Re: InfoMagic mail order

["Andrew N. Nishigaya" <anishi@example.com>]

On Fri, 21 Jul 1995, Craig Oda wrote:

> Moo-Tiff CD-ROMs.  I used InfoMagic's PGP public key to encrypt
> the order form to reduce the possibility of getting
> my credit card number stolen.  I'll let everyone know how it goes.

This is kind of cool.  I did not know that they provided a PGP public 
key.  But I think that the hype about credit card security is blown *way* 
out of proportion.

It takes a fair amount of intelligence to abuse credit card numbers, and 
there are much easier ways to get the numbers than by niffing packets out 
of the Net.  How about digging through restaraunt dumpsters (you need to 
hit those low-tech places that still use carbons, though)?  Or those of 
sporting good stores...

Even when you get a number, you still need to know how much credit is 
available on it.  Having a transaction fail because there is insufficient 
balance left on the card would probably not make the abuser happy :-)

So you hack out an account on TRW or similar credit agency.  Then you can 
tap in the number and see what the credit limits are.  But wait!  If you 
are into TRW already, you can just type in that rich kid's name that 
lives down the street.  Bingo! ALL of his card numbers and expiry dates 
and balances!  Gee and all that work to get the number -- mucky dumpsters 
and late nights watching packet dumps from the net... and all you needed 
in the end was their name!


hmmm.  Sorry.  This is not to topical to TLUG...