By Peter J. Howe, Globe Staff

Nervous about shooting your credit card number and personal data out into cyberspace? Join the club: Despite the 17 million American households estimated to have flocked to on-line shopping, millions of people remain ill at ease with e-commerce.

On one level, this is not entirely irrational. There's a big difference between handing your credit card to a waiter you've never met - or reading the digits to an airline telephone agent - and sending it into a network where, if mishandled, your card number could go anywhere in the world in seconds. Or your name, address, and shopping habits could get zapped to merciless spammers and catalog houses eager to clog your mailbox and e-mail with unwanted offers.

''We know what the vulnerabilities are today in the traditional system of using a credit card,'' says Matthew Kovar, a senior analyst with The Yankee Group, a Boston consulting firm that specializes in e-commerce, telecommunications, and energy businesses. ''We don't really know what the vulnerabilities are in the Internet society. It's a mighty scary place out there, and nothing is 100 percent safe in my mind.''

Seen other ways, however, many specialists think fears about the security and risks of e-commerce are vastly overstated - especially if you compare them to the risk of getting in your car and driving to the mall.

In the first place, virtually every large, reputable business selling goods and services over the Web uses elaborate encryption technology that, during a transaction, keeps your card number far better protected than it is during the three minutes a restaurant waiter walks it to a back room to charge your meal tab.

''The Internet itself is very safe,'' says Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. Encryption technology, Rotenberg says, ''basically scrambles your number and operates much like a kryptonite envelope.''

Internet security, in fact, is a booming business. The Yankee Group projects that by 2003 ''intrusion detection and security assessment'' software and services will generate $740 million annually.

Furthermore, if you use a credit card for your Web purchases - which is considered the First Commandment of on-line shopping - the federal Truth in Lending Act limits your liability for unauthorized purchases on your card to $50 per theft. Some companies, including American Express, NextCard, and Yahoo!, offer Internet-based cards that purportedly release you from any liability for unauthorized charges.

Let's say the odds are one in 1 million that, over the course of a year of Web shopping, you will be the person whose card number is somehow stolen and misused. Exact numbers on Web-based card number thievery cannot reliably be estimated, but specialists say so far it seems extremely rare.

Say the hassle of sorting out the mess and canceling the card costs you another $50. That means your financial risk is on the order of one-hundredth of a cent per year for the convenience of being able to shop to your heart's content without ever leaving your computer.

Given the risk/reward ratio of on-line shopping, and the elaborate security procedures widely used, analyst David Truog of Forrester Research of Cambridge, an Internet research company, says fears about card numbers being purloined are out of proportion to the actual danger.

''What you really should be worrying about,'' Truog says, ''is the security of the data about yourself you reveal to the merchant.''

Every time you buy something over the Internet, you tell a business some very valuable information: Who you are, where you live, what you like to buy, and perhaps (based on what you buy) how much money you make. This is the kind of data companies can make a lot money selling and trading.

''If consumers are going to worry,'' says Truog, ''I think that's what they should worry about.''

Last year, the Federal Trade Commission blasted the on-line shopping industry, saying it had ''fallen far short of what is needed to protect consumers'' from having the personal information they furnish to sellers misused.

As the FTC was preparing its report, however, more than 100 companies came together to form the Online Privacy Alliance in hopes of staving off federal regulation. Members include America Online, IBM, Microsoft, and the Direct Marketing Association. The group hired a former FTC commissioner, Christine Varney, to help push companies to adopt better privacy policies and to do a better job spinning the e-commerce risk debate.

However, a May survey by Georgetown University researchers found that nearly 93 percent of the most frequently visited Web sites are collecting ''personally identifying information'' from visitors that many people would not want to share.

Yet there are indications that Web shoppers are eyes-wide-open sophisticates willing to trade some privacy for convenience and savings.

Privacy and American Business, a Washington research firm, found that 86 percent of 460 adult Internet users surveyed said they are willing to give personal data to Web-based sellers, as long as they are told how the data will be used and given some benefit (like discounts or special offers) in exchange.

''The jury is still out as to whether self-regulation will work,'' FTC chairman Robert Pitofsky told The New York Times earlier this autumn, ''but there is no doubt that the industry has made a lot of progress on the Internet privacy issue in the last year or so. If the industry keeps making as much progress as it has recently, I don't see how you can really argue that we need legislation.''

One key legislative step has been taken already. The Children's On-Line Privacy Act, passed by Congress in October 1998, requires Web sites to get parental permission before collecting any personal information from children under 13.

Last month, Enonymous Corp., a San Diego-based company, unveiled a free service that rates more than 10,000 Web sites n how good a job they do keeping your personal information secret.

By visiting www.enonymous.com, you can download onto your computer's hard drive a program that will display, in a little window, a site's privacy rating. Sites are ranked with from one to four stars. A recent check ncluded AOL.com, Buy.com, and QVC.com among the four-star rankings while Ticketmaster.com and Gap.com had just one star.

You can also use an Enonymous ''universal alias'' when you register. This device will cause any e-mail spam generated by a shopping site to go to an electronic trash can at Enonymous.

Another new option to improve the security and convenience of on-line shopping was unveiled this fall by Microsoft. Called Passport, it allows users to store credit card and shipping information in one purportedly secure place. It is then instantly transmitted - so you don't have to retype it - when you shop at more than 50 sites, including Barnes & Noble, which can be accessed at www.barnesandnoble.com, as well as Costco.com, and OfficeMax.com.

How does Microsoft make money? To complete your transaction, you are moved to a Microsoft page that carries ads. Microsoft also charges companies to participate in Passport-aided transactions.

The question, of course, is how you feel about Bill Gates having this data. ''Using the service,'' says Margie Miller of Microsoft, ''you are saying, 'Yes, I'm comfortable using the service with my information stored on Microsoft servers.'''

One reason to feel uncomfortable was briefly, if embarrassingly, revealed in September when hackers found an easy way to break into 40 million Microsoft Hotmail electronic mail accounts, a glitch the Redmond, Wash., giant quickly fixed.

But given the enormous convenience and quick access to comparison shopping information offered by the Internet, many analysts see e-commerce as an unstoppable train that has left the station in a big way.

Forrester Research predicts that within 5 years, 49 million US households will be on-line shoppers, spending $184 billion a year. That would amount to 7 percent of all retail spending, all done by simply clicking on credit.

Peter J. Howe covers telecommunications and energy providers for the Globe's business section. His e-mail address is howe@globe.com.