Re: UKNM: This'll do wonders for confidence in ecommerce - not.

[Dan Leighton]

This is not particularly unexpected.


Perhaps this will make all you e-comm site builders out there take note.


Rule number 1 of credit card acceptance on the internet - if you are not

a bank, or equivalently secured specialist payment processing

organisation -  you should not be storing credit card numbers. 

Especially anywhere near your web site.


This is a basic security flaw that has been alleged with Cybercash in

that payments are 'passed through' the merchant web site (which is often

not as secure as it should be).  

This problem is removed if payment is transacted solely between the

customer and a payment processor and the merchant simply receives a

confirmation of sale (plenty of companies out there who do it this

way).  In other words credit card numbers are *never* stored, therefore

they cannot be 'hacked into'.


The commonly heard response is that holding credit card numbers allows

subscription and other delayed payments to be made easily.  But there

are other methods to achieve this.  And is it really worth the horrific

consequences to a business if it is hacked?  I think not.


Dan Leighton

European Web Marketing Manager

PSINet Europe

+44 1223 577 615


Chris Meachin wrote:

 > 

 > I agree that consumer confidence will be seriously undermined by high

 > profile cases of this nature. It may prove to be an ongoing problem until

 > the way that online payments are made is fundamentally changed.

 > 

 > In my view, events like this emphasise the poor level of security afforded

 > by credit cards, rather then the Internet itself.

 > 

 > Credit cards were never really designed to accommodate remote transactions

 > of this kind and are intrinsically unsuitable.

 > 

 > I can only hope that fraud of this nature will serve to bring the need for

 > an alternative system of digital payment to the fore.

 > _________________________________________________

 > Christopher F Meachin | Associate Project Manager

 > The Mob | AGENCY.COM | London | 0171 573 5900

 >

ICQ: 46128748 | laughingbadnews [dot] co [dot] uk

 > �50 fine for improper use.

 > 

 > -----Original Message-----

 >

From: ownerchinwag [dot] com [ownerchinwag [dot] com]On">mailto:ownerchinwag [dot] com]On Behalf Of Wallace,

 > Darren

 > Sent: 11 January 2000 10:22

 >

To: 'uk-netmarketingchinwag [dot] com'

 > Subject: UKNM: This'll do wonders for confidence in ecommerce - not.

 > 

 >   >From www.Silicon.com <http://www.Silicon.com>

 > 

 > Hacker publishes credit card numbers on the Web

 > 

 > PUBLISHED: 0:25am on Tuesday 11th January 2000

 > 

 > Online retailers are still reeling this morning after a hacker broke into

 > music store www.CDuniverse.com and stole

 > 

 > [Sam says:article chopped for brevity.]



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

post new media vacancies for free

uknm-jobschinwag [dot] com

 				*******************

 sponsor the uk-netmarketing list and website, contact

saleschinwag [dot] com

 for more details.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  To unsubscribe or change your list settings go to

http://www.chinwag.com/uk-netmarketing or

helpchinwag [dot] com