Duane writes: > Chances are, unless he was sending credit card details over a wifi > network it was unlikely it was intercepted, more likely either his > computer had a trojan or the company he was dealing with had their > database broken into, and from memory inside jobs are still more common > then outside attacks being sucessful. However it's a lot easier to > "sniff" a copper phone line then an SSL connection, here in Australia no > one would think anything of it if you rocked up with a little white van > put up a little man hole tent and started attaching wires in the phone > network pitts. I'm sure the same could be said for a lot of countries, > then of course if you're friend is sending credit card details via a > cordless phone or mobile/cell phone and all you need is to be close + > high gain antenna and you can kiss your credit card details good bye... > > But once you start digging into all this you start hearing other things, > like merchants purchasing a certificate from a commercial CA, then > having the credit card details emailed back to the customer or > themselves in the clear, or of course weak security in their database...
All of this is relatively trivial compared to the risk of having a human being intercept your credit-card information when you purchase something via human interaction. If you use an Internet site to buy things, chances are that no human beings are involved in the credit-card processing loop (if it's a big site, at least, or if it uses a large CC processing service). Since human beings are the source of fraud, and not computers, this means that Internet purchases are actually more secure than other types of credit-card purchases, overall. When you buy something in person and sign a little slip for it, you give a whole chain of human beings all the information they need to fraudulently charge things to your credit card. The weakest link in security is always the human one, so the fewer human beings you have in the loop, the better. Additionally, errors that occur in automated processing of credit-cards often affect thousands of accounts, and are thus rapidly noticed and fixed. Errors that occur in the processing of a single credit-card charge made by hand are much harder to spot and prove (and thus to fix). -- Anthony _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
