When you use your card at a restaurant, the card usually is taken from your sight for a time, during which the number could be written down by someone. Later, the charge slip passes through a number of hands.
The same thing happens to your account number when you use it in mail order. And, letters can be lost or stolen from mail boxes at either end of the transaction.
On the Internet, it is possible for a hacker to devise a way to read mail that's en route someplace else. The hacker may obtain credit card numbers from that email.
The Internet connects any computer to any other. Obviously there isn't a single connection from each computer to each of the others, any more than your telephone has a direct connection to every other telephone in the world. The telephone system uses exchanges; the Internet uses special-purpose computers called "routers", whose sole function is to receive packets of data and send them on towards the correct destination. When a message goes from one computer to another, it is split into fragments which are then passed from router to router until they reach their destination (on a journey from London to the United States, it is not unusual for 12 routers to be involved). The routers are owned by the telecommunications companies and Internet service providers, and are physically pretty secure.
It is extemely unlikely that anyone could intercept communications at this level, and impossible for them to do it without being detected. Remember, each packet of data spends only a small fraction of a second in transit.
Electronic mail (email) is more vulnerable. This is because, like the real post, it spends a lot of time being stored and awaiting delivery: for instance, if a telecommunications link fails, then email that would have used that link will stay, waiting, until the link is restored. It is in principle possible for someone to bribe a computer operator at one of the mail servers and thus somehow gain access to all undelivered mail. A sophisticated program might then be able to extract anything that looked like a credit card number.
Remember, the amount of risk in giving out a credit card number is limited by two important factors:
1. The unauthorized person who has your number, but not your card, also needs to have an appropriate ship-to address. They can't buy anything unless they can wait for a package at your address while you are gone. If they can get a seller to ship a purchase to another address, that address becomes a matter of record and can help apprehend them.Your level of comfort in using your credit card on the World Wide Web is a personal matter. The Shakespeare Oxford Society has no special ability to control the small amount of risk inherent in credit card use.2. The credit card company limits your liability, as regulated by law.
If, despite all these reassurances, you are still worried about trusting your credit card details to a computer network, then send the order anyway. Instead of providing complete information about your card type, card number, and expiration date, provide just some of this information on your initial order and include a note that you will send the balance of the information in a separate message one day later (or, alternatively, that you will phone or fax us with the complete information about your credit card type, number and expiration date). We're glad to do it this way if it makes you feel more secure about the transaction. And of course our form is designed to be printed out and mailed, as in the days of old (the 80's).