thank you Tris for this and I will also take the opportunity to thank Andrew and Jackie as well. I feel generally much more reassured, and the tip about checking the url when purchasing I will remember and take on board. With sincere thanks to you all Alex skype name: grytpype2006 windows live messenger name: alex.thynne@xxxxxxxxxxxxx -----Original Message----- From: access-uk@xxxxxxxxxxxxx [mailto:access-uk@xxxxxxxxxxxxx]On Behalf Of Tristram Llewellyn Sent: 12 March 2008 09:46 To: access-uk@xxxxxxxxxxxxx Subject: [access-uk] Re: online fraud Firstly, if you buy with a credit card the contract is between the the credit card company and vendor, therefore within reason the credit card company has the responsibility for the transaction if anything goes wrong and usually goods are ensured during that transaction to you door. Secondly, generally if you have an https in your address bar you can normally assume that you have an SSL connection to the site you are on and this will make you pretty safe however if you havve something in your PC that is designed to steal data the SSL connection will not help you, the SSL connection is designed to stop your transaction being intercepted from outside. An SSL connection is one where you have an encrypted connection directly to the website that you are on. This will almost certainly be true when you are on your home PC, however if by some chance you at your workplace or in a public wi-fi spot you cannot assume the connection is directly between you and the site you are on therefore you are open to evesdropping or deliberate attack. In the workplace there will be a workplace server and you and this connection will not be encrypted but the connection between the workplace server and site will be because the workplace server will be able to issue certificates on your behalf. You should never shop onlne on a public wi-fi spot you are out in the clear and any SSL connection could be compromised unless you use some form of VPN connection so that everything you are sending in the clear is already encrypted. One potential solution if you are really worried about your card details you probably shouldn't use them with a site you don't trust. Quite a useful way around this is something called "secure cards" from Paypal (if you have an account). Paypal secure cards are a one time use credit/debit card number you can use for sites you are completely sure of or where you think you may be at increased risk of fraud. In this case even if an attacker does steal the number it will be of no use to them because it can only be used once in a transaction. I have used online shopping fairly solidly for the last four or five years and brought quite a few things including big ticket items. I have so far not had a problem. The only thing that would concern me is that some of the online shop fronts can be vulnerable to attack and that the usual username and password login isn't really quite safe enough in this modern day age. I would like to see more retailers use something like OpenID or the Verisign key fobs so when you logged in whoeveer you were going to could be more sure you are who you say you are (if that makes any sense). Regards. Tristram Llewellyn tristram.llewellyn@xxxxxxxxxxxxxxxxxxx Technical Support Sight and Sound Technology -----Original Message----- From: access-uk@xxxxxxxxxxxxx [mailto:access-uk@xxxxxxxxxxxxx] On Behalf Of alex.thynne@xxxxxxxxxxxx Sent: Wednesday, March 12, 2008 8:55 AM To: access-uk@xxxxxxxxxxxxx Subject: [access-uk] online fraud Hi I was listening to something on BBC breakfast about the 25% rise in credit/debit card fraud and online fraud. The person being interviewed said that if you purchase something online you should generally be safe, particularly so if you see a padlock when you go to the ordering page. I've heard of SSL security and secure sites, but is there anything else that I should watch out for that jaws is telling me. I don't have any sight at all so it sounds as if this padlock thing is an icon or a picture of some sort on screen, so anything that people can give me that reassures me would be gratefully accepted. Alex skype name: grytpype2006 windows live messenger name: alex.thynne@xxxxxxxxxxxxx ** To leave the list, click on the immediately-following link:- ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** access-uk-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ** To leave the list, click on the immediately-following link:- ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** access-uk-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq ** To leave the list, click on the immediately-following link:- ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** access-uk-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq