From: Howard Melman <melman@osf.org>
Date: Wed, 15 Nov 1995 23:01:56 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: credit card conventional wisdom
In-Reply-To: <199511150156.RAA18623@netcom21.netcom.com>
Message-ID: <9511151447.AA10433@absolut.osf.org.osf.org>
MIME-Version: 1.0
Content-Type: text/plain




On Tue Nov 14, 1995, Vladimir Z. Nuri wrote:

> attempts to get secure credit card number transfer on the
> internet are not an end in themselves. they are the first
> steps toward an entirely new transaction system. those who
> see a single step and criticize it as feeble in the
> context of past systems are missing the point and
> apparently can't think past the present nanosecond of
> their lives.

You'll have a hard convincing folks that they need something
better than what works perfectly well today.

Here's another point that I didn't see in your list.  Today
it might be just as safe to send your CC# over the internet
as giving it to a clerk, etc.  This is mostly because the
number of CC#'s sent over the net vs the whole traffic is
small.  It is therefore not very cost effective to try to
steal credit card numbers over the net vs other means
(searching through dumpsters, taping a phone line near LL
Bean, etc.).  If CC# purchases became common over the net,
it would become much more valuable to try to steal them from
the net and more people would.  It would then become much
less secure, not for any technical reason but because there
will be more crooks exploiting the existing flaws.

Where is it most common to steal cellular phone id's (I'm
not sure what they are called, but the id's sent that
someone can steal to build a forged cell phone)?  At
airports.  Why?  Because more cell phones are used there,
everyone uses one as they get on or off a plane.  If you
want to troll for id's, go to where there are many.

Howard