Credit Card Security

Although many people feel as though sending credit card information via email or through an insecure server is akin to announcing it on public media, this is not really the case. In the early days of the internet, machines were connected in a somewhat willy-nilly fashion. Thus, any information travelling on the internet could pass through several insecure machines, any of which may contain a student or bored hacker. Nowadays, almost everyone has direct backbone connectivity, and machine-level security has become a bigger concern.

A credit card number sent over the internet today will first travel to a protected file on your system. On even minimally secure systems, only a select group of people can read protected files. Since these people work for your internet service provider, they gain nothing from seeing your credit card number (they probably have it on file to bill you). You also have already placed a certain level of trust in them (they can read all your email, after all), so the hypothetical possibility they can read your credit card number should not be overly worrying. Then, the number proceeds to a major network provider such as Netcom, Sprint or MCI. While not everyone working for these companies is above suspicion, they have strong policy controls in place to prevent unauthorized snooping. They have a vested interest in insuring no such eavesdropping is taking place, since they stand to lose a great deal of business if such eavesdropping is discovered. Further, since many of these companies deal with credit card payments, they fully understand the need for security. Finally, the number travels to the recipient, where the situation is similar to on your own machine: only a limited set of reasonably trustable people have access to your information.

Of course, despite this, credit card number theft does occur. But, even when it does, the consumer is strongly protected. Laws limit the amount of liability a customer has for fradulent charges. Many credit cards now have a 'early warning system' if your card is used from an unusual location or in an unusual way. And, of course, the credit card thief can't use your credit card for anything that requires dialing a 1-800 number (the call is easily and automatically traced), nor can he have anything delivered (suspicious address conflict).

None of this should be taken to mean I don't support secure internet commerce (I've even written my own white paper on Securely Accepting Credit Cards Real-Time). However, I also realize many good companies simply don't have the money required to obtain, build, and maintain a secure server. Nor do all companies have the money required to purchase and staff a 24-hour toll-free number. Instead of punishing these small companies by insisting on secure servers, I think we should take a more realistic look at the process involved, and understand that sending a credit card number "insecurely" really isn't all that insecure.

Last modified stardate: 20070609.123537

Featured links:

Please report any errors, comments, questions, suggestions, etc... to: Sarang (webmaster@sarangworld.com). Thank you!

Please do not email this address: 00000000-48c16b84@st.sitesuck.com

Search SarangWorld

SarangWorld Home Page

No time to send an email, but still have something to say?
Make a Quick Comment
Your Comment:
IMPORTANT:
Please change the word
'cat' to 'dog'
to show that you are
not a spam bot.
Your Name (optional):
Your Email (optional):