[2598] in cryptography@c2.net mail archive
Re: safety of SSL 2?
daemon@ATHENA.MIT.EDU (Marcus J. Ranum)
Tue Apr 28 16:56:32 1998
Date: Tue, 28 Apr 1998 16:04:39 -0400
To: cryptography@c2.net
From: "Marcus J. Ranum" <mjr@nfr.net>
In-Reply-To: <Pine.BSI.3.91.980428145030.12466B-100000@ivan.iecc.com>
>But I also heard that the amount of net-based fraud is quite large, to the
>point where Citibank is quite illegally telling their customers that you
>can't contest a net-based charge,
The bulk of the fraud is apparently stolen credit cards being used
to purchase online services (since there's no shipping address). This
is really hitting ISPs and online porn merchants. I read some article
where one smutseller claims that 3/4 of his customers were using
stolen cards to pay for their accesses. Most of the stolen cards were
stolen from other means - not collected over the Internet - but the
card numbers are shared by thieves over the network.
It's interesting because shipping address is used to 'authenticate' a
lot of current credit card transactions. In an address-less environment,
that logic doesn't work. My bet, as a cynic, is that things like SSL
will never get widely deployed and that, instead, credit card companies
will start correlating Email addresses with credit card numbers. This
approach would be attractive to spamarketiers since the credit agencies
could sell that information....
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
