Just read a forwarded message from a merchant who indicated that: <quote> Mastercard in no way authorises the transmission of credit card details via the internet/email due to the possibility of fraud. Supposedly if Mastercard finds that any merchant receives such details via internet/email, they will cancel the merchants agreement/rights immediately. While a lot of work is being done regarding the transmission of secure data it has not been perfected yet. Merchants must have special permission to accept details by phone or fax. </quote> We have no first hand knowledge of this change in the merchant account rules. As a merchant who accepts credit cards via the internet/email, I know that our credit card fraud rate is around 1 in 1403 transactions. In all cases, the card we were given was stolen by conventional means and the charge was authorized before that knowledge filtered through the credit card system. Seems to me that this is a small percentage. I have heard of no one who has had their card stolen while passing it across the internet. Local restaurants and shops and Unix file servers, yes, but via packet sniffing, no. If the above internet/email restriction is true and if we assume that the people at the credit card companies do know what they are doing, then it sounds like someone might be attempting to kill the SSL method of accepting credit card information in favor of some other standard such as SET. I'd be willing to bet that SET will be proclaimed as the perfected method that is suitable for use where other methods such as SSL or PGP would not be allowed. I'd also be willing to bet that even with SET, the fraud rate that I experience will remain the same. Does anyone have real facts on this? <name withheld> Vinnie Moscaritolo "Law - Samoan Style" http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A