Ambitious predictions notwithstanding, online shopping is still a novelty for most of us. Only 20 percent of wired adults worldwide — and only 5 percent of North Americans — have made purchases online, according to the otherwise-bullish Forrester. The reason cited most often by tentative e-consumers is the fear that their credit card data will be compromised over the Internet.

Ask online merchants about the degree of risk a consumer incurs sending credit card information over the Net, and they will say it is no riskier than handing your credit card to a gas station attendant. That assertion is reasonable if the merchant offers secure transactions based on the Secure Socket Layer (SSL) encryption standard.

The Secure Socket Layer is an open, non-proprietary protocol designed by Netscape Communications for the purpose of securing data communications across computer networks. SSL is sandwiched between the application protocol (HTTP, Telnet, FTP, NNTP) and the connection protocol (TCP/IP, UDP). It provides server authentication, message integrity, data encryption, and optional client authentication for TCP/IP connections. Information travels over the Internet through series of routings and it may pass through many computer systems before it reaches the trusted server. Any one of these computer systems presents an opportunity for the information to be accessed. SSL precludes intermediary computers from gaining access to the information.

To determine if your credit card data is secure as it travels from your PC to your Web merchant’s server, just check your browser: The URL of a secure (encrypted) page begins with ‘https’ rather than just ‘http’. If you are using Microsoft Internet Explorer 2.1, Netscape Navigator 2.0, or a later version of either, you will also see a closed-lock symbol in the status bar at the bottom of your browser screen.

Most major Web merchants now offer the option of submitting credit card data via a secure server. This should be your first choice any time you use a credit card to purchase merchandise online. If you are using an older browser that does not permit SSL encryption, seriously consider updating your software.

Has SSL technology eliminated the risk of shopping online? Not necessarily — there remains the human element. In the absence of further precautions taken by the Web proprietor, your credit card data can still be vulnerable to hackers outside the firm and to disgruntled or dishonest employees inside. If you are not afraid to ask a few pointed questions of site proprietors, you can ensure that your credit card information will remain secure. According to the Better Business Bureau, the Federal Trade Commission, and the National Consumers League, there are steps you can take to protect yourself before making an online purchase:

Research the company. Obtain the mailing address and telephone number for any online merchant with which you are considering doing business. This contact information will be very helpful if problems arise with your order. Look for a reliability seal from BBBOnLine, an affiliate of the Better Business Bureau. Consult other services that rate the quality of retail Web sites, including Consumer Reports and BizRate.com. Contact Internet Fraud Watch, www.fraud.org, (800) 876-7060, and ask if it has received any complaints about the merchant.

Investigate the company’s policies. Do they offer a warranty? What is their return policy? Is there a cancellation policy? What is the shipping charge? When will the product arrive? Federal law says items must be shipped within 30 days; if not, the shipper must notify you and allow you to cancel the order.

Protect your security. You should not have to ask an online merchant about its security policy. That information should be posted on its Web page. Ensure the site on which you enter your credit card number is secure (one having an Internet address that starts with https://, or an unbroken key or padlock at the bottom of the browser window).

Protect your privacy. Some companies sell or share marketing information about you to others. Some sites carry a privacy protection seal from groups like Trust-e or the Better Business Bureau. If you don’t want your name to be sold to marketers, investigate a site’s privacy policy before you disclose any personal information. If you can’t find an answer to your question on the site, ask by e-mail.

Don’t give out too much information. In most cases, giving a password, credit card number and shipping information should suffice. Beware of companies that request sensitive personal information such as Social Security number, mother’s maiden name, or bank account information.

Pay with a credit card. Other payment options don’t offer consumer protections, such as the ability to dispute the charge. If there is an unauthorized charge on your credit card, your liability under federal law is a maximum of $50. Amazon.com, EToys, Microsoft Expedia, and Wal-Mart pledge to pay expenses not covered by the credit card company if a third party illegally obtains your data.

Report Your Troubles. The Federal Trade Commission’s Web site, www.ftc.gov, includes an online complaint form for consumers who suspect they have been victimized by online merchants. Internet Fraud Watch maintains a list of Internet-based scams, along with an online complaint form. IFW staff members forward complaints to more than 160 participating law-enforcement agencies.
Safe shopping in the world of online commerce depends mainly on you. Despite the promise of effortless Web shopping, you should aggressively pursue information about security and privacy to protect your credit card and personal data. At a minimum, demand SSL encryption, storage of credit card data behind firewalls, and strict limits on employee access. Merchant sites should prominently display security and privacy statements, as well as their telephone number and postal address.

Many merchants are getting the message, but some smaller sites fail to use encryption or firewalls, or they are slow to disclose their policies. Do these concerns mean you should avoid shopping online? No, but they make it necessary that you know something about the company behind the Web page. That company, after all, will know a lot about you.

(Editor’s Note: Steve Littfin is a freelance writer based in Port Orchard.).