[clug] The 1st Internet Tax is here.

Alex Satrapa grail at goldweb.com.au
Wed Nov 12 23:37:43 GMT 2008

On 13/11/2008, at 09:56 , Seth Turnbull wrote:

> After 4 years of planning this is what they came up with? A white  
> paper and
> fees?

The funny part is that the flaw is in the credit card system itself.  
There's no authentication at the business/customer transaction level,  
so merely knowing the credit card number & expiry date is enough to  
make your own fraudulent transactions.

So what do the banks do? Tighten up credit card security? No. They  
insist that people handling these magic numbers harden up their systems.

I'm not arguing with hardening POS systems, but the total lack of  
authentication and authorisation at the customer/merchant level still  
needs to be addressed. It's like being able to steal a truckload of  
cash without the truck. There's more security around the truck  
carrying a few thousand dollars worth of ATM cassettes than there is  
around the credit card carrying a family's life savings.


More information about the linux mailing list