Is it safe to use online payments on Public Wi-Fi networks ?

[bbthumbhealer]

Hi guys,

Currently staying at a place where public Wi-Fi although secured is available. I need to use the online recharge facilities. what i wished to ask is it safe to open the site and make payments using my card over this network ?

If not, then what are the remedial measures that can be taken ? Like a firewall or Anti-Spywares ? I'm currently running Windows 8 and Super Anti-Spyware is also installed. Inbuilt windows firewall is also activated.


Thanks.

BBThumbHealer

 

[ayanavish]

Most Wi-Fi hotspots don’t encrypt the information you send over the internet and are not secure.

If you use an unsecured network to log in to an unencrypted site – or a site that uses encryption only on the sign-in page – other users on the network can see what you see and what you send. They could hijack your session and log in as you. New hacking tools – available for free online – make this easy, even for users with limited technical know-how. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs.

An imposter could use your account to impersonate you and scam people you care about. In addition, a hacker could test your username and password to try to gain access to other websites – including sites that store your financial information.

So what can you do to protect your information?

• When using a Wi-Fi hotspot, only log in or send personal information to websites that you know are fully encrypted. To be secure, your entire visit to each site should be encrypted – from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
• Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
• Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
• Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
• If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can obtain a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees.
• Some Wi-Fi networks use encryption: WEP and WPA are the most common. WPA2 is the strongest. WPA encryption protects your information against common hacking programs. WEP may not. If you aren’t certain that you are on a WPA network, use the same precautions as on an unsecured network.
• Installing browser add-ons or plug-ins can help, too. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren't encrypted. They don’t protect you on all websites – look for https in the URL to know a site is secure.

How to Stay Safe on Public Wi-Fi Networks

 

[Otaku]

^ Informative post. But except using VPN, there is no safe way to do payments over public wireless networks. SSL/TLS security mechanisms can be defeated by tools such as sslstrip in conjunction with MITM (Man in the Middle) vulnerability. In plain English, trust only VPN.

 

[bbthumbhealer]

So sorry to bump my this thread again. Started using Spotflux i.e a free VPN service ? Now wished to ask that is it now safe to transact online ?? I use sites for recharging, paying bills, IRCTC Railway bookings etc.. or still i'm vulnerable ? If yes, to what extent in %age .. Also its cloud based, can these companies have access to the data which i've entered ?

- - - Updated - - -

So sorry to bump my this thread again. Started using Spotflux i.e a free VPN service ? Now wished to ask that is it now safe to transact online ?? I use sites for recharging, paying bills, IRCTC Railway bookings etc.. or still i'm vulnerable ? If yes, to what extent in %age .. Also its cloud based, can these companies have access to the data which i've entered ?

TE'ians, Can i expect any reply on the same please ?? :sleep:

 

[bbthumbhealer]

TE'ians .. what happened ? No one there to reply to my query. Any inputs on spotflux please ?? I wish to find a solution badly.

 

[booo]

well, if the browser bar reads https and the color is green, then you are good to go. since the ecryption takes place between your browser and the website. it doesnt matter if you are connected to public wifi or your home router. for instance you can safely use icici bank, axis bank websites to make payments. on the otherhand accessing social networking sites which usually doesnt work over https is dangerous. again, it doesnt matter if its WPA or WEP over public wifis, only thing that you have to check is https and green.

 

[fragpic]

well, if the browser bar reads https and the color is green, then you are good to go. since the ecryption takes place between your browser and the website. it doesnt matter if you are connected to public wifi or your home router. for instance you can safely use icici bank, axis bank websites to make payments. on the otherhand accessing social networking sites which usually doesnt work over https is dangerous. again, it doesnt matter if its WPA or WEP over public wifis, only thing that you have to check is https and green.

Even SSL(https) can be bypassed by using ARP poisining attack.
Never tried on bank websites but Gmail usernames are clearly visible

 

[bbthumbhealer]

So, will a VPN work in this case as desired ? I'd my eyes set on Spotflux. But is it effective and can the data be still snooped upto what extent ?

 

[vivek.krishnan]

A VPN should work. However, its advisable to avoid using public wifi hotspots. All i use them is for mail + whatsapp but for any banking related, I do it within the confines of my home.

 

[onlyravi]

In one word NO. There are many ways in which the traffic can be captured...
So in short try avoiding such networks.
In your case you mentioned using credit card for payments so the good part is that in India CC transactions are very safe(due to 3D security) but if some one gets hold of your CC no, date and CVV they can use it on international sites which do not ask for 3D security.... so again its a risk....

 

[rajeshjsl]

yes you can use those on a public wifi but the connection between that site and yours must be encrypted ..

although there is a chance of man in the middle attack ,
the best is to use VPN ..
if u use a vpn , you are fully secure but the connections between vpn server connecting to the bank server must also be secure !!

so always use trusted VPN's or get yourself a vps and install openvpn on it and use it yourself ..