December 21, 1998 – Newsletter #7

Hello, Weekend Silicon Warriors…

The holiday season is upon us and I have just given my last
Final. If you didn’t know, I’m also a University professor
in my spare Goodies time. We profs love finals week: the
students study themselves to death and we have an easy time
of it. During today’s three-essay final, I sat at my desk
reading a copy of Time magazine.

Now comes the grading. That’s the hard part.

Since it’s the holiday season, I thought it would be nice
to write about something festive that deals with computers
and the Internet. So here’s a little ditty about saying
goodbye to the malls and doing your shopping online this
year!

I spent Black Friday, so-called because that’s the day that
retail profits traditionally go from being in the red to
being in the black, walking 5th Avenue in Manhattan. There
were so many people that it was almost impossible to move.

While waiting my turn to cross 50th Street, I struck up a
conversation with a woman who was carrying more than her
share of bags. I suggested that this was a little too crazy
and shouldn’t we do all of our Christmas shopping over the
Internet?

“Not a chance,” she snapped back. “I’m not giving out my
credit card numbers for all the world to see.”

Does she really believe that? The same morning CNN reported
that although catalog purchases remain strong, purchases
over the Internet are sluggish. I think the reason is that
too many people share in this belief that submitting a
credit card to a company over the Internet is like writing
the number on a bathroom wall. It just isn’t so.

In an effort to help the Internet marketplace, and to
possibly quell some fears, I’d like to offer some tips to
buying online. In addition, I would like to explain the
level of protection companies have gone to in order to make
your purchase over the Internet a safe, and private,
transaction.

When you go out into the World Wide Web with the intent to
purchase a product, keep an eye on the little padlock image
on your browser. It’s in one of the lower corners of the
screen. That little padlock image will let you know if
you’re in a “secure” area or not. If the padlock appears
open, you’re not. If the padlock is closed, you are.

When making a purchase over the Web, you’ll want to make
sure that you are entering your credit card number to the
screen while you are inside a secure area. Here’s what
usually happens. You’ll log into a merchant’s site
searching for a gift. Usually the site will allow you to
search for items by name or sometimes by price range. This
is where I feel Internet shopping has all other types of
shopping beat: you sit quietly while something else does
the searching.

Once you’ve found the item you’re looking for, you can
either buy it or add it to what’s known as your “shopping
cart.” A shopping cart is a special program that
“remembers” what you ordered by writing the items to a
cookie file somewhere on your own computer. That way your
orders are contained safely on your own system, not on the
server.

Once you’ve chosen your item(s) you are usually asked to
click on a button to complete your purchase. Clicking on
that button should now move you into a “secure” area of
the server (that little padlock should close). If you
cannot locate a padlock on your browser, look at the
address of the page. The first five letters should now read
“https.” The “S” means secure.

The technical name for the secure area is Secure Socket
Layer (SSL). There are many different kinds, but this is
the most popular. It is a section of the server set aside
specifically to make monitary transactions. This layer is a
closed system connected only to those parties involved in
the sale. Any movement of data between these parties is
encrypted as part of your “digital signature,” the computer
equivalent to you “signing” something to complete the
transaction.

It gets a little hairy, but here’s the basic idea. You
click to submit the sale. Your information is turned into a
hash, or intricate mathematical system equal to your
information. That hash is then encrypted with what’s known
as a “key” that differs from merchant to merchant. When the
encrypted information arrives at the merchant, it must go
back through the same two steps (hashing and encryption) to
be converted to the original text format. If the
information de-encrypts correctly, then the merchant can be
quite sure it was a true transaction made from their Web
site. They consider the sale “signed.”

So how can you be sure that the site you’ve just entered is
really the merchant’s site? What if someone set up a fake
version to grab credit card numbers? It happens. First look
at the address. Check it against the merchant’s advertising
material. Is the address on the computer screen the same?
Then look for the verification certificate. On the secure
page, where you put in your credit card number, there
should be an icon from a third-party company that will
verify you’re truly in the merchant’s site. Click on the
icon and you should get back verification. If you don’t, do
not put in your card number.

Finally, watch especially for sites that ask you to send
your credit card numbers over email. Email is definitely
not secure and can be gathered easily.

I actually feel safer making a purchase over a secure
Internet server than I do giving my number over the phone
to a catalogue order taker. And I especially feel safer
than when the waiter takes my card out behind the kitchen
to swipe it. Goodness knows how many people could have seen
it!

The technical name for doing business over the Internet is
electronic commerce. More appropriately, it’s called
E-commerce. So this year, humbug to the mall. Boot up, log
on, and have a Happ-E Chanukah, a Merr-E Christmas, and an
interactive New Year.

>>>>>>>>>>>>>>>>>

And that’s all. Thanks for reading and I hope you have a
great holiday season. And a happy New Year, too. I’ll be in
Times Square in NYC for the ball dropping this year.

Joe Burns, Ph.D.

“And Remember: La Paz, Bolivia is the world’s fireproof
city. At 12,000 feet about sea level, the amount of oxygen
in the air barely supports a flame.”