Jump to content
Washington Football Team Logo
Extremeskins

Verisign Question


Mark The Homer

Recommended Posts

So I'm paying this speed camera ticket online, and they want my cc info.

I look at the top and it says this:

http://wmq.etimspayments.com/pbw/confirmAction.doh

(note the last three letters - you can't make this stuff up) lol

The page includes the sentence:

*This site has a Verisign Secure Site Certificate.

What bothers me is I expect to see https: not http:

However, I don't recognize wmq

Does "wmq" prove it's a secure site?

As you go through the pages and begin entering your cc number, there is no change in the above. It still begins http://wmq ...

Is this site secure?

Thanks

Link to comment
Share on other sites

They're using websphere application server. But more to the point, if it isn't https, then it isn't encrypted. Certificate, or not, you'll be sending your credit card information over the wire in clear text.

Edit: That said, is it likely that someone is sniffing packets on the wire and gathering credit card information? Probably not, but who knows. Either way, is it worth the risk? Probably. I mean, what is the downside? If your card number gets stolen, I suspect that you wouldn't be liable. It might be a hastle to make a couple calls and get a new card issued, but if the alternative is driving down there to pay the ticket - I probably would pay on line even if it were http. I just don't worry to much about using my credit cards anywhere since my liability is minimal.

Link to comment
Share on other sites

In the URL you posted:

http://wmq.etimspayments.com/pbw/confirmAction.doh

The "wmq.etimspayments.com" is simply the name of the computer that the web page resides on. It can be any name that the site owner chooses, and it means absolutely nothing about the computer. (Although it may say something, if the owner of the computer follows some conventions.)

The "http" or "https" tells you if the data flowing between you and the other site has been encrypted. In your case, it isn't. Which means that in theory any device that your data passes through, in between you and the site, could capture the data that's being exchanged.

(Think of it as saying that you're sending a postcard, rather than a letter. In theory, somebody at the Post Office could read the postcard.)

Is somebody monitoring it? I'd say it's real unlikely. The internet has really stunning quantities of information passing back and forth. It would be a gargantuan task for somebody to capture that data and then sift through all of it looking for credit card numbers.

(And I'd suspect that virtually every routing device on the Internet, now days is a switch rather than a hub, anyway, which means that packets are only sent to the device they're addressed to. Think of a telephone conversation: How many Party Lines are there in use, now days?)

All of that said, though . . .

If I were a thief, and I were in the "business" of capturing unsecured internet traffic for later sale, I'd think that capturing unencrypted data that's going to a server that collects payments for speed cameras would be a really nice and profitable place to be.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...