Eastern Oregon Net, Inc.
The Internet Done Right


Protecting Your Credit Online

< return to Safety Zone >
< print this >

ALERT! click here for an informative, but ominous, article on the "Phishing" threat.
read about how discarded credit offers can be used to get a credit card under your name

NEVER reply to ANY email message that asks you to fill out a form or click on a link within the email message which would send your credit card number or other personal information. A common scam is for a criminal operation to send you a legitimate-appearing email message, apparently from a bona fide organization like PayPal or AOL, indicating that they need to update their records and therefore require you to submit your credit card number for verification, or some other pretense for getting your information. Don't be fooled by email messages that look authentic -- it is easy for the unscrupulous to hijack logos and copyright notices, and to hide their own email addresses where the information would be sent, while displaying the email address of the purported company. Learn to inspect source code of email messages and Web pages so that you can discover where form submissions will actually go.

If you have questions about the authenticity of any request for your information, contact the company involved before taking any other action. Review the company's Privacy Policy as published on its Web site. For example, PayPal's -- typical of legitimate firms -- includes the statement: "PayPal representatives will never ask you for your password, so any e-mail or other communication requesting your password should be treated as unauthorized and suspicious."

Do not submit credit card information in any online e-commerce transaction with a Web site or company that you do not know to be legitimate. Deal only with recognized companies and their sites. How do you know whom to trust? Look to online merchant ratings given by comparative shopping sites such as CNET Shopper, Yahoo Shopping, and Epinions, and avoid sites with customer complaints.

When submitting credit card information online, make sure that the transaction is encrypted with protection such as the SSL (Secure Sockets Layer) protocol. Make sure that a symbol representing that such protection is in effect is shown in the status bar of your browser. For example, Internet Explorer will display a small gold padlock icon in the bottom right section of the browser when the page being viewed is thusly protected. Generally, the URL (or Web address) of such a page will contain "https:" rather than just "http:" as the leading characters. For example, if you have a PayPal account that you want to log into, if you direct your browser to "https://www.paypal.com", the page that appears (to prompt you for your username and password) will be shown with the padlock icon. However, if you should try to log in using "http://www.paypal.com"[without the "s"], you will not be able to directly log in, but will be given a button that links to a secured second page before it will let you enter your information.

Use of debit cards is not recommended for online transactions, as you may not have the same recourse that you have with a credit card.

In general, use the same level of precautions with online use of credit cards as you would in live, person-to-person transactions.

For more details and guidelines, visit consumer-oriented sites such as PC World's Ten Tips for Safe E-Shopping and visit your credit card company's site. For example, see American Express' Consumer Resources - Protection, Visa's Learn the Facts, and Mastercard's Priceless Pointers.

You may also wish to visit the Federal Trade Commission's Prescreened Offers of Credit and Insurance page.


Identity theft, a rapidly-growing category of crime, is often achieved when a criminal obtains your credit card number and related personal information, or worse yet, your Social Security Number. Sometimes even following the precautions outlined above will not completely protect you, as in the case of outright theft of data from organizations that should know better -- witness the theft in May 2006 of SSNs and other personal information records of 26.5 million veterans and 2.2 million active military personnel, including those currently serving in Afghanistan and Iraq.

If you suspect that you are a victim of identity theft or just want to be aware of your credit status, mainstream advice is to regularly monitor your credit reports. For example, see Consumer Union's advice on monitoring your own credit.

It is also possible to more definitively know whether your personal information is being used illegally by signing up for an identity management service. Such a service provides 24-hour tracking of illicit use of your credit card numbers, but is typically very expensive for the average consumer. Some services, such as IdentityGuard, provide what is essentially an insurance policy to help cover the costs of regaining and repairing your stolen identify. Whether such services make sense for you is subject to your own determination; we are only pointing you to their existence and suggest that you conduct your own research and make your own evaluations.

You may also want to consult with your antivirus and security software provider to see if they offer identify theft features.