[683] in WWW Security List Archive
Re: Credit Card privacy
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Tue May 9 10:45:11 1995
To: Paul Phillips <paulp@cerf.net>
Cc: www-security@ns2.rutgers.edu
In-Reply-To: Your message of "Mon, 08 May 1995 10:22:09 PDT."
<Pine.SUN.3.91.950508101920.2372A-100000@nic.cerf.net>
Date: Tue, 09 May 1995 07:13:41 -0400
From: Amir Herzberg <amir@watson.ibm.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Paul Phillips says,
> On Mon, 8 May 1995, T. Jason Ucker wrote:
>
> > As far as I can tell, they aren't using any security whatsoever to get their
> > credit card numbers. Is this common, or am I missing something here?
>
> It's common, though most places give you an option (in theirs it's "Call
> me for Credit Card Information.") This is because the risks of sending
> your credit card over the net are no greater than those of using it at
> the department store.(IMO)
I think they are somewhat greater. More important, the credit card companies
think so. On the contrary, they (cc comp.) understand that a crypto protocol
like iKP could provide _better_ security than existing mechanisms. The result
should be reduced rates (commissions), and this is a crucial aspect of credit
card business, where small diffrences of risk and commissions could mean a lot
for the participants. That's why we need a good payment mechanism: to make
commerce on the net inexpensive and viable.
Best, Amir
