Security risk in e-commerce

Here are opinions and answers from FAQ Farmers: * Credit card transactions are completed using a 128-Bit SSL Encrypted Secure Transaction. SSL uses public-key encryption to exchange a session key between the client and server; this session key is used to encrypt the http transaction (both request and response). Each transaction uses a different session key, so that even if someone did manage to decrypt a transaction, it would not mean that he would have found the server's secret key. If he wanted to decrypt another transaction, he'd need to spend as much time and effort on the second transaction as he did on the first. Of course, he would first have to figure out some method of intercepting the transaction data in the first place, which is extremely difficult. * Well, you're supposed to be running an 'AVS' check which means the customer tells you the billing address of the card and you are only supposed to ship to that particular billing address. If the charge is disputed, you can demonstrate that you shipped to the proper address; if not, you will lose the chargeback, and now YOU are the victim of fraud (consumers really have very little to worry about with credit card fraud from what I have seen). Foreign transactions get trickier because many of those systems do not support the Address Verification System. Here is a rule of thumb that I follow: if it's Japan, Australia or any country in the EU, I will take the risk. I will never ship to the Third World on a credit card. * There is a code on the back the card. If a merchant wants to be certain, he will check the code on the internet to see if the card was stolen. * Phone call verification