From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
To: net-thinkers@thumper.vmeng.com
Message Hash: 86f40eac60659057005d43f52596f17d16458e80f9ce7c39f7e5f0aaade1ce3f
Message ID: <v0300780aae2c29df08c4@[204.179.131.29]>
Reply To: N/A
UTC Datetime: 1996-08-06 00:57:47 UTC
Raw Date: Tue, 6 Aug 1996 08:57:47 +0800
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Tue, 6 Aug 1996 08:57:47 +0800
To: net-thinkers@thumper.vmeng.com
Subject: Credit Cards over the internet
Message-ID: <v0300780aae2c29df08c4@[204.179.131.29]>
MIME-Version: 1.0
Content-Type: text/plain
Just read a forwarded message from a merchant who indicated that:
<quote>
Mastercard in no way authorises the transmission of credit card details via
the internet/email due to the possibility of fraud. Supposedly if
Mastercard finds that any merchant receives such details via
internet/email, they will cancel the merchants agreement/rights
immediately. While a lot of work is being done regarding the transmission
of secure data it has not been perfected yet. Merchants must have special
permission to accept details by phone or fax.
</quote>
We have no first hand knowledge of this change in the merchant account rules.
As a merchant who accepts credit cards via the internet/email, I know that
our credit card fraud rate is around 1 in 1403 transactions. In all cases,
the card we were given was stolen by conventional means and the charge was
authorized before that knowledge filtered through the credit card system.
Seems to me that this is a small percentage.
I have heard of no one who has had their card stolen while passing it
across the internet. Local restaurants and shops and Unix file servers,
yes, but via packet sniffing, no.
If the above internet/email restriction is true and if we assume that the
people at the credit card companies do know what they are doing, then it
sounds like someone might be attempting to kill the SSL method of accepting
credit card information in favor of some other standard such as SET. I'd be
willing to bet that SET will be proclaimed as the perfected method that is
suitable for use where other methods such as SSL or PGP would not be
allowed. I'd also be willing to bet that even with SET, the fraud rate that
I experience will remain the same.
Does anyone have real facts on this?
<name withheld>
Vinnie Moscaritolo
"Law - Samoan Style"
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A
Return to August 1996
Return to “Vinnie Moscaritolo <vinnie@webstuff.apple.com>”