[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] Sites using minivend

To: <minivend-users@minivend.com>
Subject: Re: [mv] Sites using minivend
From: "Nick Pleis" <npleis@cei.net>
Date: Tue, 29 Feb 2000 11:01:06 -0600
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from "Nick Pleis" <npleis@cei.net>     ******

I'm a bit confused by this statement. SSL provides a security mechanism
between two communicating applications. These applications agree on a
private key during SSL handshaking, and thus some measure (certainly not
infallible) of security about the information being transmitted is given.

I have not kept track of recent data, but prior data has shown that a
non-secure server would typically lose between 15-30% of potential sales. As
the Internet has become more popular, and people less aware of the
transmission risks, this number may have decreased.

I don't see how the credit card itself acts as a security mechanism, the
real risk is in losing the credit card data to a third party who can then
use it for all sorts of malicious things. When transmitting this data across
the Internet, you are transmitting virtually EVERYTHING needed for positive
identification (IE: all the information someone needs to use your credit
card without your consent). Even if your not going to lose sales, it's a bad
idea to run a unsecured site..as it is possible to be held liable (in theory
at least) for information lost en-route to your site. I am not aware of any
successful lawsuits to this effect, but the potential is definitely there.

I guess i'm just curious if my understanding of the security mechanism is
incorrect..

Nick Pleis
npleis@cei.net

>
>Of course they do.  As far as the end customer is concerned, the
>credit card is the real security mechanism.  I'm still just paranoid
>enough myself so that I don't use my **debit** card online but use credit
>card instead.  That's what credit cards are for.
>
>SSL and other security mechanisms are for the protection of the merchant
>bank and the merchant, not the end user buyer.  At least as far as
>credit cards go, that is.  (There are all sorts of other more sensitive
>customer data but the typical buyer is blissfully unaware of them.)
>
>--
>
>Christopher F. Miller, Publisher                             cfm@maine.com
>MaineStreet Communications, Inc         208 Portland Road, Gray, ME  04039
>1.207.657.5078                                       http://www.maine.com/
>Database publishing, e-commerce, office/internet integration, Debian linux.
>-
>To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
>email with 'UNSUBSCRIBE minivend-users' in the body to
Majordomo@minivend.com.
>Archive of past messages: http://www.minivend.com/minivend/minivend-list
>

-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- Re: [mv] Sites using minivend
  - From: Ed LaFrance <edlafrance@printexusa.com>
- Re: [mv] Sites using minivend
  - From: "Gideon van Gelder" <gideon@swingmaster.nl>

Prev by Date: [mv] v3.14 Custom Internation Shipping
Next by Date: [mv] Required Reading for anyone using free software :-)
Prev by thread: Re: [mv] Sites using minivend
Next by thread: Re: [mv] Sites using minivend
Index(es):
- Date
- Thread