[Previous] [Next] [Index]
[Thread]
Re: Credit Card privacy
Excerpts from mail: 9-May-95 Re: Credit Card privacy hopmann@holonet.net
(1390*)
> >As far as I can tell, they aren't using any security whatsoever to get their
> >credit card numbers. Is this common, or am I missing something here?
> >
> I think its common and becoming more common.
> I have talked to quite a few people who don't care about security for their
credit card #'s. After all, its the credit card companies problem.
Yes, this is true, but the credit card companies' problems will
eventually become everyone's problems if we let it. And remember that
it isn't really the "credit card companies", it is the BANKS, who
basically own Visa and MasterCard and who really call the shots.
Credit card fraud is already high and accelerating -- a very real
problem in need of solution. If net commerce makes the situation worse,
it is within the power of the credit card companies to simply FORBID
merchants to accept credit cards over the net. This is what will happen
if lots of merchants take unencrypted credit cards, and hackers start
using this procedure to facilitate large-scale credit card theft. The
banks simply won't have any choice but to deny merchant status to anyone
who accepts credit cards via Internet. That would be Bad News for the
net.
Unfortunately, schemes based on encrypting credit cards in transit to
the merchant (using SSL, SHTTP, PGP, or whatever) only solve a very tiny
portion of this problem. If the merchant decrypts the credit card, his
machine becomes an attractive target for criminals. Remember that Kevin
Mitnick stole 20,000 credit card numbers that were stored on Netcom when
he broke into their machine. Thus for all the bother of deploying
compatible cryptography on the buyer's side, you get precious little
additional protection from these schemes.
Thus, in overview we have two opposing trends: sending CC #'s in the
clear is extremely easy to do, and relatively harmless for the buyer, as
you observe, but potentially so dangerous for the banks that they could
eventually halt net commerce in its tracks if that's how it is done.
The name of the game, then, is protecting the banks while keeping things
super-easy for the customer. These are the two primary motivations
behind First Virtual's system, which accomplishes both quite nicely. If
you haven't already checked us out, you can learn how it works at
http://www.fv.com. We've been fully operational (real money) since
October 15, 1994. For over four months now, our user base & transaction
volume have been growing at a steady 15% per WEEK (although recent signs
are that the rate of growth is now INCREASING even from that level). We
now have two Fortune 500 companies selling with First Virtual (Apple &
Reuters, c.f. http://quicktime.apple.com), with more on the way. The
Federal Elections Commission has approved the first PAC fundraising in
Cyberspace, also using First Virtual (http://www.cais.com/newtwatch/).
And there are over 100 different smaller-scale sellers on our Infohaus,
including National Public Radio (c.f. http://www.infohaus.com). It's
real. Check it out. -- Nathaniel
--------
Nathaniel S. Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings Incorporated
Phone: +1 201 540-8967 (fax 993-3032)
FREQUENTLY ASKED QUESTIONS (& PGP key): nsb+faq@nsb.fv.com
-----VIRTUAL YELLOW RIBBON----zldf@clark.net----VIRTUAL YELLOW RIBBON----
> When privacy is outlawed, only Support the Zimmerman Legal Defense! <
> outlaws will have privacy! http://www.netresponse.com/zldf <
Follow-Ups:
References: