Andrew Loewenstern writes:
"If someone wanted to steal a credit card number, all they would have to do is go to any gas station and look on the ground around the pumps," says the CTO at Internet security firm Terisa Systems.
Sure, if you wanted to steal a card number or two the ground around a gas-station would probably be a good choice. However, if you wanted to steal a thousand card numbers (or maybe even thirty thousand), just sniff packets off a hub near a large Web site that accepts unencrypted (or weakly encrypted) card transactions or hack your favorite ISP's machines.
Duh. The point of the article the original poster quoted was that there's little risk to individual *consumers*. If someone sniffs thirty thousand credit cards from a poorly secured web-site, the consumers are still only liable for $50. Of course, the card company gets a big bill, and probably will try to sue the site to recover, and both will pass those costs back to the consumer, assuming they survive. The total cost is still pretty small to the individual.