Credit Card Applications and SSL Security

by: Michael Lawrence

Is your privacy safe applying for credit cards online?

This article will attempt to demystify SSL, an internet protocol which is the current standard employed by all major financial institutions to secure their web transactions and credit card applications online.

What is SSL security?

SSL is an acronym for Secure Sockets Layer which is a protocol developed by Netscape to transfer documents securely over the internet.

The SSL protocol uses two keys to encrypt web data for secure transport. The first key is called the public key and is a 128 bit cypher. The second key is known as the private key and is also a 128 bit cypher.

It is the existence of the private key that ensures only the intended recipient has the ability to “decode” an encrypted message once received.

If someone were to intercept the encrypted data without having this private key then the data would appear in a totally unreadable format when viewed.

** Details of the SSL server handshake and key exchange sequences are beyond the scope of this article but it is worthwhile to note:

Adding all possible key combinations together makes 2^{128 keys}, or:

340,282,366,920,938,463,463,374,607,431,768,211,456 unique key codes.

It would take current computer technology years to crack a code of this cypher length that has this many possible key combinations.

This ensures that once your home computer is connected to a properly configured SSL server on the internet that your data cannot be intercepted and decoded. (Article Published: July 4, 2006)

• SSL encrypts data so that no one who intercepts is able to read it.
• SSL can assure a client that they are dealing with the real server they intended to connect to.
• SSL can prevent any unauthorized clients from connecting to the server.
• SSL prevents anyone from meddling with data going to or coming from the server.

source: http://java.sun.com/

How can I tell if a site is SSL secure?

The two most common indicators of SSL security are;

• the existence of a padlock () graphic in the lower status bar of your web browser (near the end of the right hand side of the browser window)
• the web address in your browser begins with an https:// instead of http:// … addition of the “s” in the URL indicates that the document is available via secure connection

Some unscrupulous webmasters will write the terms “SSL secure” and paste padlock () graphics on their webpages but this is not SSL security only a trick to be wary of.

Make sure the padlock () graphic is part of the browser window itself and not the webpage or you are not secure

How does this apply to Credit Card Applications?

The credit card applications that CardPick.net links to are all stored on SSL secure servers.

When you click the Apply Now Button for any credit card offer at our site your web browser will be re-directed to the appropriate secure server housing the application you are interested in applying for.

As the browser re-direction completes please check the lower status bar of your web browser to verify that the padlock () graphic has in fact appeared. The appearance of this graphic indicates that you are now successfully connected to a properly configured SSL secure server.

You may then begin your credit card application in good standing knowing your privacy is safe. No one can steal your data with the computing technology that is available today!

SSL Resources:

• SSL Explained including Server Handshake and Hash Sequence
• Cisco Technology White Papers - Introduction to SSL
• Verisign - Purchase SSL certificates (not affiliated)
• OpenSSL.org - developers of an Open Source SSL implementation

Credit Card Resources:

• Apply for Credit Cards Online

About the Author:

Michael Lawrence is the webmaster for CardPick.net. A University of Waterloo Engineering graduate, 13 year IT veteran and established web author.