[Dataloss] [Re] Hobbit's questions on one-time transaction numbers...
Jellenc, Eli
ejellenc at idefense.com
Fri Feb 24 11:05:11 EST 2006
I've not heard much about this, but then again, I've only begun
researching the issue. I have an additional comment that I'd like to
submit to the group for criticism. I know a lot of people that play
online poker, some of whom are also cognizant of the dangers inherent to
ecommerce. All but the very greenest of rookies tend to employ the
following strategy: go to a local pharmacy and purchase a "pay as you
go" credit card (currently offered only by VISA and MC if I'm not
mistaken). When they get ready to connect to the poker site and ante up,
they simply transfer funds from their "real" account or credit card into
the "pay as you go" card...in a matter of minutes, even this amount is
"spoken for" as they immediately use the card to increase their balance
on the poker site.
The one drawback is that the "pay as you go" cards are $10 a piece to
buy, but for people seriously worried about the threat from data
exposure, I don't see how this is any great sacrifice. And the
intervening step of calling to make the transfer is sort of
inconvenient, especially for people that make frequent purchases from
many different sites. This is no panacea, to be sure...to publicize this
as a method by which to thwart cybercriminals would be quite costly and
difficult. Moreover, I have the impression that the credit card
companies would be against this because it would begin to undercut their
primary avenue of profit (i.e. interest). Heaven forbid people only
spend what they have in their accounts at the moment.
Either way, except for the cost of "educating" the public on the
potential utility of this solution, I don't see many drawbacks. And what
drawbacks do exist are still not as serious as the situation is today.
Thoughts?
Eli Jellenc
Sr. Threat Analyst
iDefense (www.idefense.com)-- A VeriSign Company
703-390-9456
ejellenc at idefense.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20060224/7b9973dd/attachment.html
More information about the Dataloss
mailing list