[4281] in WWW Security List Archive
RE: Sceptic about (Funds Transfer w/o PI
daemon@ATHENA.MIT.EDU (Mirick, James R.)
Fri Feb 7 12:11:51 1997
Date: Fri, 7 Feb 97 09:00 EST
From: "Mirick, James R." <FBS/DEV01/JRMIRICK%First_Bank_System@mcimail.com>
To: "james.e.hoburg" <james.e.hoburg@att.com>,
www security <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Please reply to the following MCI Mail address: 692-1709
RE: below.
I would only point out that for us "electronic banking" only front-ends
our existing mainframe (perish the word . . .) applications, which have
lots of fraud-prevention built into them. We don't have ANY card numbers
etc. stored in our Web server, any more than we have on our ATMs, which
themselves only front-end these same mainframe applications. The fraud
potential certainly is there for Internet-sourced transactions, but it is
different only in its nature from what comes at us from merchant POS,
ATMs, or through our telephone banking center. We need to better
understand these network risks, but we (try to) protect everything at the
core anyway.
Jim Mirick
General Manager, FBS Interactive
First Bank System www.fbs.com
Minneapolis
----------
From: james.e.hoburg
Sent: Thursday, February 06, 1997 5:17 PM
To: www security
Cc: James R. Mirick
Subject: Re: Sceptic about (Funds Transfer w/o PI
MCI Mail date/time: Thu Feb 06, 1997 5:07 pm CST
Source date/time: Thu, 06 Feb 1997 10:09:35 -0500
-------------------
I agree: the immediate risks are not intolerable for the
consumer--given
that
they are armed with knowledge. But there is a much greater risk for the
institutions providing electronic commerce.
For example, if I can compromise a website holding thousands of
customer
credit card numbers, bilking each cardholder for $50 is a minimal hit to
each
individual. But what of the cost to the card issuer? What of the
reputational
damage to the compromised vendor? Lost revenues because of lost
confidence?
The outcome of the ActiveX attack could be the same if mounted against
thousands of machines. Concerns about "NetCommerce" and security are a
result
of the very real potential for unprecedented _large-scale_ theft and
fraud.
Make no mistake: ultimately we will each pay for those risks; either by
increased transaction costs or fewer transaction options.
Regards,
jeh
//BEGIN BINARY MAIL SEGMENT:
begin 0644 WINMAIL.DAT
M>)\^(@@- 0:0" $ ! $ 0>0!@ ( Y 0 #H $(@ <
M& $E032Y-:6-R;W-O9G0@36%I;"Y.;W1E #$( 0V ! " @ " $$
M@ $ *0 %)%.B!38V5P=&EC(&%B;W5T("A&=6YD<R!4<F%N<V9E<B!W+V\@
M4$D D@T!!8 # X #-!P( !P ' # !@ % !\! 2" P . S0<" <
M!P C !, !0 ? 0$)@ $ (0 $8T,T(P,T9!0D(X,$0P,3$X1$9#,# P-$%#
M14$Q1#$R $8' 020!@ X P @ P # P P L #PX @'_
M#P$ !V !@E&1@0;@!" K*XHI !BQX 9 : #$ 10 !$
M=W=W('-E8W5R:71Y '=W=R!S96-U<FET>0T*(" @14U3.B!)3E1%4DY%5 T*
M(" @34)8.B!W=W<M<V5C=7)I='E ;G,R+G)U=&=E<G,N961U '@ ", $
M $ 34-) !X S ! 10 '=W=R!S96-U<FET>0T*(" @14U3.B!)
M3E1%4DY%5 T*(" @34)8.B!W=W<M<V5C=7)I='E ;G,R+G)U=&=E<G,N961U
M , %0P! P#^#P8 > $P 0 T !W=W<@<V5C=7)I='D
M @$+, $ !) 34-).E=75R!314-54DE460T*(" @14U3.B!)3E1%
M4DY%5 T*(" @34)8.B!75U<M4T5#55))5%E 3E,R+E)55$=%4E,N1415
M , #D "P! .@$ " ?8/ 0 0 ## , # $
M"P /#@ " ?\/ 0 '0 &"49&!!N $( "LKBBD &+'@!D
M !H ,P!! $0!J86UE<RYE+FAO8G5R9P!J86UE<RYE+FAO8G5R9PT*(" @
M14U3.B!)3E1%4DY%5 T*(" @34)8.B!J86UE<RYE+FAO8G5R9T!A='0N8V]M
M !X C ! ! $U#20 > ,P 0 $$ !J86UE<RYE+FAO8G5R9PT*
M(" @14U3.B!)3E1%4DY%5 T*(" @34)8.B!J86UE<RYE+FAO8G5R9T!A='0N
M8V]M , %0P! P#^#P8 > $P 0 \ !J86UE<RYE+FAO
M8G5R9P @$+, $ !% 34-).DI!3453+D4N2$]"55)'#0H@("!%35,Z
M($E.5$523D54#0H@("!-0E@Z($I!3453+D4N2$]"55)'0$%45"Y#3TT
M P .0 + $ Z 0 (!]@\! ! 3\I $#D 8 Z < !(
M + ", , )@ "P I # "X , -@ 0 Y
M "".W(O]%+P!'@!P $ I 4D4Z(%-C97!T:6,@86)O=70@*$9U;F1S
M(%1R86YS9F5R('<O;R!020 " 7$ 0 !8 !O!3]B]SZ SOU@+L1
MT(W\ 2LZAT2 # 80PP^9W , !Q F!@ '@ ($ $ !E 4D4Z0D5,
M3U=)5T]53$1/3DQ94$])3E1/55142$%41D]255,B14Q%0U123TY)0T)!3DM)
M3D<B3TY,64923TY4+45.1%-/55)%6$E35$E.1TU!24Y&4D%-12A015))4TA4
M2$573P " 0D0 0 'T& !Y!@ " L $Q:1G7D5V4F_P * 0\"%0*D
M ^0%ZP*# % 3 U0" &-H"L!S973N,@8 !L,"@S(#Q@<3 H.Z,Q,-?0J ",\)
MV3L5_W@R-34"@ J!#;$+8&[P9S$P,Q0@"PH2\@P!!F, 0 ?P13H@8F49%9!W
M+@J%"H5)('<1"&!L9" "(&QY(+QP;PN !4 (8 5 =!' UP5 A %P'4$("(;
M, 60MG0#8 , 8QL0 '!K"X!<9R(<U -1 C M"?!DHP0@"&$@97@$ '0?D2X@
M , +@ -080> ("CR< 9Q<V@=P2(P'( +((0@+B-2*2!A< M02Q\@'?!I B!S
M+!QP:+<?("*P$<!V(C 5D'0@P8)F("%A=60M<!8 [R4P C D41L0=0,0!4 =
M44IO(L)M(V @5R(P9 T"("<%0"4304Y9(/,D(",Q;G4&T 20!" 2 /YC(V A
M4 6P"8 G02#3*!#N8BI !) E,'(DD !P'1#O!& 6 !W" Z!W(C E$R;!<2#B
M051-)(<GHA'P;/\E,"#!'_LBPA'P*D B$B&XNR/:)^%4(N$EXQTA=":"_P=
M*2 $D &0"X = 00 (L([+%$>(DD", 21$@ M<_\(83.@, $B " - D12;P
MUR<Q)S$$(&0&D&8TD1UB[S0# Z W0 0@;AWP"' R@O\#<"2A'?$%H >"'?$>
M83ESCP> -= LD05 4$]3))#/+<0%L1W0 V!U9R*P(.+S,R >L'!H B B,!]5
M,Y'_-2(GY#5@-?(G@!L@ D $D'\>4""@*<$!D"_W-6$C$6O:("*!:S;5+-$H
M'N =$'\G<".P)D S$1[0(1 KH7E_'= A<AWQ(M(%H3%1+ !WM&%Y&WU*!W %
MT&D%$'1C:PJ%1PGP!) S<4W) '!A9RNR1D(%\#43-S9R)3 *A49&L"%0($)_
M'V$2,2%0)\ G\$L/2Y9W\4R@+F9B,B Z$0J%1J#^;C5@(] &\ 0 &XP*]"0
M"#$X, +1:2TQ-)XT#? ,T%!3"UDQ-@J@?4,U+5)W"H=1*PPP0R9&GP-A&P!1
M#T-$#((@:B(1F3(@92X]H";P<F=3'W]4+09@ C!57U9K,F (<'/.9$502&$K
M0')U"L =$ 0P-B20,3DY-R#(-3HQ7=!035@?5"V\5&]:7U9K3*$K86,(<<QT
M>5YO5"U#8V"/5FM^2E="!_ C8$:K8Y]9EW6<8FH>P65/5FM291L /E,SH 4P
M'R$!H!V2*$:[0"$$(%0V,C?1'' O)X#,4$E.?T^#,S90]Q0B\PP!0R9-0QQ@
M1_ #$5R _3,@+R%@!X ; %PQ7,)=6!5=X3!=T'!*X4-35/L*A2?P4S6S<FTD
MD%U@<U.'7:,9('10.3HS-5)@_# U3_ *A5)X4HYU!QQ@_T@@"=$; "+2!W '
M@#>@<H'W0:0CP"Q1;B5P)T,>L"( ?P)@-+1$A " *9 $D'F@9]U)06X*A1W2
M?\=E'1!]$E\*P'PQ'' W0"*P:WU0=^T>L&1(,"?A0AVC-)(T0?IA(:!U).$)
MP7*!!<!!LG]^1@J%"X A43D@)$-#$G;^:3>@(8$>J3H1.R)7D'I.WD8%L2$@
M(A +4&4DD :0WQQ1)" #H#H10R%M! Q4?\LP4SP-T LX0;PAO,=T A@_S"
M(*,EP&+ *E$[(0J%!0#_?$$Y\2E)-N$#$#XC3@ DX>\I,HPR/_$>(B1X<(-U
M"X#_!W S<23 ';$G@)!"A6<WH/N&T5T0;(*U.<,EL42$2A'/)W0I) 0!"E!R
M/R?QE-C["H46 ' =H"0S!T *A5R _P# 2#"5QXKW', F<2A EN+^3)62)E,*
M4 0@&R D(!Y@?RTQ)< 5D$H1?M%0( VP;GTSH#]Z3C)B'9$Z$I4&0?U)(U@Z
M80&01N Z 1RB&R#_(L,P@XI1!&! (#,@',!((/\+<2%0?\>,V0#!1 %7872Q
MKP(@,Z$&,6TD(@? = A0_X@4'\! DF*F@228,7\ )R!_"H65%4.RF#$S<3,(
M'B-N;R9!->$^@AS 7PM@5_!E]S60)" >L%\BP@& IT,EX_L;=D?P:WTRD@%
M<:Z0&P"_J+&203U1'1 LT0/P; ,@OY!#"K @$3QCE9!\E3LA$+N!X3_Q8F,6
M"X".<6&:TG\V*95S(,&1(0?0/_&S^F__;-$R AN,;&"C, L@)( *A?]J0),V
MN.]OCQG;0R8*A14A @"]< , $! P 1$ ! <P0#3PPOL4
LO % @P0#3PPOL4O $> #T 0 4 !213H@ , #33]-P 9WI$
end
//END BINARY MAIL SEGMENT
