[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: credit card conventional wisdom

This may be a stupidly obvious question but..... 
We could argue until the cows come home, hell freezes over or the Cubs win
the World Series, what ever comes first ;-) about whether giving your credit
card number to a waiter or an 800 # clerk is any more or less secure than
transmitting it encrypted or clear text over a data link.

However, this misses a very large point.  The reason I will give my 
credit number to a clerk is that the bank/credit card consortium will
indemnify me against losses from fraudulent use of my card. Tearing up your
carbons is more to protect the bank than it is to protect you. The risk to
*me* is virtually zero if I am a good bank customer.  

I have seen no such statement from the Visa/MasterCard/bank consortiums
regarding who is at risk if my card number is stolen and used in cyberspace.
When I get a written indemnification from them stating clearly that 
using my credit card in cyberspace is no different from using in a local
restaurant, then I see no risk to the user in using the card in cyberspace.

The risk to the bank and merchant.......Now that is a different matter.
Credit card usage on the net will never take off until this issue is
solved to the satisfaction of the bank and the user.  Until this happens
arguing this issue is like arguing about how many angels can fit on the 
head of a pin.


Arley Carter
Tradewinds Technologies, Inc.
email: [email protected]
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from <insert your favorite 
corporation of government agency>."

 On Wed, 15 Nov 1995, Howard Melman wrote:

> On Tue Nov 14, 1995, Vladimir Z. Nuri wrote:
> > attempts to get secure credit card number transfer on the
> > internet are not an end in themselves. they are the first
> > steps toward an entirely new transaction system. those who
> > see a single step and criticize it as feeble in the
> > context of past systems are missing the point and
> > apparently can't think past the present nanosecond of
> > their lives.