Arley Carter <ac@hawk.twinds.com>
This may be a stupidly obvious question but..... We could argue until the cows come home, hell freezes over or the Cubs win the World Series, what ever comes first ;-) about whether giving your credit card number to a waiter or an 800 # clerk is any more or less secure than transmitting it encrypted or clear text over a data link.
the point of my post was that I AGREE. the only issue is that we should make internet security as superior as possible regardless of the security of credit cards in the real world. I was attacking the line of thought that goes, "credit card security is already marginal, therefore why should anyone try to improve it in cyberspace"? this is circular reasoning. "why should anyone try to make something more secure when it is already insecure?"
I have seen no such statement from the Visa/MasterCard/bank consortiums regarding who is at risk if my card number is stolen and used in cyberspace. When I get a written indemnification from them stating clearly that using my credit card in cyberspace is no different from using in a local restaurant, then I see no risk to the user in using the card in cyberspace.
a major point of my post was that even if you think the cost of fraud is invisible to you, it is not. it is in everyone's interest to reduce fraud. if you think you are not paying for it now, your are believing in an illusion. reducing fraud rates will decrease costs for everyone in the long run. it is true that credit card companies try to localize the costs to the areas where their risk is higher (for example, higher interest rates on credit risks, different charges to the merchant for "card present" vs. "card not present" as indicated by the other poster), however I still think it is obvious that these costs are still distributed over all customers. this is one of the main illusions I was trying to discredit in my original post. the thinking goes like this: "so-and-so does not appear to have any affect on me now, therefore to consider it is irrelevant." in the case of credit card users, they seem to think, "I can already cancel any transactions. illicit purchases made when somebody steals my card in cyberspace are no different". another line of thinking is, "credit cards are already insecure, so who cares if people steal them over the internet". all of these are very specious lines of thought. your own line is, familiarly, "nothing matters unless it shows up on my own credit card bill" is again in my opinion an invitation to disaster. you are paying for the insecurity of credit cards right now, if not to your credit card company than in slightly increased rates in the goods you buy (to cover the merchant's cost to the credit card company).
The risk to the bank and merchant.......Now that is a different matter. Credit card usage on the net will never take off until this issue is solved to the satisfaction of the bank and the user. Until this happens arguing this issue is like arguing about how many angels can fit on the head of a pin.
part of getting to the point of satisfaction of the bank and user is improved internet security. another point of my post.