Shoppers Beware! Jacket Store in Old Cash Converters, Belconnen

That’s right.
The certificate is an assurance that the encryption used is legitimate so data should be safe in transit. And that the person at the other end is who they say they are in most cases.

Also, I would like to point out that the majority of fraud from online shopping (outside of eastern europe and russia) is the result of weaknesses at the user’s end and not while in transit or at the shop end. Spyware and trojans all nab people’s details. That and in the past year, VISA and AMEX in the US has announced that employees have sold millions of user’s data to crims. Nice when you can’t even trust the credit company.

The certificates don’t say “yes you can trust these guys with your CC number”. All they say is “You really are talking to who you think you are, or at least someone who’s got access to their private key file.”

Bartron, re-read your post, and perhaps you don’t trust VS as much as I first thought.

Bartron – good to see you trust Verisign, because that is what we’re really talking about here. Given that financial institutions don’t use an ABN-DSC, but simply a certificate issued through a somewhat arbitrary process deemed acceptable by Verisign (over which we have no real visibility other than their publicly available policy), I’d be careful about just how far you trust such a cert. That said, I agree they are MUCH better than some other providers.

Gee, Virgin Credit badmouthing Tiger Airlines. What a shock.

You can sign your own 128 bit certificates if you want to, it ain’t hard (I do it on development web servers). The problem is most people see the padlock or https and think ‘safe’ without looking at who signed it. Depending on the service that peobably doesn’t matter, e.g. bigpond signing their own certificates for in-house use (webmail and account management perhaps).

Verisign is just a ‘known entity’ in the transaction process….someone that says ‘yes you can trust these guys with your CC number’….mostly becasue you paid them to say that though.

going OT…..Virgin are actualy pretty good with detecting odd purchasing behaviour (although for other reasons I decided to drop them). They twice called me…one was a legit purchase I made via a web site, the other was for DVD hire from some video store in Canada which was promptly refunded.

“Verisign is simply a digital certificate issues by a third party for encryption and digital signatures.”
But it still means that they have paid a substantial amount for the certificate, that they have being verified as a legitimate business and that the certificate is a proper 128 or 256bit cypher vs some of these do-it-yourslf digital certificates such as the one Bigpond uses on some of its servers.

(Of course, the AFP could always be sitting there waiting for them now.)

aren’t the thieving idiots going to have use their real name to book and claim the tickets

I’m not sure they have to. I book tickets for relatives online all the time with my credit card. They just do the electronic check-in thing – nobody ever looks at their ID. I guess there’d be nothing to stop me booking a flight for Al Kyder, paying for it with WMC’s credit card, then waltzing into the foyer, pressing a few buttons at the kiosk and collecting my boarding pass.

Verisign is simply a digital certificate issues by a third party for encryption and digital signatures. It is irrelevant in terms of how your information is processed once it reaches the destination.