RE: UKNM: Credit card fraud

[ross.sleight]

Chas -


First off - I'm not a technical guy as this list knows.  So If I say

something here that is technically wrong then pls someone, put me right!


(i)	Yes, there is a lingering and unreasonable distrust of

E-commerce. Recent surveys show that only circa only one in 10 Internet

CC users have ever transmitted their CC details online (secure or non

secure) and that circa only one in 5 will ever consider transmitting

their CC details online.  As c 70% of online users have a CC, this is a

worryingly high figure. (Source NOP and some proprietary research - figs

available on request)  


(ii)	64 bit (or even unimportable 128 bit unless you are Barclays) is

nigh on impossible to crack by intercepting a transaction. I've only

seen one case of this happening - and this was due to the random number

generator not being too random in a flaw in netscapes orig commerce

system.  I certainly have never seen a reported case of it happening

since - anyone else?.


(iii)	Most reported cases of CC fraud online (excepting stolen/false

CC's used) come from hackers entering the database at the retailer site

where CC details are stored (either as billing details or audit trail

details) and then utilising these CC numbers and info.  This is what

happened in the case of ESPN and AOL in Q3 and 4 last year.  Certainly,

SET (secure Electronic Transactions) Protocol (if it ever happens) will

get round this by not using the retailer's back end system as a storage

or audit trail but by encrypting the transaction CC details direct to

the bank not customer to retailer then retailer to bank.


(iv) I certainly haven't got these figures but you are more likely to

encounter CC fraud by giving your CC details over the phone or giving

your CC in a restaurant to a waiter than cracking a secure transaction.

Fraud always happen, but Secure Transaction systems , if set up in the

proper way, certainly minimise consumer risk.


Now all we need to do is to tell users about this.


Hope this helps


Ross


Ross Sleight

Strategy Director

BMP interAction 


-----Original Message-----

From: Charles Linn [

charleslfoe [dot] co [dot] uk (mailto:charleslfoe [dot] co [dot] uk)

]

Sent: 24 June 1998 14:41

To:

uk-netmarketingmail [dot] chinwag [dot] com

Subject: UKNM: Credit card fraud



Has anyone come across cases of credit card fraud in this country or

abroad,

involving intercepted secure transactions where the encryption has been

subsequently cracked?  We would like to put a statement to the effect

that this

is either very rare or non-existent, on our web site to allay people's

fears as

we percieve a lingering and unreasonable distrust of e-commerce out

there.  Our

IT manager sensibly advised that if people were interested in credit

card

fraud, they would find it a damn site easier to get a job as a waiter,

but I'm


not sure that our audience would find this altogether comforting.


Cheers


Chas


-- 

Charles Linn

Web Producer

Friends of the Earth



http://www.foe.co.uk