The biggest risk likely to be faced by internet users is retailer fraud. Almost every time anyone buys anything they use a credit card, typing the number into a box on the e-tailer's site.

This is open to hackers in two ways. If the link between the consumer and the e-tailer is not secure, the card number could disappear into the hacker's computer - and be used fraudulently. Or if the retailer's own computers are hacked, thousands of card numbers could be stolen all in one go.

There is also the risk of a retailer, through fraud or incompetence, taking too much money from the card or making card details available to ordinary visitors to its website, as Powergen did this summer.

Cardholder maximum liability for card misuse is set by law at £50, as long as the card holder does not authorise another user or hand over the Pin number. Several card companies - including Marbles and Egg - will pick up the bill for all online fraud.

None the less, card number theft takes a long time to sort out and the risk of fraud means credit card statements must be constantly monitored for unauthorised purchases.

The problem is growing quickly, and big card companies - led by Visa and Mastercard - are developing technological solutions. Meanwhile take basic precautions. Apply the same tests to web retailers as to financial institutions: ensure they are who they say they are by calling them. Don't use sites that do not carry telephone numbers and addresses. Before authorising a repeat charge - such as a regular subscription - make sure you can cancel it. Do not use sites that have no software security in place (adequate security is built into most browsers, and is shown by a small locked padlock in the bottom left-hand corner).

More security is appearing all the time for consumers to get used to.

"We would expect consumers to be hit with a plethora of different methods of identifying themselves," said Jon Prideaux, executive vice president of Virtual Visa.

The best attempt so far at a hacker-proof system is used by Allied Irish Banks and Marbles. Each time a customer wants to make a credit card purchase they contact the bank electronically and are given a new card number, which can only be used once. This makes hacking a number futile. But this cannot be used by everyone, as there are insufficient numbers to go around.

A handful of Visa card issuers in Europe will begin using a new security system in the autumn. All banks must adopt it by next October. Known as three-domain SET, this requires a customer to prove who they are to the bank before each online purchase. The bank then pays the retailer. The system's big advantage is that the retailer never sees the card number - eliminating one source of fraud.

At first, identification will use a username and password. Smartcards and card readers plugged into computers or mobile telephones could later add further security.

Mastercard is experimenting with a similar system. It is about to require retailers to apply a specific level of security to prevent hackers stealing card numbers. Peter Warner, a director of Europay, Mastercard's European affiliate, says electronic theft on a grand scale has yet to cause serious problems. "But we realise it is a threat and the way we have to deal with it is to impose minimum security rules at the merchant level," he says.

As security systems become more sophisticated, so do hackers. But to put it into perspective, fraud remains far more prevalent in the real world. Wholesale copying of cards by costs banks millions of pounds whereas only around 5 per cent of all card fraud comes from the internet. It is growing fast but it remains a tiny fraction of the total.