In article <ad32cd9601021004af4e@[132.162.233.188]> jrochkin@cs.oberlin.edu (Jonathan Rochkind) writes:

3) I believe that FV works by assigning the user some sort of id number. They send the id accross the net, FV has a database with "FV-ID" <-> credit-card-number correspondences, the merchant sends FV the id, FV bills your card and pays the merchant. Now, if I'm correct about how FV works, we could clearly write a program that searches your HD for FVs data files, extracts your FV-ID from it, and steals it. It could be a virus, it could send the FV accross the net, whatever. We could then use your FV-ID to make fraudulently make purchases through the FV system that would be billed to you. This is essentially the same attack as FV "demonstrates" against software encrypted credit cards over the net: that is, the "You have an insecure system and if we can put evil software on it, we can get you." attack.

This sounds like a fatal security flaw in FV's system! We need to publicize this fact widely to prevent innocent people from using their FV accounts from computers or over the network.