Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hacking Demonstration Shows Dangers of E-Commerce

From: mea culpa <jericho () DIMENSIONAL COM>
Date: Sat, 6 Nov 1999 23:25:57 -0700
Reply From: "Jay D. Dyson" <jdyson () techreports jpl nasa gov>


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 4 Nov 1999, mea culpa wrote:


Before you get excited about doing all your Christmas shopping online,
you might want to read this: Peggy Weigle is CEO of a Silicon Valley
software company. She knows her way around a computer, and she's a
regular Internet user.

But you won't catch her doing any online shopping this holiday season.
``I probably would have done it last year,'' Weigle said. ``But knowing
what I know now, I'm physically going to the stores.''


        All told, while the risks of doing online business with one's
credit card are indeed genuine, the risks bear little real difference than
the risks of using plastic in the real world.  Consider the last time you
used your credit card to pay for dinner at a restaurant.  You turn over
the plastic (with your signature on it) to a perfect stranger who
disappears with it for up to 10 minutes (sometimes longer).  That's more
than ample time to make a wax impression of the card, copy the magnetic
stripe *and* acquire a sample of your signature on which to practice
forgeries.

        In any case, if your card is forged on either the 'net or in real
life, you're still only liable for the first $50 of fraudulent purchases.
After that, the credit card company has to eat the rest.

        Given the above, I'm surprised that there isn't a bigger push by
credit card companies to force online merchants to undergo something like
an Underwriter's Laboratory (UL) sanctioned security audit.  (I don't even
know if such a beast exists, but it should.  Hmmm...maybe I'm in the wrong
line of work here.)

- -Jay

   (                                                              ______
   ))   .--- "There's always time for a good cup of coffee" ---.   >===<--.
 C|~~| (>--- Jay D. Dyson - jdyson () techreports jpl nasa gov ---<) |   = |-'
  `--'  `------ When it's hot, it just ain't hot enough. ------'  `-----'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBOCHTrozYnY/37fGZAQEwVQQApRzEFXK/GwkklVsmYeS2uXA0xKQ16PRT
QBdweRdyMANkMn4ySmCRRBTUrk4v7kn1mhmdS+dt/1DQK/RxTL7cQfOvhF6kIXvr
fOWjSLhQTm/FAwtOuC4926xtlaDLBv4BFy/oHW5LZkpfIAtX9v4IaN27stfiFSPw
DwQCvPK6F0E=
=7G4y
-----END PGP SIGNATURE-----

ISN is sponsored by Security-Focus.COM
Previous By Date Next
Previous By Thread Next

Current thread: