At 12:50 11/14/95 -0800, anonymous-remailer@shell.portal.com wrote:
On Mon, 13 Nov 1995, Nelson Minar wrote:
Today's New York Times has a nice article in the business section about credit card security on the Internet. It's more of an editorial than an article, but it's an editorial with the (IMNSHO) right spin: shipping a credit card number over the Internet, even unencrypted, is no less secure than giving it out over the phone.
I haven't picked up the paper and looked at the article...
If someone in the Business Section of the New York Times is writing as you say -- writing that shipping a credit card number UNENCRYPTED over the Internet is no less secure than giving it out over the phone, then we have a SERIOUS communications/understanding gap to overcome.
I did read the article. It said, "The truth is that sending a credit card number to an electronic merchant over the Internet is probably the safest way to make such a transaction. "In the last week, for example, I handed my credit card to a waiter who disappeared with it for five minutes. I faxed my credit card information to a business in New Jersey, and the fax probably lay exposed to everone in that office for hours and perhaps to the cleaning crew than night. ... "Yes, there is a risk that someone was tapping my telephone when I read my credit card number aloud or faxed it. [reminder about cell phones deleted] A spy might have snapped a picture of my credit card with a hidden camera when I handed it to the waiter. A hacker might have intercepted my numbers as they passed through an Internet router in Hackensack, N.J. " But compared with the risk of handing my credit card to a stranger, which I do nearly every day, sending it over the Internet is pretty secure. "The real reisk of sending my unencrypted number is not that some cyberspace cowboy will intercept it en route to the electronic merchant, but rather that the receiving company will store my credit information in an insecure computer. ... "My credit card number was probably among the 30,000 or so that were lifted last year from unsecured computers of Netcom ... "Willy Sutton did not myug individuals for their wallets; he robbed banks, because, as he noted, that's where the money was... "... The people who should be really nervous about electronic commerce are the banks, brokerage houses and those who do business-to-business transactions." In context, a much more reasonable view than the anonymous poster suggests. I add, that with an insurance policy (that you are forced to pay for) which broadly limits your risk to $50, you don't have to be all that carefull. ----------------------------------------------------------------- Bill Frantz Periwinkle -- Computer Consulting (408)356-8506 16345 Englewood Ave. frantz@netcom.com Los Gatos, CA 95032, USA