[616] in WWW Security List Archive
Re: Credit Card Security
daemon@ATHENA.MIT.EDU (Paul Rarey)
Mon Apr 24 17:21:36 1995
From: Paul Rarey <Paul.Rarey@Systems.DHL.COM>
Date: Mon, 24 Apr 1995 07:57:39 -0700
In-Reply-To: Darren Reed <darrenr@vitruvius.arbld.unimelb.edu.au>
"Re: Credit Card Security" (Apr 22, 22:05)
Reply-To: Paul Rarey <Paul.Rarey@Systems.DHL.COM>
To: Darren Reed <darrenr@vitruvius.arbld.unimelb.edu.au>
Cc: riddle@is.rice.edu, ksaxe@midwest.net, www-security@ns1.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
On Apr 22, 22:05, Darren Reed wrote:
> Subject: Re: Credit Card Security
>
>Whilst on this subject, although a little bit off-track, an article in
>a Sunday paper (The Age) here in Australia included a quote:
>
>"I wouldn't bother stealing credit card numbers when I can make them myself,"
>"FRaCTal INSaNiTy" said.
> All the hackers agreed it was ``disgustingly easy'' to create credit card
>accounts.
>
>(The reporter was talking to a group of them). This was mentioned in
>reference to someone finding 1000+ credit card numbers sitting on an ISP's
>machine and going public about it. So give some serious thought to storing
>the CC# as well as getting it accross the internet securely.
Which is why a model which requires "acceptance" by the purchaser in a different
loop than the transaction is inherently more secure than using credit cards
directly (presuming you're not physically at the point of transaction).
--
Cheers!
[ psr ]
