1995-11-15 - Re: credit card conventional wisdom

Header Data

From: “Vladimir Z. Nuri” <vznuri@netcom.com>
To: Arley Carter <ac@hawk.twinds.com>
Message Hash: 87aa6e2a240610565023be3446c1dfdd958a8daa9ce4accf2f72131ccdc0a177
Message ID: <199511151924.LAA29261@netcom13.netcom.com>
Reply To: <Pine.HPP.3.91.951115112428.20058C-100000@hawk.twinds.com>
UTC Datetime: 1995-11-15 19:45:37 UTC
Raw Date: Thu, 16 Nov 1995 03:45:37 +0800

Raw message

From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 16 Nov 1995 03:45:37 +0800
To: Arley Carter <ac@hawk.twinds.com>
Subject: Re: credit card conventional wisdom
In-Reply-To: <Pine.HPP.3.91.951115112428.20058C-100000@hawk.twinds.com>
Message-ID: <199511151924.LAA29261@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Arley Carter <ac@hawk.twinds.com>

>This may be a stupidly obvious question but..... 
>We could argue until the cows come home, hell freezes over or the Cubs win
>the World Series, what ever comes first ;-) about whether giving your credit
>card number to a waiter or an 800 # clerk is any more or less secure than
>transmitting it encrypted or clear text over a data link.
>

the point of my post was that I AGREE. the only issue is that we should
make internet security as superior as possible regardless of the security
of credit cards in the real world. I was attacking the line of thought
that goes, "credit card security is already marginal, therefore why 
should anyone try to improve it in cyberspace"? this is circular
reasoning. "why should anyone try to make something more secure when
it is already insecure?"

>
>I have seen no such statement from the Visa/MasterCard/bank consortiums
>regarding who is at risk if my card number is stolen and used in cyberspace.
>When I get a written indemnification from them stating clearly that 
>using my credit card in cyberspace is no different from using in a local
>restaurant, then I see no risk to the user in using the card in cyberspace.

a major point of my post was that even if you think the cost of fraud
is invisible to you, it is not. it is in everyone's interest to reduce
fraud. if you think you are not paying for it now, your are believing
in an illusion. reducing fraud rates will decrease costs for everyone
in the long run. it is true that credit card companies try to localize
the costs to the areas where their risk is higher (for example, higher
interest rates on credit risks, different charges to the merchant
for "card present" vs. "card not present" as indicated by the other 
poster), however I still think it is obvious that these costs are
still distributed over all customers.

this is one of the main illusions I was trying to discredit in my
original post. the thinking goes like this: "so-and-so does not
appear to have any affect on me now, therefore to consider it is
irrelevant." in the case of credit card users, they seem to think,
"I can already cancel any transactions. illicit purchases made when
somebody steals my card in cyberspace are no different". another
line of thinking is, "credit cards are already insecure, so who
cares if people steal them over the internet". all of these are
very specious lines of thought. your own line is, familiarly,
"nothing matters unless it shows up on my own credit card bill" is
again in my opinion an invitation to disaster. you are paying for
the insecurity of credit cards right now, if not to your credit
card company than in slightly increased rates in the goods you buy
(to cover the merchant's cost to the credit card company).

>The risk to the bank and merchant.......Now that is a different matter.
>Credit card usage on the net will never take off until this issue is
>solved to the satisfaction of the bank and the user.  Until this happens
>arguing this issue is like arguing about how many angels can fit on the 
>head of a pin.

part of getting to the point of satisfaction of the bank and user is
improved internet security. another point of my post.






Thread