Be wary of spoofed sites, hacker traps that masquerade as legit Web pages. Just a few months back, a fake eBay site made the rounds, collecting sensitive data from gullible customers. If you receive a cheery e-mail inviting you to visit a seemingly reputable link, scrutinize the address carefully—if “@” and “:” appear in the URL, you might be getting duped. Special bonus tip: If the come-hither e-mail contains oddly conjugated verbs, suspect a Russian crime connection.
That’s not to suggest our Yank compatriots are angels. When junking an old computer, or merely having it serviced, wipe the hard drive first. Dragging your sensitive documents to the trash bin isn’t enough to fend off skillful snoops, who can sift through browser cookies for vital info; download a free memory eraser from Cnet.com.
Even if you follow Mr. Roboto’s advice to the letter, dim-witted sysadmins can still ruin your day. A few years ago, a Russian gang stole over 1 million credit card numbers from various U.S. banks and businesses, taking advantage of lazy network overseers who’d neglected to install a simple Windows patch. And this past spring, hackers stole 13,000 credit reports from Experian. “Our files are protected by state-of-the-art, Star Wars-style security and encryption technology,” insisted a spokesman. Of course, since the hackers had “borrowed” a password from the Ford Motor Credit Company, all that technology meant diddly-squat. Feeling safe? Mr. Roboto says, “Nyet.”
Chances are your inbox brims with e-mail from African “princes,” offering hefty cuts of multimillion-dollar fortunes in exchange for your bank account info. One cybercitizen got so fed up with the scam spams (usually orchestrated by Nigerian crime syndicates) that he decided to strike back. Learn about his hilarious revenge at Buddyweiserman.com, which tracks the many, many tricks he played on one unlucky swindler, “Prince Jubril Turey.” Once you’re done giggling over the chicken-dance humiliation, join in the fun by clicking on the handy “Taunt Prince” link. Per the usual, payback’s a bitch.
Input questions at firstname.lastname@example.org.