[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] Sites using minivend
****** message to minivend-users from "Gideon van Gelder" <gideon@swingmaster.nl> ******
Hi,
Well, for the customer, the credit card is in most cases
a security mechanism in the sense that in 99% fraudulent charges
that are reported in time will be credited back, certainly with
MC, VISA and AMEX etc.
As far as SSL goes, if I understand correctly, it's not even
to be called "encryption" at the moment, with the 40-bit limit for
int'l use. However it probably will withold hackers, since it makes
cracking your packages very time-consuming and thus not so profitable,
and of course as soon as 128-bit is ok'ed by the NSA for int'l use
too, we're all out of the woods.
Really, the server itself, not as much as the connection, is the target
for hacking: don't store any low-encrypted or non-encrypted stuff and you're
pretty safe, as well as your customers.
(this all is ofcourse just MHO)
-Gideon
> ****** message to minivend-users from "Nick Pleis" <npleis@cei.net>
******
>
> I'm a bit confused by this statement. SSL provides a security mechanism
> between two communicating applications. These applications agree on a
> private key during SSL handshaking, and thus some measure (certainly not
> infallible) of security about the information being transmitted is given.
>
> I have not kept track of recent data, but prior data has shown that a
> non-secure server would typically lose between 15-30% of potential sales.
As
> the Internet has become more popular, and people less aware of the
> transmission risks, this number may have decreased.
>
> I don't see how the credit card itself acts as a security mechanism, the
> real risk is in losing the credit card data to a third party who can then
> use it for all sorts of malicious things. When transmitting this data
across
> the Internet, you are transmitting virtually EVERYTHING needed for
positive
> identification (IE: all the information someone needs to use your credit
> card without your consent). Even if your not going to lose sales, it's a
bad
> idea to run a unsecured site..as it is possible to be held liable (in
theory
> at least) for information lost en-route to your site. I am not aware of
any
> successful lawsuits to this effect, but the potential is definitely there.
>
> I guess i'm just curious if my understanding of the security mechanism is
> incorrect..
>
> Nick Pleis
> npleis@cei.net
>
> >
> >Of course they do. As far as the end customer is concerned, the
> >credit card is the real security mechanism. I'm still just paranoid
> >enough myself so that I don't use my **debit** card online but use credit
> >card instead. That's what credit cards are for.
> >
> >SSL and other security mechanisms are for the protection of the merchant
> >bank and the merchant, not the end user buyer. At least as far as
> >credit cards go, that is. (There are all sorts of other more sensitive
> >customer data but the typical buyer is blissfully unaware of them.)
> >
> >--
> >
> >Christopher F. Miller, Publisher
cfm@maine.com
> >MaineStreet Communications, Inc 208 Portland Road, Gray, ME
04039
> >1.207.657.5078
http://www.maine.com/
> >Database publishing, e-commerce, office/internet integration, Debian
linux.
> >-
> >To unsubscribe from the list, DO NOT REPLY to this message. Instead,
send
> >email with 'UNSUBSCRIBE minivend-users' in the body to
> Majordomo@minivend.com.
> >Archive of past messages: http://www.minivend.com/minivend/minivend-list
> >
>
> -
> To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
> email with 'UNSUBSCRIBE minivend-users' in the body to
Majordomo@minivend.com.
> Archive of past messages: http://www.minivend.com/minivend/minivend-list
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
