This is a credit card discussion that I pulled from a news group. The question was "How safe is it to use a credit card on the net"?.

Name: Bob Crocetti
Location: New Jersey
Occupation: Product Planning Manager

I think dumpster diving behind the local Wal-mart is still more of a security threat to your credit card number. Any scheme can be cracked ... But is the time invested worth it for the crook?

Name: Madhu Siddalingaiah
Email: madhusiddal@madhu.com
Location: Earth
Occupation: Survival

So someone cracks a credit card number over the net, big deal...

If I wanted to get credit card numbers, I'd hang out at a restaurant and steal carbons from the trash. Simpler yet, pay some high school waiter $20.00 to scribble down a few numbers down every hour. With a small network, I could easily obtain over 100 credit card numbers in a week. Maybe I shouldn't be posting this... ;-)

There's a reason why you are only responsible for $50.00 of bogus credit card purchases and interest rates/merchant account costs are high. Fraud happens.

How long would it take to get 100 numbers over the net? You would be lucky to get one in month. Even if you get one a month, what is it worth? $1000? $5000 maybe? You start spending a lot on one card and people get suspicious. You really need a lot of cards to make it worthwhile, that takes computing power. Let me think: pay a high school waiter $20 a day or buy an array of Ultrasparcs... Tough choice.

Installing 5 deadbolts on your front door does not make your house more secure. To protect yourself from thieves, you have to think like one.

Name: Michael A. Scocca
Email: masvms987@aol.com
Location: New York, NY
Occupation: Consultant

Everytime you use a credit card there's some risk of your number getting clipped and someone running up a bill,and no security is 100%. We once had someone walk into our building, grab a couple of card from people who left their purse/wallets in an obvious places, and within an hour had charged a total of $10,000 in merchandise. This kind of fraud is far more common and costly than any "hacker", save a disgruntled network admin.
That's why there are safeguards, such as the $50.00 liability, in place

Name: Joe Riddler
Location: California
Occupation: Programmer

Who cares about who steals your credit card numbers? As long as you watch your monthly statements, you're safe
since you're not liable for anything you didn't buy. The
key is the consumer who watches his statements. Besides,
the likelihood of getting robbed on the Internet is just the
same as in every other case where money is involved. You could get robbed in the street, at a store, anywhere. If we were as paranoid in the real world about being robbed as
we are in cyberspace, we might never leave home with it!

Name: Brian M. Godfrey
Location: Manzanita, OR
Occupation: retailer

As a retailer, I can think of dozens of much easier ways to acquire credit card numbers than to go through all of the effort of decrypting net traffic.
If you use your credit card at all, there is risk that the number will be intercepted. So you refuse to use in on the net, do you use it over the telephone? Do you use it on a cordless phone or cell phone? If so, anyone with patience and a scanner can listen to your call and record your number. So you only use a hard-wired phone? What if the telesales person on the other end is using a cordless handsfree headset? In fact, the most efficient way to intercept credit card numbers would be to rent an office near a mail-order company and plug in the scanner. You'd get hundreds of numbers a day.
Do you save and carefully destroy your credit card receipts, or just wad them up and toss them after you make a purchase? Those receipts usually have everything a criminal would need to use your credit card.
I think it's good that people pressure the industry to make Internet purchasing more secure, but most places I have done business with on the net have seemed at least as secure as any other purchase.

Name: Jonah Horowitz
Email: jdehorowitz2@hotmail.com
Location: Cincinnati, OH
Occupation: Catalog sales via internet

>I used to use my credit card to buy goods from the net because I thought these security >measures protected me. But no longer! I will never buy
>anything from the web again, and will warn all my friends too.

You are a silly fool. There are many things that protect you when you are shopping on the net, SSL is only one of them. For a hacker to get your credit card number off the internet he would have to (if it was totally unencrypted):

1. Have control of an internet gateway that your credit card number passed through
2. Sort through Gigabits of data to find one 16 digit long number, then he would still have to find your 4 digit exp. date.
3. If he wanted to use the number with any net-based credit card merchant he would also need your full name, and the address the bill goes to.

Now lets look at the "security flaw" that our friends at Lucent have found. In addition to all of the above he would need a server capeable of generating and sorting through over 1 million messages so he could decript that one credit card. The sheer cost of all this far outweighs the amout one could gain from the capture of the credit card information.

Shopping on the internet is safe, shopping in the real world is hazardous.

John Charles Utly
Location: Seattle, Washington
Occupation: Marine Diesel Mechanic

I have read about many times about credit cards that were stolen and I have read about dumpster diving for credit card numbers. I have even read stories in the news paper were waiters were running off several charge slips when they took the card up to the cashier. But I have never read or heard on any one steeling credit card numbers from an e-mail or from any web merchant.  I thing that it is the companies that are trying to sell security that is causing all the hype.