2

I will be away for 1 month and during that time period I will have Internet access only via public wifi networks.

I tried finding on the net tutorial on how to safely access and handle paypal payments, but I found advises on either buying a VPN or using Hamachi to access always-on PC. I don't have access to always-on PC and I would not like to pay for VPN if I don't have to. The other reason is that VPNs would slow down already slow public wifi connections.

Is there a way I can safely connect to public wifi and make paypal transactions?

I would be connecting to public wifis using PC laptop (win 7) or Android mobile phone.

clearojne
  • 165
  • 3
  • 8

1 Answers1

4

Paypal transactions are already secured using SSL/TLS.

Assuming that you are using your own device that has not been compromised with malware, it should be perfectly secure to peform Paypal transactions on a public wifi network.

  • You are saying if my laptop if malware free, I can log into paypal account and make transactions without fearing of someone sneaking into them? Is the same with every HTTPS website (ebay, gmail, etc.)? – clearojne Jun 20 '13 at 11:51
  • @clearojne Yes. If a website is secured using HTTPS, the data you send over the network is encrypted. –  Jun 20 '13 at 11:55
  • 1
    @clearojne - Yes. Provided there's no rogue certificate installed on your web client to enable MiTM (Man in The Middle) attacks, then you should be secure. You should inspect the certificate used to connect to a HTTPS website though, and some plugins exist that will additionally alert you of such dangers (e.g. Certificate Patrol for Firefox), and others that will always try to load pages via HTTPS when both HTTP and HTTPS are available (e.g. HTTPS Everywhere). Also see [this thread](http://security.stackexchange.com/q/37597/20074) for more relevant information. ;) – TildalWave Jun 20 '13 at 12:02
  • 2
    @clearojne also be sure that the certificate is *valid* – Rob Jun 20 '13 at 12:34
  • If I remember correctly, HTTPS Everywhere does certificate pinning through its SSL Observatory feature. That should help identify rogue or spoofed certificates. – Polynomial Jun 20 '13 at 14:37