[682] in WWW Security List Archive
Credit card security
daemon@ATHENA.MIT.EDU (John Hemming - Chief Executive Mar)
Tue May 9 09:45:22 1995
From: John Hemming - Chief Executive MarketNet <johnhemming@mkn.co.uk>
Date: Tue, 09 May 95 10:49:27 -700
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> Subject: Re: Credit Card privacy
> >I've discovered an interesting site on the web:
> >http://www.interlog.com:80/~pjm/cdshop/ibm/bykey.html
> >As far as I can tell, they aren't using any security whatsoever to
> get their
> >credit card numbers. Is this common, or am I missing something here?
> I think its common and becoming more common.
> I have talked to quite a few people who don't care about security for
> their
> credit card #'s. After all, its the credit card companies problem.
> Someone
> steals the #, I report that the charges weren't mine & refuse to pay
> them.
> Part of the reasoning goes: After all, any of the hundreds of people
> who
> have access to my credit card # could be stealing them. Casheers at
> the
> local supermarket, come telemarketing person I gave my # to over the
> phone, etc.
> None of these other users of credit card #'s are even remotely secure.
> We
> have gotten used to assuming some fraud, and the credit cxrd company
> (&
> merchants) pay for it so its not my problem.
The merchants pay for it. This is why the key problem for
credit cards and payment in general is authorisation not
security.
