[Previous] [Next] - [Index] [Thread Index] - [Previous in Thread] [Next in Thread]

Subject: RE: UKNM: Credit card fraud
From: ross.sleight
Date: Thu, 25 Jun 1998 10:44:58 +0100

Chas -

First off - I'm not a technical guy as this list knows. So If I say
something here that is technically wrong then pls someone, put me right!

(i) Yes, there is a lingering and unreasonable distrust of
E-commerce. Recent surveys show that only circa only one in 10 Internet
CC users have ever transmitted their CC details online (secure or non
secure) and that circa only one in 5 will ever consider transmitting
their CC details online. As c 70% of online users have a CC, this is a
worryingly high figure. (Source NOP and some proprietary research - figs
available on request)

(ii) 64 bit (or even unimportable 128 bit unless you are Barclays) is
nigh on impossible to crack by intercepting a transaction. I've only
seen one case of this happening - and this was due to the random number
generator not being too random in a flaw in netscapes orig commerce
system. I certainly have never seen a reported case of it happening
since - anyone else?.

(iii) Most reported cases of CC fraud online (excepting stolen/false
CC's used) come from hackers entering the database at the retailer site
where CC details are stored (either as billing details or audit trail
details) and then utilising these CC numbers and info. This is what
happened in the case of ESPN and AOL in Q3 and 4 last year. Certainly,
SET (secure Electronic Transactions) Protocol (if it ever happens) will
get round this by not using the retailer's back end system as a storage
or audit trail but by encrypting the transaction CC details direct to
the bank not customer to retailer then retailer to bank.

(iv) I certainly haven't got these figures but you are more likely to
encounter CC fraud by giving your CC details over the phone or giving
your CC in a restaurant to a waiter than cracking a secure transaction.
Fraud always happen, but Secure Transaction systems , if set up in the
proper way, certainly minimise consumer risk.

Now all we need to do is to tell users about this.

Hope this helps


Ross Sleight
Strategy Director
BMP interAction

-----Original Message-----
From: Charles Linn [charleslatfoe [dot] co [dot] uk (mailto:charleslatfoe [dot] co [dot] uk)]
Sent: 24 June 1998 14:41
To: uk-netmarketingatmail [dot] chinwag [dot] com
Subject: UKNM: Credit card fraud

Has anyone come across cases of credit card fraud in this country or
involving intercepted secure transactions where the encryption has been
subsequently cracked? We would like to put a statement to the effect
that this
is either very rare or non-existent, on our web site to allay people's
fears as
we percieve a lingering and unreasonable distrust of e-commerce out
there. Our
IT manager sensibly advised that if people were interested in credit
fraud, they would find it a damn site easier to get a job as a waiter,
but I'm

not sure that our audience would find this altogether comforting.



Charles Linn
Web Producer
Friends of the Earth


[Previous] [Next] - [Index] [Thread Index] - [Next in Thread] [Previous in Thread]