Storing Credit Card Info vs Re typing Info

2018-06-08 18:07:52

This is a general security question and will probably end up in a discussion. I started to put the question on the Information Security site, but that site is for security experts, and I'm not an expert.

When I pay bills, and shop online, sometimes I save my credit card info on the website in use, sometimes I don't. In general, is it safer to store a credit card on a website, or to re type the information every time?

The tradeoff I see is sending your data over the wire numerous times, where any point along the path might be compromised, versus leaving it sitting on a server for a hacker. I would think saving the info on a website is riskier, because the amount of time the information is available for a hacker is much longer. And if the information is sitting on multiple websites/servers, then the risk is even greater. Maybe I'm wrong.

I guess the card information has to go over the wire again when making purchases, even if it is saved on a server, albeit there would be less hops, so perhaps there are no security advantages to saving the info on a website.

It is always safer to type it in each time. The issue here is that you can't always solidly know how someone else (ie, a website) is going to store your data. Sure, they may encrypt it, but it could be a bad encryption cipher, or it could be a great one. You don't know. And because you don't know it's safer to keep it to yourself, and type it in each time.

However, keep in mind that unless you have a secure connection (https://) to the website you are entering your credit card data on, that data would be sent in cleartext. Cleartext meaning unencrypted data. Be weary of public wifi too. Sometimes they can replace the certificates used to encrypt websites with their own, and despite it being "secure", they would be able to read the data.

Short Answer: Only input sensitive data on networks you trust, like your home. And invest in a VPN if you want security no matter where you are.

链接地址: http://www.djcxy.com/p/26426.html

上一篇: 禁用文本输入历史

下一篇: 存储信用卡信息与重新输入信息