HTTPS:// Doesn't Mean Your Credit Card is Safe from Hackers
February 24, 2008 - Cleveland, Ohio - Does the "HTTPS" designation and certification really provide genuine security for your credit card information? DOUGLAS Art Prints® recent change to using the NOVA Information Systems servers and credit card processing was done against some "expert" advice but was the exact right thing to do for the security of customers credit card information. HTTPS does not mean your credit card information is safe from hackers.
In researching our intended improvements in our credit card processing one option was for us to obtain an "HTTPS" certificate which would allow us to obtain our customers credit card information right on our own servers and then transmit that information "encrypted" to the merchant account servers for approval of the amount of the sale. Our other option was to transfer our customers to the NOVA Information Systems secure servers where all of the credit card information would be acquired and the amount approved. We were told by "experts" at places like Network Solutions that customers "do not like" to be transfered to another server. This very well may be true but when it came to real security and liability we thought otherwise. A recent story on Forbes.com, Web 3.0: What's Next After What's Next, made us realize just how right we were.
In researching our intended improvements in our credit card processing one option was for us to obtain an "HTTPS" certificate which would allow us to obtain our customers credit card information right on our own servers and then transmit that information "encrypted" to the merchant account servers for approval of the amount of the sale. Our other option was to transfer our customers to the NOVA Information Systems secure servers where all of the credit card information would be acquired and the amount approved. We were told by "experts" at places like Network Solutions that customers "do not like" to be transfered to another server. This very well may be true but when it came to real security and liability we thought otherwise. A recent story on Forbes.com, Web 3.0: What's Next After What's Next, made us realize just how right we were.
An HTTPS certificate simply certifies that the business, web site, is who they claim to be. This provides the "security" that you are doing business with who you believed you were. This also provides the "security" of knowing when your credit card information is sent to the credit card company for approval that the information will be encrypted so no one will be able to intercept your credit card number etc. It was our belief that genuine security was only as good as it's weakest link. It was crystal clear to us that by using this HTTPS secure page on OUR servers meant that our customers credit card numbers would be entered and stored on OUR servers. That meant someone hacking into OUR servers might get access to this information. We would be the weakest link!
We are not in the business of providing high security internet servers. We sell art. All of the latest firewalls and "hacker safe" systems available are only as good as the next hacker. In our opinion our servers would provide less of a challenge to a hacker than that of a bank. We could be an attractive target for a hacker.
Defying the expert advise that "customers don't like" we chose to transfer all of the entry and transfer of ANY credit card information onto NOVA Information Systems servers. The same high security servers owned by banks, used by banks and international financial institutions. Real on line security. Worth the investment to protect our customers.
One or two "secure" HTTPS pages on a web site are only as secure as the server that you enter your credit card information on and where it will be stored. Something everyone should seriously consider when doing business on a web site of a company you do not know. HTTPS does not mean your credit card number is safe from hackers.
We are not in the business of providing high security internet servers. We sell art. All of the latest firewalls and "hacker safe" systems available are only as good as the next hacker. In our opinion our servers would provide less of a challenge to a hacker than that of a bank. We could be an attractive target for a hacker.
Defying the expert advise that "customers don't like" we chose to transfer all of the entry and transfer of ANY credit card information onto NOVA Information Systems servers. The same high security servers owned by banks, used by banks and international financial institutions. Real on line security. Worth the investment to protect our customers.
One or two "secure" HTTPS pages on a web site are only as secure as the server that you enter your credit card information on and where it will be stored. Something everyone should seriously consider when doing business on a web site of a company you do not know. HTTPS does not mean your credit card number is safe from hackers.
Customer Service
Authorized Dealer Program
DAP Links
Commercial Photography
RSS Feeds
Leave a comment