Re: Scam artists, your web browser, and you

[Paul Wouters <paul () xelerance com>]

On Wed, 10 May 2006, Dave Aitel wrote:

> amount of browser compartmentalization is going to help. But since
> everyone is dumb enough to give their credit card number out, it's
> really Visa/Mastercard/Amex's problem and they need to either fix it,
> or stop wasting tax-payer's money by making the FBI hunt these people
> down.

The other day I listened to the CEO of Whitehats, a security company
that listed all the things that were wrong in security and how people
get your creditcard info, and how all of us in IT are to blame for
this. But really, if you look at who is responsible for people *trying*
to fraud us, it is really the creditcard companies with their system of
"hand every secret over for every transaction" that are causing the
widespread attempts at fraud. It is too simple.

And even with getting fooled like you were, if you hadn't give out ALL
your secrets, you would be at most frauded for the amount of the
transaction, making the possible loss the same as when you try to buy
your ticket from some random shop on a random street. But because of
the stupid way creditcards work, every time you do a transaction, you
have to hope the other end won't plunder your account. Having the insurance
it can be undone is nice, but I've seen it happen, and this person had to
loan money from friends for the 4 months his account was in massive debt
over the fraud. (I think in this case it lasted so long because the fraud
was an inside job at the bank)

Paul