deadlock Message Board
[ November Full List | Reply ]

Re: Secure order forms
From Jim on 30 November '98
replying to Re: Secure order forms posted by Doanld Zvanut

>But the question remains
>is it possible that someone has a snoop software set up outside the secure
>server that when you or others gather their orders and the packets of
>information with credit card info are not incrypted could be intercepted.

It's not a black-and-white issue. There are only DEGREES of security.
Sure, there's a slim possibility that the order could be intercepted
from your server. There's an equal chance that the order could be
"snooped" directly from your PC, by somebody looking over your shoulder,
etc. etc...

Credit card fraud happens offline too, believe it or not. The only
reason people discuss Internet security so much is because it's more
interesting. It's certainly not less secure, for example, than giving
your card to a waiter.

Here's a new thought for you: who is at risk here? It's certainly not the
customer, since they can refuse the charges at will. It's the merchant
who's at risk, and he's at risk regardless of any security measures he's
taken personally because the "bad transaction" will involve a card number
stolen previously, as a result of SOMEBODY ELSE'S CARELESSNESS!!

If your own ordering system is as "tight as a gnat's chuff" (as they say in the
North) that makes it less likely that a customer's card number will be
"intercepted" from your system. All well and good, but just think a bit harder.
If your customer later discovers that their card has been compromised, a) do they
really care, since they can refuse the charge, and b) how on earth would they know
it was intercepted from your system, unless it was the only transaction they ever
made with that card?

>I have discussed this question with top software people; it is possible
>but not probable to happen. I know of no occurances of this reported happenning.
>I think more will be said on this as e-comm. grows and in
>time their may be secure e-mail for merchant accounts. This will occur
>only when the "people" start asking for it and preceive their may be
>a problem. But not now.

The only type of encryption that's universally accepted as 100% secure is
PGP. If everybody used PGP, things would be MORE secure. The trouble is,
you have to decrypt a card number in order to read it, at which point
it becomes open to theft.




ad infinitum.

Any businessman who trades online will tell you that, as long as you
take a few common-sense precautions, everything will go swimmimgly.
On the rare occasions that there's a problem, it'll be due to the
card itself, regardless of whether the sale was made online, over the
phone, face to face, or whatever.

Replies from other people:

Reply to this message

Required Details
Your name:

Optional Details
Home page title:
Home page URL:
(if you'd like to receive
automatic replies by email)

Your Message