[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Credit Cards over the internet



Just read a forwarded message from a merchant who indicated that:

<quote>
Mastercard in no way authorises the transmission of credit card details via
the internet/email due to the possibility of fraud. Supposedly if
Mastercard finds that any merchant receives such details via
internet/email, they will cancel the merchants agreement/rights
immediately. While a lot of work is being done regarding the transmission
of secure data it has not been perfected yet. Merchants must have special
permission to accept details by phone or fax.
</quote>

We have no first hand knowledge of this change in the merchant account rules.

As a merchant who accepts credit cards via the internet/email, I know that
our credit card fraud rate is around 1 in 1403 transactions. In all cases,
the card we were given was stolen by conventional means and the charge was
authorized before that knowledge filtered through the credit card system.
Seems to me that this is a small percentage.

I have heard of no one who has had their card stolen while passing it
across the internet. Local restaurants and shops and Unix file servers,
yes, but via packet sniffing, no.

If the above internet/email restriction is true and if we assume that the
people at the credit card companies do know what they are doing, then it
sounds like someone might be attempting to kill the SSL method of accepting
credit card information in favor of some other standard such as SET. I'd be
willing to bet that SET will be proclaimed as the perfected method that is
suitable for use where other methods such as SSL or PGP would not be
allowed. I'd also be willing to bet that even with SET, the fraud rate that
I experience will remain the same.

Does anyone have real facts on this?

<name withheld>


Vinnie Moscaritolo
"Law - Samoan Style"
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A