The Crypto Winter
Mark Henderson
mch at informationanarchy.org
Thu Nov 22 13:46:06 PST 2001
On Thu, Nov 22, 2001 at 01:17:44PM -0800, Petro wrote:
> When was the last time you worked a Customer Support line for a web
> site that did CC transactions?
>
> End users care about, and insist on security. They don't know JS
> about it, they don't begin to understand it, but they "know" that 128
> bit SSL is better than 40bit, and they know that it "keeps hackers away
> from their credit cards".
Yes, they do care. But, I don't understand exactly why they care
since unauthorised e-commerce transactions end up being the liability
of the merchant and the credit card company. It is usually just an
annoyance for the customer.
Of course, 128 bit SSL gives customers a false sense of security. The
CC number is protected over the wire between their desktop and the
web server, but customers have no clue what happens to their CC
number after that. If the web server has been compromised, it doesn't
matter much what sort of over-the-wire encryption you use. The
customer generally has little idea of how the merchant stores CC
numbers and what measures are in place to protect them.
More information about the cypherpunks-legacy
mailing list