BreachExchange mailing list archives
[Re] Hobbit's questions on one-time transaction numbers...
From: "Jellenc, Eli" <ejellenc () idefense com>
Date: Fri, 24 Feb 2006 11:05:11 -0500
I've not heard much about this, but then again, I've only begun researching the issue. I have an additional comment that I'd like to submit to the group for criticism. I know a lot of people that play online poker, some of whom are also cognizant of the dangers inherent to ecommerce. All but the very greenest of rookies tend to employ the following strategy: go to a local pharmacy and purchase a "pay as you go" credit card (currently offered only by VISA and MC if I'm not mistaken). When they get ready to connect to the poker site and ante up, they simply transfer funds from their "real" account or credit card into the "pay as you go" card...in a matter of minutes, even this amount is "spoken for" as they immediately use the card to increase their balance on the poker site. The one drawback is that the "pay as you go" cards are $10 a piece to buy, but for people seriously worried about the threat from data exposure, I don't see how this is any great sacrifice. And the intervening step of calling to make the transfer is sort of inconvenient, especially for people that make frequent purchases from many different sites. This is no panacea, to be sure...to publicize this as a method by which to thwart cybercriminals would be quite costly and difficult. Moreover, I have the impression that the credit card companies would be against this because it would begin to undercut their primary avenue of profit (i.e. interest). Heaven forbid people only spend what they have in their accounts at the moment. Either way, except for the cost of "educating" the public on the potential utility of this solution, I don't see many drawbacks. And what drawbacks do exist are still not as serious as the situation is today. Thoughts? Eli Jellenc Sr. Threat Analyst iDefense (www.idefense.com)-- A VeriSign Company 703-390-9456 ejellenc () idefense com
_______________________________________________ Dataloss mailing list Dataloss () attrition org https://attrition.org/mailman/listinfo/dataloss
Current thread:
- [Re] Hobbit's questions on one-time transaction numbers... Jellenc, Eli (Feb 24)
- Re: [Re] Hobbit's questions on one-time transaction numbers... Adrian Sanabria (Feb 24)
- Re: [Re] Hobbit's questions on one-time transaction numbers... Chris Walsh (Feb 24)
- Re: [Re] Hobbit's questions on one-time transaction numbers... Greg Broiles (Feb 25)
- Re: [Re] Hobbit's questions on one-time transaction numbers... Chris Walsh (Feb 24)
- Re: [Re] Hobbit's questions on one-time transaction numbers... Adrian Sanabria (Feb 24)