Scott Brickner writes:

Of course, the card company gets a big bill, and probably will try to sue the site to recover, and both will pass those costs back to ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the consumer, assuming they survive. The total cost is still pretty ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ small to the individual.

You just said it right there. The cost doesn't go away. Just because individual credit card holders each only have to pay for a small fraction of the fraud pie doesn't make it right for executives to be saying that it is safe. Any more than it is right for cellular companies to completely ignore security concerns because "the total cost is still pretty small to the individual." The point is that these costs, no matter how small at the individual cardholder level, are avoidable. Why should consumers have to pay for fraud that can be prevented? By ignoring security concerns, encouraging people to use card numbers in an unsafe manner, and then passing the fraud burden onto the individual customers, card issuers will basically be stealing money from the consumers much in the same way that cellular telcos have been doing for years. andrew