[4874] in WWW Security List Archive
Re: Netscape-Enterprise/2.01 https SLOOOOWW
daemon@ATHENA.MIT.EDU (David W. Morris)
Sat Mar 22 02:29:16 1997
Date: Fri, 21 Mar 1997 21:37:34 -0800 (PST)
From: "David W. Morris" <dwm@xpasc.com>
To: Vinnie Vedi Dolavimus <sfuze@escape.com>
cc: Dennis Glatting <dennis.glatting@plaintalk.bellevue.wa.us>,
WWW-SECURITY@ns2.rutgers.edu
In-Reply-To: <Pine.BSI.3.91.970321113304.18085A-100000@escape.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 21 Mar 1997, Vinnie Vedi Dolavimus wrote:
> I meant this on a PERCENTAGE basis -- the percentage of transactions, total,
> of credit cards in general and the percentage of transactions over the net.
> The percentage of fraud ovr the net is about 1% -- in real life about 2%.
> That is, of all transactions which occur over the net 1% of them, approx.
> is fraudulent. The real problem with security vis a vis credit cards /
> the net is that the majority of insurance companies and credit card
My concern continues to be that by definition Internet credit card
transactions means that the credit card information will be available on
an Internet attached computer. The potential that a poorly designed
internet commerce site will accumulate many credit cards is real and
scary. There are much easier ways to acquire individual credit cards than
sniffing network traffic and I figure the chance of my card being acquired
on the fly is very slim with or without SSL, SET, etc. BUT a database
full of creditcards on a computer system connected to the internet would
be a real attractive place to hack into. I know of one ISP who reportedly
lost 20K CC#s to a hacker who reached their billing system. That doesn't
mean that every or even most internet commerce sites provide a risk but
some do/will.
And why do you assume that the fraudulant use of credit cards acquired on
the Internet will occur on the internet. Seems more likely it will occur
in the more traditional venues. Crooks acquire valid credit numbers and
clone cards. With a source like a breached internet host with thousands or
card numbers available, each clone card could be used just a few times.
Dave Morris
