Once again, FV has decided that it is easier to spread Fear, Uncertainty and Doubt than innovate. This is part of a continuing pattern that has been extensively documented in previous threads on this mailing list. There are a great many problems with the claims that FV are making with respect to their souped-up keyboard sniffer; here is the one I consider to be the clincher: If I can place any program of my design on a user's machine to sniff credit cards, I can easily exert total control over all of the e-mail sent or received from that machine. Since I can do this, it is now trivially easy to circumvent the "security" of FV e-mail confirmations. Furthermore, to do this, all I really need is control over the network traffic to that user's machine, which in many instances is going to be easier than placing a program on someone's machine. I can then set up dummy companies that my "virus" or whatever will buy "information" from -- some of these might get detected when user's get their bills, but this hypothetical program might chose amounts that would disappear into the noise of actual, legitimate purchases. Therefore, the real moral of the story is: DON'T PUT UNTRUSTWORTHY PROGRAMS ON YOUR HARD DISK --doug P.S. a good video camera in the right spot, or a telephone tap of a major mail-order distributor could probably get you more credit cards, faster, than the FV approach. Credit cards are fundamentally insecure; typing your CC# into your computer is no more dangerous than giving it to the minimum-wage clerk at Denny's. This insecurity is factored into the business model of the credit card companies -- end users do not pay one dime for erroneous or fradulent charges that lack a signature along with a card swipe or imprint. ------ ------ Douglas Barnes "The tighter you close your fist, Governor Tarkin, cman@communities.com the more systems will slip through your fingers." cman@best.com --Princess Leia