From: hallam@w3.org
Date: Wed, 15 Nov 1995 10:52:04 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: credit card conventional wisdom
In-Reply-To: <199511150156.RAA18623@netcom21.netcom.com>
Message-ID: <9511150233.AA31764@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



The articile misses the point. What the credit card cos are worried about is the 
disclosure of credit card numbers in bulk by merchant servers connected 
incompetently to the internet. The issue of customer exposure is a non issue, 
regulation E means that there is no customer risk.

There is in fact a distinction between "card present" and "card not present"
transactions. AMEX cards for example have an extra group of four digits which 
are not part of the embossed card number. They are used as additional 
verification to prove that a card is present. In general a merchant pays a lower 
commission for card present transactions to reflect the reduced risk.

The point of the article is that people running roung like headless chickens 
because of Internet insecurity miss the main point, the security is no worse 
than the real world we just have rather higher standards.

What it does mean is that people like myself will be able to make a nice living 
explaining to people what security issues to forget and which ones to worry like 
hell about.


		Phill