Your personal information (including your order and credit card data) is protected by the industry-standard Secure Sockets Layer (SSL) protocol. SSL encrypts (scrambles) your private information and confirms the identity of the secure server before allowing your data to be transmitted over the Internet. When you see  "https://......." in the address bar you will know that your data travels over a secure connection. Netscape Navigator 2.0+ (or better) and Internet Explorer 3.0+ (or better) support the SSL protocol.

For added security, the credit card number is also encrypted when it is sent to the credit card bank for verification and approval.

If you are not the kind of person who worries about being hit by lightning as you're crossing the street, you probably don't have to worry that your credit card number will be intercepted on the way to a secure Web site.

As was recently reported on CNN:

Security
The media have generated a lot of heat on the potential perils of sending your credit card information over the Internet. We and our carriers are particularly concerned with this issue, since our business as agents and that of the carriers depend on:

1. Maintaining a good relationship with you, our customer; and
2. Adhering to credit card company policies in order to maintain our credit card clearinghouse access.

What's my liability?
While we have the very highest confidence that your credit card number is safe, consumer protection laws provide you with additional layers of protection. By law, a credit card customer who has a credit card number stolen and fraudulently used may only be held liable by the card provider for up to $50 of any illegal activity. And in many cases, this fee is waived by the credit card company at the request of the card holder.

Is my internet connection secure?
If you are using Netscape 2.0 or later or Explorer 3.0 or later, your shopping transactions are fully encrypted (scrambled using a secret code) when you use our secure server (https://.....)  We recommend that you use the latest browsers to ensure that you take advantage of the latest advances in security and encryption technology.

Please note: Only the actual order/signup pages need to be secure because these are the only pages contain your private data (i.e., telephone numbers, addresses, credit card or payment information). Securing the entire site slows down page transmission and would be "overkill". To verify that security is "on" when you are on the Checkout page, you can look for the following:

If you are using a Netscape browser:
Check the lock icon (v4.0) or key icon (v3.0) at the lower left corner of your browser window. If the lock is shown closed (or the key is shown unbroken), your network link is secure. If the icon is faded blue, broken in two parts, or open, the link is not secure. Also, in v3.0, a solid blue bar will be displayed across the width of the browser window.

If you are using Microsoft Internet Explorer:
Check the status bar for a message which says "secure Web site" (or something similar) and/or a gold lock somewhere in the status bar. In some versions, a solid blue bar will be displayed across the width of the browser window.

What is a "secure link", anyways?
A secure link means that your browser will automatically encrypt any information that is sent across that link. Electronic encryption codes are generally quite difficult to break. Modern codes require 1,000's of computer hours and sophisticated code-breaking algorithms. Our on-line ordering/signup processes use Secure Sockets Layer (SSL) technology, the industry standard and among the best software available today for securing commerce transactions. It encrypts all of your personal information including credit card number, name, and address, so that it cannot be read as the information travels over the Internet. SSL adds some overhead to transmissions, so you may experience longer transmission times while using a secure link.

How can my card number be intercepted?
Sending your credit card over the Internet is rather like giving it to a mail order company over the phone. People near your phone, at the phone company, and at the mail order company could theoretically listen in on your conversation -- if they had the right equipment and were in the right place at the right time.

Similarly, on the Internet, a person on your local-area network (i.e., at your home, business, or school), or anyone with access to Internet traffic, such as your Internet Service Provider (ISP) or a person at the destination company, could listen in to try and get your credit card number. However, this person would have to have:

1. Access (in particular, "Super-user" access, which is usually only granted to those who are directly responsible for the maintenance of the computer),
2. Skill (the technical "know how" for breaking encryption codes, which is relatively rare),
3. Time (since breaking encrypted communications is extremely time-consuming), and
4. Resources (code breaking generally involves using banks of super-fast computers working in parallel, since a single computer could literally take years to accomplish this type of task).

The most vulnerable points to interception are the local networks at each end of a connection. Unlike the point-to-point nature of the backbone network most local nets are broadcast (that is, all machines on the local (i.e. intra) net could, if so programmed, see data traffic sent to all local machines). This makes the local endpoints the most vulnerable to data interception. In particular, if a thief can gain control of one machine on the local (intra) net, then all traffic to all local machines can be read. The risk therefore is highly correlated with the level of security on your local area network. Remember, though, that even if such a network were compromised, the crook would still have to decipher the encryption.

Observations
An important point to remember is that a thief has to wade through a lot of network traffic to find the handful of encrypted data packets that might contain private credit card info out of 1,000,000 packets that carry public information.

Further, even if a thief could gather lots of encrypted packets, he still has to break them all in order to find the one encrypted packet out of 100 that contains a credit card number. Breaking an encrypted packet can be a daunting task, requiring 1,000's of computer hours.

Another important point to remember is that after all of the work required to steal a credit card number, the thief only has a limited window for using any ill-gotten numbers. Credit card companies have implemented sophisticated pattern recognition programs to look for potential illegal activity on stolen credit cards. If they spot a problem, that number is frozen from further use.

Therefore: Since the Access, Skill, Time, and Resources necessary to grab credit card numbers off the Internet is so high and the potential payoff is so low, the likelihood that this would be done over the Internet is correspondingly very, very, very low. Quite frankly, it is much easier and faster for someone to make up fake numbers by using the published mathematical algorithms that create credit card numbers. Or even easier, steal numbers by rooting through people's trash cans looking for old receipts. (As a reminder, don't throw away your credit card statements and shopping receipts in the trash!)

Therefore: Shopping over the Internet is as safe as shopping at a store in your neighborhood. We order products online all the time, both as a company and as individuals. When we use a credit card to buy something online, we feel at least as safe as we would using one in a store or restaurant.