[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]
Re: [mv] Sites using minivend

To: <minivend-users@minivend.com>
Subject: Re: [mv] Sites using minivend
From: "Nick Pleis" <npleis@cei.net>
Date: Tue, 29 Feb 2000 12:56:52 -0600
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com
******    message to minivend-users from "Nick Pleis" <npleis@cei.net>     ******

Just want to shoot one more thing in here:)

>From the consumer perspective, getting your credit card information stolen
is a real pain. It requires you to not only report it, but also TRACK it.
You are often liable for the first $50.00 charged, but also must make sure
that the card is never used again. In short, it's just a pain. I think it's
the merchants responsibility to make sure their customers don't have to
suffer through this, it just seems like good business to me:)

More importantly, as you mentioned, is keeping information on the server
safe. Unbelievably, a magazine recently was able to retrieve credit card
information from merchants simply by using SQL server to connect to merchant
MS SQL databases. Many merchants didn't even have passwords, while others
had left them at the defaults...sad:)

Nick
-----Original Message-----
From: Gideon van Gelder <gideon@swingmaster.nl>
To: minivend-users@minivend.com <minivend-users@minivend.com>
Date: Tuesday, February 29, 2000 12:55 PM
Subject: Re: [mv] Sites using minivend


>******    message to minivend-users from "Gideon van Gelder"
<gideon@swingmaster.nl>     ******
>
>Hi,
>
>Well, for the customer, the credit card is in most cases
>a security mechanism in the sense that in 99% fraudulent charges
>that are reported in time will be credited back, certainly with
>MC, VISA and AMEX etc.
>
>As far as SSL goes, if I understand correctly, it's not even
>to be called "encryption" at the moment, with the 40-bit limit for
>int'l use. However it probably will withold hackers, since it makes
>cracking your packages very time-consuming and thus not so profitable,
>and of course as soon as 128-bit is ok'ed by the NSA for int'l use
>too, we're all out of the woods.
>Really, the server itself, not as much as the connection, is the target
>for hacking: don't store any low-encrypted or non-encrypted stuff and
you're
>pretty safe, as well as your customers.
>(this all is ofcourse just MHO)
>
>-Gideon
>
>
>> ******    message to minivend-users from "Nick Pleis" <npleis@cei.net>
>******
>>
>> I'm a bit confused by this statement. SSL provides a security mechanism
>> between two communicating applications. These applications agree on a
>> private key during SSL handshaking, and thus some measure (certainly not
>> infallible) of security about the information being transmitted is given.
>>
>> I have not kept track of recent data, but prior data has shown that a
>> non-secure server would typically lose between 15-30% of potential sales.
>As
>> the Internet has become more popular, and people less aware of the
>> transmission risks, this number may have decreased.
>>
>> I don't see how the credit card itself acts as a security mechanism, the
>> real risk is in losing the credit card data to a third party who can then
>> use it for all sorts of malicious things. When transmitting this data
>across
>> the Internet, you are transmitting virtually EVERYTHING needed for
>positive
>> identification (IE: all the information someone needs to use your credit
>> card without your consent). Even if your not going to lose sales, it's a
>bad
>> idea to run a unsecured site..as it is possible to be held liable (in
>theory
>> at least) for information lost en-route to your site. I am not aware of
>any
>> successful lawsuits to this effect, but the potential is definitely
there.
>>
>> I guess i'm just curious if my understanding of the security mechanism is
>> incorrect..
>>
>> Nick Pleis
>> npleis@cei.net
>>
>> >
>> >Of course they do.  As far as the end customer is concerned, the
>> >credit card is the real security mechanism.  I'm still just paranoid
>> >enough myself so that I don't use my **debit** card online but use
credit
>> >card instead.  That's what credit cards are for.
>> >
>> >SSL and other security mechanisms are for the protection of the merchant
>> >bank and the merchant, not the end user buyer.  At least as far as
>> >credit cards go, that is.  (There are all sorts of other more sensitive
>> >customer data but the typical buyer is blissfully unaware of them.)
>> >
>> >--
>> >
>> >Christopher F. Miller, Publisher
>cfm@maine.com
>> >MaineStreet Communications, Inc         208 Portland Road, Gray, ME
>04039
>> >1.207.657.5078
>http://www.maine.com/
>> >Database publishing, e-commerce, office/internet integration, Debian
>linux.
>> >-
>> >To unsubscribe from the list, DO NOT REPLY to this message.  Instead,
>send
>> >email with 'UNSUBSCRIBE minivend-users' in the body to
>> Majordomo@minivend.com.
>> >Archive of past messages: http://www.minivend.com/minivend/minivend-list
>> >
>>
>> -
>> To unsubscribe from the list, DO NOT REPLY to this message.  Instead,
send
>> email with 'UNSUBSCRIBE minivend-users' in the body to
>Majordomo@minivend.com.
>> Archive of past messages: http://www.minivend.com/minivend/minivend-list
>
>-
>To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
>email with 'UNSUBSCRIBE minivend-users' in the body to
Majordomo@minivend.com.
>Archive of past messages: http://www.minivend.com/minivend/minivend-list
>

-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
Prev by Date: RE: [mv] Minivend Admin Interface
Next by Date: Re: [mv] Minivend Admin Interface
Prev by thread: Re: [mv] Sites using minivend
Next by thread: [mv] Will minivend work with aspmail?
Index(es):
- Date
- Thread