[Dataloss] [Re] Hobbit's questions on one-time transaction numbers...

Adrian Sanabria adrian.sanabria at gmail.com
Fri Feb 24 23:31:53 EST 2006


I can't find any proof that cards with one time transaction numbers
exist. There are cards that can be preloaded with cash, like the VISA
Buxx that is marketed towards parents that want to control their
teens' spending.

But the number on the card never changes, and is just as vulnerable as
any other. The only advantage is that, if stolen, only the remaining
balance can be used. Nothing can be charged as credit by the theif.



On 2/24/06, Jellenc, Eli <ejellenc at idefense.com> wrote:
>
>
>
> I've not heard much about this, but then again, I've only begun researching
> the issue. I have an additional comment that I'd like to submit to the group
> for criticism. I know a lot of people that play online poker, some of whom
> are also cognizant of the dangers inherent to ecommerce. All but the very
> greenest of rookies tend to employ the following strategy: go to a local
> pharmacy and purchase a "pay as you go" credit card (currently offered only
> by VISA and MC if I'm not mistaken). When they get ready to connect to the
> poker site and ante up, they simply transfer funds from their "real" account
> or credit card into the "pay as you go" card…in a matter of minutes, even
> this amount is "spoken for" as they immediately use the card to increase
> their balance on the poker site.
>
>
>
> The one drawback is that the "pay as you go" cards are $10 a piece to buy,
> but for people seriously worried about the threat from data exposure, I
> don't see how this is any great sacrifice. And the intervening step of
> calling to make the transfer is sort of inconvenient, especially for people
> that make frequent purchases from many different sites. This is no panacea,
> to be sure…to publicize this as a method by which to thwart cybercriminals
> would be quite costly and difficult.  Moreover, I have the impression that
> the credit card companies would be against this because it would begin to
> undercut their primary avenue of profit (i.e. interest). Heaven forbid
> people only spend what they have in their accounts at the moment.
>
>
>
> Either way, except for the cost of "educating" the public on the potential
> utility of this solution, I don't see many drawbacks. And what drawbacks do
> exist are still not as serious as the situation is today.
>
>
>
> Thoughts?
>
>
>
> Eli Jellenc
>
> Sr. Threat Analyst
>
> iDefense (www.idefense.com)-- A VeriSign Company
>
> 703-390-9456
>
> ejellenc at idefense.com
>
>
>
>
>
> _______________________________________________
> Dataloss mailing list
> Dataloss at attrition.org
> https://attrition.org/mailman/listinfo/dataloss
>
>
>


More information about the Dataloss mailing list