1995-11-14 - Re: [NOISE] Credit Card security in the New York Times

Header Data

From: frantz@netcom.com (Bill Frantz)
To: cypherpunks@toad.com
Message Hash: 1afc6f2953c4adc1390cc33ec1b7304ae359a0f1f6ffc3481e895dc80939cc47
Message ID: <199511142212.OAA14291@netcom17.netcom.com>
Reply To: N/A
UTC Datetime: 1995-11-14 22:40:58 UTC
Raw Date: Wed, 15 Nov 1995 06:40:58 +0800

Raw message

From: frantz@netcom.com (Bill Frantz)
Date: Wed, 15 Nov 1995 06:40:58 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Credit Card security in the New York Times
Message-ID: <199511142212.OAA14291@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:50 11/14/95 -0800, anonymous-remailer@shell.portal.com wrote:
>On Mon, 13 Nov 1995, Nelson Minar wrote:
>
>> Today's New York Times has a nice article in the business section
>> about credit card security on the Internet. It's more of an editorial
>> than an article, but it's an editorial with the (IMNSHO) right spin:
>> shipping a credit card number over the Internet, even unencrypted, is
>> no less secure than giving it out over the phone.
>
>I haven't picked up the paper and looked at the article...
>
>If someone in the Business Section of the New York Times is writing as you
>say -- writing that shipping a credit card number UNENCRYPTED over the
>Internet is no less secure than giving it out over the phone, then we have
>a SERIOUS communications/understanding gap to overcome. 

I did read the article.  It said, "The truth is that sending a credit card
number to an electronic merchant over the Internet is probably the safest
way to make such a transaction.

"In the last week, for example, I handed my credit card to a waiter who
disappeared with it for five minutes.  I faxed my credit card information
to a business in New Jersey, and the fax probably lay exposed to everone in
that office for hours and perhaps to the cleaning crew than night. ...

"Yes, there is a risk that someone was tapping my telephone when I read my
credit card number aloud or faxed it.  [reminder about cell phones deleted]
 A spy might have snapped a picture of my credit card with a hidden camera
when I handed it to the waiter.  A hacker might have intercepted my numbers
as they passed through an Internet router in Hackensack, N.J.

" But compared with the risk of handing my credit card to a stranger, which
I do nearly every day, sending it over the Internet is pretty secure.

"The real reisk of sending my unencrypted number is not that some
cyberspace cowboy will intercept it en route to the electronic merchant,
but rather that the receiving company will store my credit information in
an insecure computer. ...

"My credit card number was probably among the 30,000 or so that were lifted
last year from unsecured computers of Netcom ...

"Willy Sutton did not myug individuals for their wallets; he robbed banks,
because, as he noted, that's where the money was...

"... The people who should be really nervous about electronic commerce are
the banks, brokerage houses and those who do business-to-business
transactions."


In context, a much more reasonable view than the anonymous poster suggests.
 I add, that with an insurance policy (that you are forced to pay for)
which broadly limits your risk to $50, you don't have to be all that
carefull.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA







Thread