Slashdot Mirror

Gives more credence to the idea of one time use credit card numbers. Now you don't even have to be online to have your number stolen.

This should come as no suprise seems it has been easier to steal credit card numbers offline than online for some time now. Think about that pimply faced waiter disapearing in the back with your credit card at a restaraunt. Who cares if you lose your credit card/number anyway?

And it hasn't been for over two years now. Why is this particular piece of FUD so hard to stamp out? Debit cards from Visa/MC have the exact same level of liability, specifically none, with no limitation on how soon you need to report the card lost/stolen.

Visa:
Card Comparison chart, notice that all the check cards are covered by Zero Liability.
Information on Visa's Zero Liability Policy.
Mastercard:
Debit MasterCard features, notice their own Zero Liability Policy listed.
Information on the MasterCard Zero Liability Policy.

And it hasn't been for over two years now. Why is this particular piece of FUD so hard to stamp out? Debit cards from Visa/MC have the exact same level of liability, specifically none, with no limitation on how soon you need to report the card lost/stolen.

Visa:
Card Comparison chart, notice that all the check cards are covered by Zero Liability.
Information on Visa's Zero Liability Policy.
Mastercard:
Debit MasterCard features, notice their own Zero Liability Policy listed.
Information on the MasterCard Zero Liability Policy.

Please do not go through with your plans to cut third-party processing of credit card charges, as detailed in USA Today:

www.usatoday.com/life/cyber/tech/2002/04/19/ paypal.htm

Using third-party processing is an invaluable tool that helps me keep my credit card inforamtion secure. By using services such as PayPal and BillPoint, the merchant does not get access to my credit information. While I may trust a merchant to deliver goods and services, I may not trust him to safeguard my credit card information and keep it secure. Using my credit/debit card for payments like this is far more convenient and secure than sending a money order or check. The end result of this action can only be to reduce sales, and thus, your profit.

For those merchants who use third-party processing, they will probably not get their own merchant accounts. They will need to pay not only the expense of getting a MasterCard account, but the expense of a secure web server and additional man-hours for paperwork administration. Small merchants and individuals will not be able to make this kind of investment.

Heh, user puts on speedpass watch and forgets he/she's wearing it and at a visit to a speedpass supported gas station, walks a wee bit too close to the pumps...

Actually I've been using the Speedpass technology for some time now and, as far as I can see there are many more advantages than disadvantages.
First of all, most of the reasons not to use the speedpass are some what mythical. Take, for example, the one cited above. You can only pump gas while in the general vicinity of the pump. In other words, if you walk a wee bit too close to the pumps they will be active for the 2 seconds you are directly in front of them and no longer active when you walk away.

The other great thing that has been mentioned in some of the posts as a disadvantage is that it is attached to your credit card and it doesn't require a pin/signature. Remember you have ZERO liability for any fraudulent activity that ends up on your credit card. (I know that in actuality there is some minimal legal liability, but here are links from Visa and Mastercard guaranteeing cardholders will have no liability.)

All things considered, I think its pretty cool technology. Like anything there are some risks, but, as far as I can tell, all of these are taken by the big credit card companies leaving you with all the benefits and none of the liability.

Quoting http://www.mastercard.com/education/shoppingtips/:

Pay the safest way

Credit cards are generally the best way to pay because you have legal rights to dispute the charges if the product or service is misrepresented or never delivered.

Will payment by credit card still be the safest way if there is a computer on the card? After all, computers don't err, and if the technology makes it harder to use the card unauthorized, it may also become harder to dispute transactions, just because the technology is believed to be secure.

Recommended reading:

• Liability and Computer Security - Nine Principles
• Why Cryptosystems Fail

both by Ross Anderson.

The traditional credit card system may be smarter than the smart card, because it accepts the possibility of failure and distributes the risk over all customers of the card issuer.

I represent the legal department at MasterCard International (www.mastercard.com) and must ask you to cease and desist from posting libelous posts on Slashdot.

As a company with valuable intellectual property rights and great stake in the trademark (MasterCard, For everything else there's MasterCard, etc.) it is our legal responsibility to police our trademark to prevent dilution.

If your post is not immediately removed from Slashdot, Messrs. Malda, etc. will be taken to court by MasterCard lawyers. We are giving warning because we are aware of the significance of Slashdot as a community portal.

Sincerely,
Spyffe
Lawyer, MasterCard Int'l

>Well, it's been several years, and SET still >isn't implemented at any major e-commerce site >that I know of. The costs SET-compliant software >are huge. Well, maybe not on any major sites, but many smaller sites at least here in Europe are already using it. Lists by Visa and Mastercard.