Yes you can ask Spinrite to do something to a flash drive that is useless.
Are you arguing that same operation, done to a hard disk with spinning platters, is also useless? You seem to be saying "SpinRite is BS" and pointing to the silly flash drive use case, which doesn't apply.
I didn't miss the joke -- I LOL'ed, I promise -- but speaking as a CERT instructor: you were told to get under your desks not to protect against a blast near enough to cause vaporization, but to protect against a possible collapse of a building damaged by an otherwise-non-lethal pressure wave. Yes of course if the bomb detonates right above you, you're toast, and if the bomb detonates far enough away that the pressure wave can't cause building damage then you're cowering under your desk for nothing. For the huge chunk of distance-from-ground-zero in between those two extremes, though, your chance of surviving a building collapse is much greater if you have a personal void to hide inside -- like the area under a desk. That's why your 'nuclear bomb drill' and your 'tornado drill' are so similar: you are increasing your odds of survival, being successfully located and extracted by search and rescue teams, in the event that part of your building collapses.
Get a neighbor to help test your connection?
on
Verizon, Fiber Or Die?
·
· Score: 5, Informative
I don't know what your relationship is with your neighbors, so this may not be plausible:
Could you see if you can use a program like Netcat to stream a large amount of data from your system to theirs, and see what kind of throughput you get? If Verizon is really not giving you the bandwidth you're paying for, this may be one way to prove it.
There are some kinds of connection shaping that this test won't detect, but at least it's a start.
I'm not saying this because I'm for or against land lines, but since people are talking about "what still works in an emergency" -- consider keeping a cheap 2-meter band handheld ham radio transceiver for emergencies instead. Even when the land line type telecommunications networks are down, ham radio still works.
What you need: * an FCC ham radio license. Find a local test session (arrl.org has links) and pay your $14 test fee. All you need is a Technician class license. The youngest person to ever pass the Tech license test was six years old. Trust me, you can pass this test. The license is good for ten years, and makes sure you understand some bare basics about radio before you get on the air. * a cheap HT (handheld transceiver) that works on the 2 meter band. The Kenwood TH-K2AT for example costs under $150.
What you might also want: * an extra battery * a half-wave dipole whip antenna, about one meter in length, to replace the low-performance "rubber duck" antenna your radio comes with * a quarter-wave dipole mag-mount antenna, about a half meter in length, for operating from within a vehicle. * a directional antenna like a yagi, with a hand grip. You can make these yourself or buy a commercial antenna. If you only have five watts of effective radiated power, you might as well aim them where they'll do the most good.
What you don't need: * morse code, Q-codes, or anything like that.
When things go Really Really Bad in your area -- no phone service, no utility power, etc -- you can plug in and power on your radio, scan for activity, and contact someone who may be able to help.
Ham radio uses very few bits of critical infrastructure. Even if you're in a rural area, you should have at least a few repeaters near you. Many repeaters will fail when the power goes out, but many will have backup generators. Even if there are no repeaters, you can operate "simplex" -- transmit and receive on the same frequency. Second, don't worry about there being nobody to talk to in an emergency. Many state and local emergency management agencies have ARES (Amateur Radio Emergency Service) volunteers, so their emergency command centers should have amateur radio operators working.
You don't have to take amateur radio any farther than that. Your license is good for ten years, so keep that used 2-meter HT in your car or truck, top off the battery pack(s) every three to six months, and you should be ready in any emergency. (Also, remember "the first seventy-two are on you" -- in the event of a civil emergency, like forest fires, ice storms, or anything that knocks out critical infrastructure, you need to be prepared to support yourself for at least the first 3 days.)
If emergency readiness is the only thing keeping you tied to your land line, this is just another thing to consider.
(Also, not to stir up ugly memories, but a 2 meter mobile or HT would have saved James Kim's life. Confirm my claim: Google for old stories which indicate where their car got stranded, and look for nearby towns or city names. Go to N4MC's ham locator at vanityhq.com, input a zip or city/state, and it will show you licensed hams near that location. A 5 watt 2 meter HT transmitting *from outside of a vehicle* -- either a mag mount antenna on the roof, or you poke your head out the window while transmitting -- can easily reach 15 miles away clearly enough for someone to make out "mayday mayday mayday.")
The rules and regulations in this part are designed to provide an amateur radio service having a fundamental purpose as expressed in the following principles:
(a) Recognition and enhancement of the value of the amateur service to the public as a voluntary noncommercial communication service, particularly with respect to providing emergency communications.
(b) Continuation and extension of the amateur's proven ability to contribute to the advancement of the radio art.
(c) Encouragement and improvement of the amateur service through rules which provide for advancing skills in both the communication and technical phases of the art.
(d) Expansion of the existing reservoir within the amateur radio service of trained operators, technicians, and electronics experts.
(e) Continuation and extension of the amateur's unique ability to enhance international goodwill.
If you study hard and upgrade your license to General or Amateur Extra class, you'll find you have access to valuable notches of spectrum all across the RF range. Basically every conceivable type of spectrum you might want to experiment with, you can find an amateur band to play with. For example, the 6 meter band (as in, wavelength of 6 meters -- 50 to 54 mhz) ends right where the current broadcast television channels 2, 3, and 4 begin.
So if you want to see why these bands are so valuable, get yourself a ham license and go roll your own radio! HAM equipment doesn't have to be type-certified by the FCC first. I believe this is the only FCC radio service under which you are allowed, even encouraged, to build your own.
And yes you can discuss your personal views on the air with people. No profanity, no commercial speech, and no 'broadcasting' -- you must be talking to someone, not talking to everyone who can hear.
The FCC publishes Amateur Radio Service related enforcement actions. http://www.fcc.gov/eb/AmateurActions/Welcome.html Go ahead and look around -- you'll find letters for people being poor neighbors, operating in frequencies they're not allowed, deliberately interfering with police radio bands, operating with expired or suspended licenses -- but no citations about people expressing opinions.
Since you're getting dropped frames, maybe your PC isn't up to the job. A camcorder can spit out a LARGE amount of data.
Have you considered a standalone, entertainment-center-type DVD recorder? I think you can get one for pretty cheap with firewire in. So you would hook your firewire output to the DVD recorder (to avoid digital -> analog -> digital conversion losses), and just record to a blank disk.
A brief look online found the Panasonic DMR-ES15S for about $150. There are probably cheaper, and I've never used this model before so I don't know if it's any good.
Slight nitpick, then I'll let you get back to your ongoing highly-moderated discussion.:-)
If processing power roughly doubles every 18 months, every extra bit of encryption doubles the work required, but only adds 18 months to the time needed. Adding 12 bits might make the computation require 4096x more work, but would add 18 years to the computation time, not (previous time in years x 4096) years.
Remember that security cares about risk. Security researchers should consider that the next 20 years will see similarly exponential increases in processing power as the last 20 years. Sure, it's not guaranteed to happen: things could taper off soon. But I don't think it's wise to assume it WILL DEFINITELY taper off. I think it's reasonable to assume the same growth rate, or assume one even faster, and plan from there.
So adding bits increases time-to-crack linearly, if we assume the next 20 years will be similar to the last 20 years.
Time to crack 4096-bit = the lowest of: Time to crack 10-bit + 6129 years or time to crack 11 bit + 6127.5 years or time to crack 12 bit + 6125 years or time to crack 13 bit + 6123.5 years etc. Thousands's of years, yes. Sextillions of years . . . are you sure?
I have no comment about the correctness or incorrectness of anything else you're talking about. This comment only cares about time-to-crack estimates.
I use Asterisk. Don't ever give out your actual cell phone number -- just give out your Asterisk server's number. If Asterisk accepts the caller (password, IVR option, whatever) then Asterisk can forward the caller to your cell phone, announcing the calling phone number / name with Festival text-to-speech. It costs extra and requires some technical work, but nothing the Slashdot crowd can't handle. Right?
(I work for First National Merchant Solutions, a company which helps businesses accept payment by credit card.)
Many highly-moderated posts here are confusing the facts, or saying how they think the system should work.
The merchant SHOULD keep track of the credit card number. They can't print the card number on receipts they give to their customers, but the card number is sometimes the only customer identification they have. If a chargeback or retrieval request comes through, the mechant needs to be able to find information about a specific sale, and they usually find that using the card number.
Someone reported that a business issued a credit to their card without requiring their card number again. This, too, is normal. Even if the merchant didn't store the credit card number, they would only have to call their credit card processing company (like the company I work for), identify themselves properly, give them the day of the original sale and the amount, and WE would tell them your card number and expiration date so they could process the credit. (You would have been wasting that manager's time, if you did talk to them.)
Visa and Mastercard regulations prohibit merchants from storing the CVV2/CVC2 number (that's the 3 digit number printed on the papery stripe on the back of your card), or any of the 'secret' information encoded on the magnetic stripe of the card. Everything else they can store, AS LONG AS THEY COMPLY WITH SECURITY REQUIREMENTS. http://usa.visa.com/business/accepting_visa/ops_ri sk_management/cisp.html If they maintain a secure system, there is no problem at all with them storing their customers' details.
If there's a security breach, the government's intervention is not required. Processing regulations already demand fines for noncompliance. If a merchant's security is penetrated and they lose a bunch of customer details, they'll have to pay a fine and have their security audited to Visa/Mastercard's satisfaction. These fines scale according to the size of the merchant and their annual transaction volume. The largest merchants (like those many of you are talking about) could face huge fines in the hundreds-of-thousands-of-dollars range, if they're noncompliant and they stay that way for any length of time.
If a merchant is using your card information in a way they shouldn't (for example, assuming you'll put your sale on a card you used last time) that's a customer service issue. If they actually charge your card unauthorized, make them give the money back. If they don't credit your account within 30 days, contact your issuing bank. Chargeback reason "Fraudulent Transaction - No Cardholder Authorization." They aren't actually breaking any rules by using a stored card number, but that's still a pretty dumb thing to do if you want happy customers.
OK, now back on topic. Pin-based debit information, like full magnetic stripe info and ESPECIALLY any information about the pin number challenge/response, should NEVER be stored by any merchant. (They can store the card number, debit network ID, various transaction reference numbers, etc.) If someone's software is doing that, merchants should stop using that software. Maybe Visa/Mastercard should release a bulletin to its member organizations, for its merchants, warning them that if they're using this software they need to stop. (Looks suspiciously like something which inspired the original article, doesn't it?) If merchants fail to switch to other, compliant software versions, they deserve the fines and sanctions they'll incur.
(How can Visa and Mastercard levy fines, if they're not the government? Contract law. Visa and Mastercard require contracts with processing companies, like the one I work for. When we sign on a new merchant, they must sign a merchant processing agreement, which binds them to Visa/Mastercard's regulations, and with that binds them to any fines they might incur.)
Now let's get the discussion back on track. No more of this "businesses are storing my credit card number and I don't like it!" stuff.
I was unemployed in 2001, and tested at a Nebraska Employment Center. They scored me at 101 WPM, or 98 WPM after errors. I even received a test score sheet with the state seal on it and everything.
That's not impressive. That's pathetic. That's evidence that I spend far too much time socializing by computer, and less time socializing in person. When I try to post on message boards, my fast typing speed means I can just let thoughts fly, building these huge multiple-page posts in the space of 20 or 30 minutes. Some people don't want to read all that.
Even I stop to correct my spelling and grammar errors. If you type quickly, that means each keystroke has LESS time-cost to you, so it costs you even less than average to stop and correct your errors.
So in my opinion, and based on my experiences, if you can type very quickly but still fail to correct the spelling and grammar mistakes everyone makes occasionally, you've shown evidence of being even more inconsiderate. A freakishly high WPM score condemns you even more.
I can read through spelling and grammar mistakes just fine. If I'm interested in the message, I have no problem understanding the poster's intent.
Good spelling and grammar are important for other reasons. Remember how they say that 99% of everything on the Internet is crap? People must develop personal filters, and learn to skip over probably-meaningless messages, in order to get to good content. Some people are unaffected by spelling or grammar errors. Others will count errors against their personal, automatic 'crap filter' score for that message, and will stop reading and skip to the next message. A rare minority feels they should try to help the poster by pointing out why their errors are hurting them; or perhaps are negative about it, and feel they must abuse the original poster because of their errors.
If you take the time to write a message, remember that the public Internet doesn't know you by name. You may have a reputation for meaningful, insightful comment among your circle of friends, but everybody else will filter you out unless you give them cause not to. If you take the time to write a message, take a bit more time to make it look good. If it's a long message, take even more time to make sure your thoughts are organized well, and consider adding an 'executive summary' if it won't get you laughed at. If you can type quickly, this extra work should be even less of a burden, and it makes your post more valuable because more people will be willing to read and appreciate it.
By the way, I'm writing this to add my experiences to Tim Browse's. I browse at +5, and I haven't even seen the message Tim was replying to. I don't *care* that much. I hope that this helps other readers who aren't emotionally invested in some kind of childish argument.
The original poster asked about experiences with other companies.
Personally, I feel email is not a reliable way to make first contact with someone, unless you have some arrangement made with them in advance. While email sent to abuse@ and postmaster@ should always be read by a live person, many spammers send bulk email to abuse@ and postmaster@ addresses. Any published email address is likely to receive a large number of unwanted email messages, and anyone who reads mail at that address must spend extra time removing unwanted messages. Sometimes important messages are deleted or ignored by mistake.
Some companies ask to be contacted by email. They might publish a customer service email address on their web site, or publish a 'Contact Us' page which lists email addresses which can best handle different kinds of issues.
If you just guess an email address, or if you send mail to a published address where the recipient hasn't requested your email, I don't think you can assume your email will always be read, or that you can fairly call a company irresponsible for failing to read your unsolicited email.
Phone calls, faxes, and paper mail require more effort than an email message. If a company doesn't respond to an email message, but you really are interested in helping them find this web site, it might be worthwhile to look up their fax number or mailing address, and contact them that way. If you don't really want to help them, you don't have to. It's completely optional.
Re:Which is actually cheaper, soda or ice?
on
Ask The Mythbusters
·
· Score: 1
1. Why isn't the parent at +5 yet?
2. While the ideal numbers make it look like a clear win for ice instead of soda, I wonder what things look like if you move out of the classroom and into the real world? Both numbers could start getting pretty messy. As another poster states, McDonalds might get Coke much cheaper, and I submit that ice machines aren't 100% efficient.
So how's this for an efficiency experiment:
How much energy does an ice machine consume when it's just maintaining an unused load of ice for a long period of time?
How much energy does the ice machine consume when you remove ice at a slow rate (10 medium soda cups per hour)? At a fast rate (200 medium soda cups per hour)? How much energy does the ice machine consume when you empty it and wait for it to refill its container?
Can you get a local non-24-hour McDonalds to allow you to install power monitoring equipment on each of their ice machines, and to present you with information on ice consumption (soda sales) throughout your day of sampling?
(There will be a couple of hours before employees come in where all ice machines are full of ice and just 'maintaining' their loads. There are, aren't there? I've never worked in fast food. So you can extrapolate that those hours represent the base cost of operating ice machines without removing any ice. The difference between that and the higher, real-world cost of the ice machines represents the energy cost of the ice used that day.)
This would give you real-world numbers for energy cost per quantity of ice.
My BS was plain old Computer Science, but I had Programming Languages (which made heavy use of BNF dictionaries, which also touch your field) and Intro to AI. So I'm no expert either...
The article made me think this system was building a 'grammar' in the strictest sense of the word, but definitely one without any mapping back to real world concepts. They mention statistical significance, so that makes me think they're using machine learning algorithms to guess an "optimal" set of rules they can stitch realistic-sounding sentences together with, without actually processing any of the meaning.
Equation 1 balances two opposing "forces" in pattern formation: (1) the length of the pattern, and (2) the number and the cohesiveness of the set of examples that support it. On the one hand, shorter patterns are likely to be supported by more examples; on the other hand, they are also more likely to lead to over-generalization, because shorter patterns mean less context. (end PDF quote)
So while I don't think this system can translate unknown language into meaningful human language any time soon, it does seem like this system can help a team of humans develop a more reliable way to machine-translate natural language.
For example, spoken American English is full of common idioms and sets of phrases. Without a system like this, a Japanese translation system developer would literally translate a common idiom because she didn't realize it was a common idiom, and then would need to find some way to resolve this pigs-flying or happy-as-a-pig-in statement. A system like this would identify these common bits of language, so this system developer would know to parse that set of words as if it's one word.
Does that make sense? Or is the article touting this method as a major breakthrough, when actually this pattern recognition system is already used in your field?
I'm not sure about your office, but my employer uses Microsoft Outlook and Microsoft Exchange servers. Microsoft Access can 'link' data from Microsoft Outlook data sources, and access the messages as records in a table. You can then run a query in MS Access to insert that data into another table on a proper database server, and then use any technology you like to access the data there.
If your employer doesn't use Microsoft Exchange servers, this advice won't really apply to you.
If you're a moderator and you want to ensure that people who use Microsoft products and submit Ask Slashdot questions never get useful answers, feel free to mod me down.
Kicked in the face? I didn't ask him to shut up, I asked for an explanation and got an explanation. I requested a behavior change and got a behavior change. What more could I have wanted?
Do you think I wanted him to be wrong, or just that I wanted him to explain himself because his previous statements weren't drawing a clear picture?
That fraud protection you pay for with taxes includes the court system. The whole 'small customer versus big company's legal team' problem still applies.
You raise some good points. It has always bothered me when I've had to click 'donate' on someone's site and use a credit card, because I know credit card processing is overkill for donations.
One alternative I could use today is to write a paper check, stick the check in an envelope, and mail it. To be safe, the recipient would need to keep the funds in his account for as long as 60 days, so the recipient doesn't bounce any checks if I reverse my donation with a stop-payment later.
An online alternative to this would be nice. Keep in mind, though, payment processing systems are *expensive* to build, because they must be reliable, secure, and future-proof. If the system were mine to design, though, I would build a system where a customer must contact their bank first and authorize the sale, and then the customer could provide some kind of confirmation code to the merchant.
There seems to be a tradeoff inherent in payment processing, and this tradeoff sounds familiar: fast, cheap, good -- pick two. In this context, 'good' makes a system appropriate for retail sales, where a merchant needs reasonable assurance that the customer can't take their money back. If you don't need 'fast' then you can keep money and/or merchandise in some kind of escrow or holding account for a while.
I'm not sure why the merchant has to bear the cost of credit card processing, but it's the way the world works right now. The business case for the merchant is: accepting credit cards enables you to take money from some percentage more customers than otherwise. Depending on the industry, you may see 5% to 30% more sales as a result of accepting credit cards. If those increased sales are worth the cost of credit card processing, including for customers who could have paid by cash or check but chose to use their card anyway, then it's worthwhile to accept cards.
There has to be a way to get money from the customer's bank account. You either need the bank to set up some new micropayment system, or you need the customer to move money into some new micropayment account using existing payment channels. It might not require legislation to get banks to adopt something new, but you have to put a pretty hefty carrot on the end of a string if you want to tempt an organization the size of most banks.
That's not impossible, though. Remember how pin-based debit came about? I don't remember which one, but one large bank branch set up ATM machines all over a big city, and those ATM machines were a 'perk' of banking with that one company. So that was one way for one bank to differentiate their consumer-banking service from every other bank's consumer-banking service. It was expensive but it paid for itself.
On the other side, the problem with these stored-value micropayment systems is that to add value to your account you must use a traditional payment channel. Most of those have fraud protection, so the stored-value system needs to incur significant (pick one: cost / time lag / risk of loss) each time the customer adds value to their account. Whatever is incurred needs to be distributed evenly across all the micropayments that come out of that 'charge'.
So a nearly-free stored value system would have so many restrictions on it, it'd be nearly unusable. My design? Any money you add to the account would need to sit in a 'holding cell' for 60 days before you can actually spend it -- but at least you get to keep the interest. (Or maybe the system would keep the interest as profit, for web site costs and whatnot.) You have to add a minimum of $10 each time you add value, but no single payment to any merchant can exceed 10 cents per day.
Sucks, doesn't it? That's the problem. We're so used to having it good + fast + cheap, we won't tolerate a system that takes one of those things away from us. (Customers think it's
(Disclaimer: I work for a payment processing company, First National Merchant Solutions, so the fees you're advocating against are what keep me fed and pay my bills. I'm naturally biased toward a system that keeps me employed, but I have other interesting insights into payment processing which people outside this industry might not have.)
There's one important component of payment processing you're missing. If it weren't for this component you would be completely correct, so I'm pretty sure I've identified the part you're missing.
Sometimes things go badly, and some kind of fraud protection is needed. That fraud protection costs much more money than the account-to-account transfers you're talking about.
Suppose in one scenario, both parties to the funds transfer trust each other completely, and both sides waive any right to fraud protection. One person can put cash directly in the other's hand, or they can do a free bank transfer. Nothing complicated can happen here, so no extra effort can be expended, so no fees are needed.
In scenario two, suppose the two parties to the funds transfer have a buyer/seller relationship, and the validity of the transfer depends on material properties of that buyer/seller relationship. Think Visa/Mastercard chargeback rights (which are familiar and comfortable to me, so I prefer them as an example). If something goes wrong with the sale, the transfer of funds needs to be reversed. But who can decide if something went wrong with the sale? Who is telling the truth? Maybe the customer is claiming they never received mail-order merchandise, but they actually do have it and are lying? Maybe the customer is claiming they never received mail-order merchandise because the seller never sent it? Maybe something different happened?
Do we really want to require the buyer to take the seller to court to get their money back? (Sure, some merchants are small mom and pops, but some are the size of Gateway, the Gap, LL Bean, etc. Their purse is longer than yours or mine.)
According to my (biased) view of the world, when a merchant runs sales they must pay transaction fees. When they ask me what their fees pay for, here's what I see:
* Some fees are 'interchange' and 'assessments', which go straight to Visa/Mastercard, for their operational costs, and to the banks which issue those cards, for profit. I don't work on the card-issuing side so I don't know. I guess this goes to pay for bank profit, for those rewards points customers get, and to offset the occasional customer bankrupcy or other bank write-off when a customer doesn't pay for the charges they make. * Some fees pay for the systems used to process those sales, both third-party systems (like Vital Processing Service, vitalps.com) and our own systems. We're a bank, so our systems follow a rigorous (and slow and expensive) development process -- but they're well-designed. We're a bank, with *vastly* greater assets at stake than those companies you see in the news for getting hacked. Those systems aren't cheap to build or maintain. Then again, you're not going to be seeing First National on the news for getting hacked. We won't be pulling a Card System Intl or a DPI Merchant Services any time soon. * Some fees pay for risk management: if a merchant runs a bunch of fraudulent sales, and then jumps the border to Mexico before anything gets charged back, we have to cough up those funds and then try to collect from the merchant later. We need some money to offset that risk. * Some fees pay for general company costs: tech support staff, customer service, computer guys, auditors, finance people, building rent, etc. * Some fees pay for the transfer of funds from the processing company (us) to the merchant's own bank account. That bank transfer isn't free: the two or three days of interest generated goes toward the cost of transferring money. There's no way to say "this transfer is for credit cards, so give us part of the fee back" or "this transfer is for a ch
That's true if the value of dishonesty is infinite. In general (which this story is NOT) you're right. In specific, identity information has a finite value. You CAN pay someone enough to dissuade them from being dishonest in this specific way with this specific set of data.
On a related note, every time I've talked to someone in a call center who makes it obvious they may not be Americans living in America (like someone who asked me to spell Iowa), I asked to be transferred to someone in the USA. When they asked me why, I gave the made-up reason that "because you aren't in the USA, I can't trust you with my personal information. I am unable to sue you if you do something illegal with my information." Maybe that reason wasn't so made up after all... wow...
(That one time, with the person who needed the spelling for Iowa, I called Dell back and got someone with a thicker accent. I immediately asked where they were located, and they said southern Florida. Oops... )
We need to be more specific. Some companies are credit card issuers -- they create the card numbers and own the bank accounts attached to those cards. Those companies end up collecting interchange and assessments (processing fees) on the sale, but then take the money back again.
Some companies (like the one I work for, and like the one in the story) are credit card processors. We don't issue cards, we process payments against those cards and deposit funds in merchants' bank accounts. We also bear financial responsibility for our merchants. If one of our merchants were to run a ton of fraudulent sales, take the money, and then flee to Mexico or something, we would be responsible for paying for the proceeds from those fraudulent sales to be returned to their customers. When a chargeback happens, we charge our merchants a chargeback handling fee, but we invest far more time and labor into processing the chargeback than what we bill.
Worse than that, if we're found to be responsible for a security problem like this, the bad press, fines, and required security audits and certifications cost much more money than would be made from processing fees.
Visa and Mastercard have this under control. They have created more than enough negative consequences for these kinds of actions that nobody would ever deliberately leak card numbers.
(Nobody ever does this, but Google for the CISP and PCI programs, with enough other search terms that you get credit-card-industry results and not PCI bus or whatever.)
11 dollars seems pretty steep, but then again I've never used eBay or PayPal. Can you break that down for us? How much was payment-processing-related, and how much was listing-and-selling related?
I could understand maybe $1.50 or $2.00 for transferring $75.00. Pure interchange and assessments on a card-not-present Visa or Mastercard sale will cost most of that amount, and the processing company needs a little overhead to cover the small fraction of transactions the processor ends up paying for.
In general, payment processing has to have a cost, because there has to be oversight and oversight costs money. The only free way to transfer money is the buyer placing cash in the hand of the seller. Everything else has people in the loop somewhere. Some kinds of payment processing even have accountability -- fraud management, chargeback rights, stop-payment rights, etc. Those investigations cost money also, and that adds to the price of a transaction.
(I work in the payment processing industry, but other than the article I don't know any more about this incident than you guys do.)
That makes me wonder: how does the security of different payment processors correlate with their processing rates and operational cost? It seems to me, as a First National employee, that our fancy well-designed computer systems, our multiple security-related departments, etc., increase our cost of doing business, so we get beat on price by a lot of other processors. We're not the cheapest processor out there.
Since I'm not an industry expert, and I don't know what everybody else charges for processing, I'm curious: for any Slashdotters who are also merchants (own a business, accept credit card payments), does this ring true? Big company, big systems and good security, higher internal cost, higher prices? Small company, smaller systems and maybe less security, lower internal cost, lower prices?
(Furthermore, why are we rewarding this behavior with a +5? Notice the pulpit-pounding? Notice how he's just repeating his "perpetual-motion" theory, never stopping to explain himself or show his work? That's not a scientist. +5 Funny I can imagine, but this guy's being serious. I tried to help him.)
Slashdot Mirror
Yes you can ask Spinrite to do something to a flash drive that is useless.
Are you arguing that same operation, done to a hard disk with spinning platters, is also useless? You seem to be saying "SpinRite is BS" and pointing to the silly flash drive use case, which doesn't apply.
I didn't miss the joke -- I LOL'ed, I promise -- but speaking as a CERT instructor: you were told to get under your desks not to protect against a blast near enough to cause vaporization, but to protect against a possible collapse of a building damaged by an otherwise-non-lethal pressure wave. Yes of course if the bomb detonates right above you, you're toast, and if the bomb detonates far enough away that the pressure wave can't cause building damage then you're cowering under your desk for nothing. For the huge chunk of distance-from-ground-zero in between those two extremes, though, your chance of surviving a building collapse is much greater if you have a personal void to hide inside -- like the area under a desk. That's why your 'nuclear bomb drill' and your 'tornado drill' are so similar: you are increasing your odds of survival, being successfully located and extracted by search and rescue teams, in the event that part of your building collapses.
I don't know what your relationship is with your neighbors, so this may not be plausible:
Could you see if you can use a program like Netcat to stream a large amount of data from your system to theirs, and see what kind of throughput you get? If Verizon is really not giving you the bandwidth you're paying for, this may be one way to prove it.
There are some kinds of connection shaping that this test won't detect, but at least it's a start.
I'm not saying this because I'm for or against land lines, but since people are talking about "what still works in an emergency" -- consider keeping a cheap 2-meter band handheld ham radio transceiver for emergencies instead. Even when the land line type telecommunications networks are down, ham radio still works.
What you need:
* an FCC ham radio license. Find a local test session (arrl.org has links) and pay your $14 test fee. All you need is a Technician class license. The youngest person to ever pass the Tech license test was six years old. Trust me, you can pass this test. The license is good for ten years, and makes sure you understand some bare basics about radio before you get on the air.
* a cheap HT (handheld transceiver) that works on the 2 meter band. The Kenwood TH-K2AT for example costs under $150.
What you might also want:
* an extra battery
* a half-wave dipole whip antenna, about one meter in length, to replace the low-performance "rubber duck" antenna your radio comes with
* a quarter-wave dipole mag-mount antenna, about a half meter in length, for operating from within a vehicle.
* a directional antenna like a yagi, with a hand grip. You can make these yourself or buy a commercial antenna. If you only have five watts of effective radiated power, you might as well aim them where they'll do the most good.
What you don't need:
* morse code, Q-codes, or anything like that.
When things go Really Really Bad in your area -- no phone service, no utility power, etc -- you can plug in and power on your radio, scan for activity, and contact someone who may be able to help.
Ham radio uses very few bits of critical infrastructure. Even if you're in a rural area, you should have at least a few repeaters near you. Many repeaters will fail when the power goes out, but many will have backup generators. Even if there are no repeaters, you can operate "simplex" -- transmit and receive on the same frequency. Second, don't worry about there being nobody to talk to in an emergency. Many state and local emergency management agencies have ARES (Amateur Radio Emergency Service) volunteers, so their emergency command centers should have amateur radio operators working.
You don't have to take amateur radio any farther than that. Your license is good for ten years, so keep that used 2-meter HT in your car or truck, top off the battery pack(s) every three to six months, and you should be ready in any emergency. (Also, remember "the first seventy-two are on you" -- in the event of a civil emergency, like forest fires, ice storms, or anything that knocks out critical infrastructure, you need to be prepared to support yourself for at least the first 3 days.)
If emergency readiness is the only thing keeping you tied to your land line, this is just another thing to consider.
(Also, not to stir up ugly memories, but a 2 meter mobile or HT would have saved James Kim's life. Confirm my claim: Google for old stories which indicate where their car got stranded, and look for nearby towns or city names. Go to N4MC's ham locator at vanityhq.com, input a zip or city/state, and it will show you licensed hams near that location. A 5 watt 2 meter HT transmitting *from outside of a vehicle* -- either a mag mount antenna on the roof, or you poke your head out the window while transmitting -- can easily reach 15 miles away clearly enough for someone to make out "mayday mayday mayday.")
--Michael Spencer
(Callsign: NOØK)
What you've described sounds like the Amateur Radio Service, also called ham radio.
f r97_06.html
:-)
http://www.access.gpo.gov/nara/cfr/waisidx_06/47c
The rules and regulations in this part are designed to provide an
amateur radio service having a fundamental purpose as expressed in the
following principles:
(a) Recognition and enhancement of the value of the amateur service
to the public as a voluntary noncommercial communication service,
particularly with respect to providing emergency communications.
(b) Continuation and extension of the amateur's proven ability to
contribute to the advancement of the radio art.
(c) Encouragement and improvement of the amateur service through
rules which provide for advancing skills in both the communication and
technical phases of the art.
(d) Expansion of the existing reservoir within the amateur radio
service of trained operators, technicians, and electronics experts.
(e) Continuation and extension of the amateur's unique ability to
enhance international goodwill.
If you study hard and upgrade your license to General or Amateur Extra class, you'll find you have access to valuable notches of spectrum all across the RF range. Basically every conceivable type of spectrum you might want to experiment with, you can find an amateur band to play with. For example, the 6 meter band (as in, wavelength of 6 meters -- 50 to 54 mhz) ends right where the current broadcast television channels 2, 3, and 4 begin.
So if you want to see why these bands are so valuable, get yourself a ham license and go roll your own radio! HAM equipment doesn't have to be type-certified by the FCC first. I believe this is the only FCC radio service under which you are allowed, even encouraged, to build your own.
And yes you can discuss your personal views on the air with people. No profanity, no commercial speech, and no 'broadcasting' -- you must be talking to someone, not talking to everyone who can hear.
The FCC publishes Amateur Radio Service related enforcement actions. http://www.fcc.gov/eb/AmateurActions/Welcome.html Go ahead and look around -- you'll find letters for people being poor neighbors, operating in frequencies they're not allowed, deliberately interfering with police radio bands, operating with expired or suspended licenses -- but no citations about people expressing opinions.
THX QSO 73 K
Since you're getting dropped frames, maybe your PC isn't up to the job. A camcorder can spit out a LARGE amount of data.
Have you considered a standalone, entertainment-center-type DVD recorder? I think you can get one for pretty cheap with firewire in. So you would hook your firewire output to the DVD recorder (to avoid digital -> analog -> digital conversion losses), and just record to a blank disk.
A brief look online found the Panasonic DMR-ES15S for about $150. There are probably cheaper, and I've never used this model before so I don't know if it's any good.
Slight nitpick, then I'll let you get back to your ongoing highly-moderated discussion. :-)
:-)
If processing power roughly doubles every 18 months, every extra bit of encryption doubles the work required, but only adds 18 months to the time needed. Adding 12 bits might make the computation require 4096x more work, but would add 18 years to the computation time, not (previous time in years x 4096) years.
Remember that security cares about risk. Security researchers should consider that the next 20 years will see similarly exponential increases in processing power as the last 20 years. Sure, it's not guaranteed to happen: things could taper off soon. But I don't think it's wise to assume it WILL DEFINITELY taper off. I think it's reasonable to assume the same growth rate, or assume one even faster, and plan from there.
So adding bits increases time-to-crack linearly, if we assume the next 20 years will be similar to the last 20 years.
Time to crack 4096-bit = the lowest of:
Time to crack 10-bit + 6129 years
or time to crack 11 bit + 6127.5 years
or time to crack 12 bit + 6125 years
or time to crack 13 bit + 6123.5 years
etc.
Thousands's of years, yes. Sextillions of years . . . are you sure?
I have no comment about the correctness or incorrectness of anything else you're talking about. This comment only cares about time-to-crack estimates.
Carry on.
Blockbuster Video's UMD cases have slots for two UMDs for a reason, you know.
If they would start including the same special features as found on DVDs, using two UMDs to do it if necessary, I would buy more UMD movies.
I use Asterisk. Don't ever give out your actual cell phone number -- just give out your Asterisk server's number. If Asterisk accepts the caller (password, IVR option, whatever) then Asterisk can forward the caller to your cell phone, announcing the calling phone number / name with Festival text-to-speech. It costs extra and requires some technical work, but nothing the Slashdot crowd can't handle. Right?
(I work for First National Merchant Solutions, a company which helps businesses accept payment by credit card.)
i sk_management/cisp.html If they maintain a secure system, there is no problem at all with them storing their customers' details.
Many highly-moderated posts here are confusing the facts, or saying how they think the system should work.
The merchant SHOULD keep track of the credit card number. They can't print the card number on receipts they give to their customers, but the card number is sometimes the only customer identification they have. If a chargeback or retrieval request comes through, the mechant needs to be able to find information about a specific sale, and they usually find that using the card number.
Someone reported that a business issued a credit to their card without requiring their card number again. This, too, is normal. Even if the merchant didn't store the credit card number, they would only have to call their credit card processing company (like the company I work for), identify themselves properly, give them the day of the original sale and the amount, and WE would tell them your card number and expiration date so they could process the credit. (You would have been wasting that manager's time, if you did talk to them.)
Visa and Mastercard regulations prohibit merchants from storing the CVV2/CVC2 number (that's the 3 digit number printed on the papery stripe on the back of your card), or any of the 'secret' information encoded on the magnetic stripe of the card. Everything else they can store, AS LONG AS THEY COMPLY WITH SECURITY REQUIREMENTS. http://usa.visa.com/business/accepting_visa/ops_r
If there's a security breach, the government's intervention is not required. Processing regulations already demand fines for noncompliance. If a merchant's security is penetrated and they lose a bunch of customer details, they'll have to pay a fine and have their security audited to Visa/Mastercard's satisfaction. These fines scale according to the size of the merchant and their annual transaction volume. The largest merchants (like those many of you are talking about) could face huge fines in the hundreds-of-thousands-of-dollars range, if they're noncompliant and they stay that way for any length of time.
If a merchant is using your card information in a way they shouldn't (for example, assuming you'll put your sale on a card you used last time) that's a customer service issue. If they actually charge your card unauthorized, make them give the money back. If they don't credit your account within 30 days, contact your issuing bank. Chargeback reason "Fraudulent Transaction - No Cardholder Authorization." They aren't actually breaking any rules by using a stored card number, but that's still a pretty dumb thing to do if you want happy customers.
OK, now back on topic. Pin-based debit information, like full magnetic stripe info and ESPECIALLY any information about the pin number challenge/response, should NEVER be stored by any merchant. (They can store the card number, debit network ID, various transaction reference numbers, etc.) If someone's software is doing that, merchants should stop using that software. Maybe Visa/Mastercard should release a bulletin to its member organizations, for its merchants, warning them that if they're using this software they need to stop. (Looks suspiciously like something which inspired the original article, doesn't it?) If merchants fail to switch to other, compliant software versions, they deserve the fines and sanctions they'll incur.
(How can Visa and Mastercard levy fines, if they're not the government? Contract law. Visa and Mastercard require contracts with processing companies, like the one I work for. When we sign on a new merchant, they must sign a merchant processing agreement, which binds them to Visa/Mastercard's regulations, and with that binds them to any fines they might incur.)
Now let's get the discussion back on track. No more of this "businesses are storing my credit card number and I don't like it!" stuff.
I completely agree.
I was unemployed in 2001, and tested at a Nebraska Employment Center. They scored me at 101 WPM, or 98 WPM after errors. I even received a test score sheet with the state seal on it and everything.
That's not impressive. That's pathetic. That's evidence that I spend far too much time socializing by computer, and less time socializing in person. When I try to post on message boards, my fast typing speed means I can just let thoughts fly, building these huge multiple-page posts in the space of 20 or 30 minutes. Some people don't want to read all that.
Even I stop to correct my spelling and grammar errors. If you type quickly, that means each keystroke has LESS time-cost to you, so it costs you even less than average to stop and correct your errors.
So in my opinion, and based on my experiences, if you can type very quickly but still fail to correct the spelling and grammar mistakes everyone makes occasionally, you've shown evidence of being even more inconsiderate. A freakishly high WPM score condemns you even more.
I can read through spelling and grammar mistakes just fine. If I'm interested in the message, I have no problem understanding the poster's intent.
Good spelling and grammar are important for other reasons. Remember how they say that 99% of everything on the Internet is crap? People must develop personal filters, and learn to skip over probably-meaningless messages, in order to get to good content. Some people are unaffected by spelling or grammar errors. Others will count errors against their personal, automatic 'crap filter' score for that message, and will stop reading and skip to the next message. A rare minority feels they should try to help the poster by pointing out why their errors are hurting them; or perhaps are negative about it, and feel they must abuse the original poster because of their errors.
If you take the time to write a message, remember that the public Internet doesn't know you by name. You may have a reputation for meaningful, insightful comment among your circle of friends, but everybody else will filter you out unless you give them cause not to. If you take the time to write a message, take a bit more time to make it look good. If it's a long message, take even more time to make sure your thoughts are organized well, and consider adding an 'executive summary' if it won't get you laughed at. If you can type quickly, this extra work should be even less of a burden, and it makes your post more valuable because more people will be willing to read and appreciate it.
By the way, I'm writing this to add my experiences to Tim Browse's. I browse at +5, and I haven't even seen the message Tim was replying to. I don't *care* that much. I hope that this helps other readers who aren't emotionally invested in some kind of childish argument.
The original poster asked about experiences with other companies.
Personally, I feel email is not a reliable way to make first contact with someone, unless you have some arrangement made with them in advance. While email sent to abuse@ and postmaster@ should always be read by a live person, many spammers send bulk email to abuse@ and postmaster@ addresses. Any published email address is likely to receive a large number of unwanted email messages, and anyone who reads mail at that address must spend extra time removing unwanted messages. Sometimes important messages are deleted or ignored by mistake.
Some companies ask to be contacted by email. They might publish a customer service email address on their web site, or publish a 'Contact Us' page which lists email addresses which can best handle different kinds of issues.
If you just guess an email address, or if you send mail to a published address where the recipient hasn't requested your email, I don't think you can assume your email will always be read, or that you can fairly call a company irresponsible for failing to read your unsolicited email.
Phone calls, faxes, and paper mail require more effort than an email message. If a company doesn't respond to an email message, but you really are interested in helping them find this web site, it might be worthwhile to look up their fax number or mailing address, and contact them that way. If you don't really want to help them, you don't have to. It's completely optional.
1. Why isn't the parent at +5 yet?
2. While the ideal numbers make it look like a clear win for ice instead of soda, I wonder what things look like if you move out of the classroom and into the real world? Both numbers could start getting pretty messy. As another poster states, McDonalds might get Coke much cheaper, and I submit that ice machines aren't 100% efficient.
So how's this for an efficiency experiment:
How much energy does an ice machine consume when it's just maintaining an unused load of ice for a long period of time?
How much energy does the ice machine consume when you remove ice at a slow rate (10 medium soda cups per hour)? At a fast rate (200 medium soda cups per hour)? How much energy does the ice machine consume when you empty it and wait for it to refill its container?
Can you get a local non-24-hour McDonalds to allow you to install power monitoring equipment on each of their ice machines, and to present you with information on ice consumption (soda sales) throughout your day of sampling?
(There will be a couple of hours before employees come in where all ice machines are full of ice and just 'maintaining' their loads. There are, aren't there? I've never worked in fast food. So you can extrapolate that those hours represent the base cost of operating ice machines without removing any ice. The difference between that and the higher, real-world cost of the ice machines represents the energy cost of the ice used that day.)
This would give you real-world numbers for energy cost per quantity of ice.
My BS was plain old Computer Science, but I had Programming Languages (which made heavy use of BNF dictionaries, which also touch your field) and Intro to AI. So I'm no expert either...
p df Quote from the PDF:
The article made me think this system was building a 'grammar' in the strictest sense of the word, but definitely one without any mapping back to real world concepts. They mention statistical significance, so that makes me think they're using machine learning algorithms to guess an "optimal" set of rules they can stitch realistic-sounding sentences together with, without actually processing any of the meaning.
Aha, yes, the article contained some Google fodder, which pointed to this academic paper: http://www.tau.ac.il/~zsolan/papers/soletalb2002.
Equation 1 balances two opposing "forces" in pattern formation: (1) the length of the pattern, and (2) the number and the cohesiveness of the set of examples that support it. On the one hand, shorter patterns are likely to be supported by more examples; on the other hand, they are also more likely to lead to over-generalization, because shorter patterns mean less context.
(end PDF quote)
So while I don't think this system can translate unknown language into meaningful human language any time soon, it does seem like this system can help a team of humans develop a more reliable way to machine-translate natural language.
For example, spoken American English is full of common idioms and sets of phrases. Without a system like this, a Japanese translation system developer would literally translate a common idiom because she didn't realize it was a common idiom, and then would need to find some way to resolve this pigs-flying or happy-as-a-pig-in statement. A system like this would identify these common bits of language, so this system developer would know to parse that set of words as if it's one word.
Does that make sense? Or is the article touting this method as a major breakthrough, when actually this pattern recognition system is already used in your field?
Are these kids being tried as minors?
If so, do they still have to disclose any felony convictions on *adult* job applications?
I'm not sure about your office, but my employer uses Microsoft Outlook and Microsoft Exchange servers. Microsoft Access can 'link' data from Microsoft Outlook data sources, and access the messages as records in a table. You can then run a query in MS Access to insert that data into another table on a proper database server, and then use any technology you like to access the data there.
If your employer doesn't use Microsoft Exchange servers, this advice won't really apply to you.
If you're a moderator and you want to ensure that people who use Microsoft products and submit Ask Slashdot questions never get useful answers, feel free to mod me down.
So you want to type in your zip code first, find out the shipping price, and THEN type in the rest of your address information?
Sometimes it depends on where you are, and where the merchant is.
Kicked in the face? I didn't ask him to shut up, I asked for an explanation and got an explanation. I requested a behavior change and got a behavior change. What more could I have wanted?
Do you think I wanted him to be wrong, or just that I wanted him to explain himself because his previous statements weren't drawing a clear picture?
That fraud protection you pay for with taxes includes the court system. The whole 'small customer versus big company's legal team' problem still applies.
You raise some good points. It has always bothered me when I've had to click 'donate' on someone's site and use a credit card, because I know credit card processing is overkill for donations.
One alternative I could use today is to write a paper check, stick the check in an envelope, and mail it. To be safe, the recipient would need to keep the funds in his account for as long as 60 days, so the recipient doesn't bounce any checks if I reverse my donation with a stop-payment later.
An online alternative to this would be nice. Keep in mind, though, payment processing systems are *expensive* to build, because they must be reliable, secure, and future-proof. If the system were mine to design, though, I would build a system where a customer must contact their bank first and authorize the sale, and then the customer could provide some kind of confirmation code to the merchant.
There seems to be a tradeoff inherent in payment processing, and this tradeoff sounds familiar: fast, cheap, good -- pick two. In this context, 'good' makes a system appropriate for retail sales, where a merchant needs reasonable assurance that the customer can't take their money back. If you don't need 'fast' then you can keep money and/or merchandise in some kind of escrow or holding account for a while.
I'm not sure why the merchant has to bear the cost of credit card processing, but it's the way the world works right now. The business case for the merchant is: accepting credit cards enables you to take money from some percentage more customers than otherwise. Depending on the industry, you may see 5% to 30% more sales as a result of accepting credit cards. If those increased sales are worth the cost of credit card processing, including for customers who could have paid by cash or check but chose to use their card anyway, then it's worthwhile to accept cards.
There has to be a way to get money from the customer's bank account. You either need the bank to set up some new micropayment system, or you need the customer to move money into some new micropayment account using existing payment channels. It might not require legislation to get banks to adopt something new, but you have to put a pretty hefty carrot on the end of a string if you want to tempt an organization the size of most banks.
That's not impossible, though. Remember how pin-based debit came about? I don't remember which one, but one large bank branch set up ATM machines all over a big city, and those ATM machines were a 'perk' of banking with that one company. So that was one way for one bank to differentiate their consumer-banking service from every other bank's consumer-banking service. It was expensive but it paid for itself.
On the other side, the problem with these stored-value micropayment systems is that to add value to your account you must use a traditional payment channel. Most of those have fraud protection, so the stored-value system needs to incur significant (pick one: cost / time lag / risk of loss) each time the customer adds value to their account. Whatever is incurred needs to be distributed evenly across all the micropayments that come out of that 'charge'.
So a nearly-free stored value system would have so many restrictions on it, it'd be nearly unusable. My design? Any money you add to the account would need to sit in a 'holding cell' for 60 days before you can actually spend it -- but at least you get to keep the interest. (Or maybe the system would keep the interest as profit, for web site costs and whatnot.) You have to add a minimum of $10 each time you add value, but no single payment to any merchant can exceed 10 cents per day.
Sucks, doesn't it? That's the problem. We're so used to having it good + fast + cheap, we won't tolerate a system that takes one of those things away from us. (Customers think it's
(Disclaimer: I work for a payment processing company, First National Merchant Solutions, so the fees you're advocating against are what keep me fed and pay my bills. I'm naturally biased toward a system that keeps me employed, but I have other interesting insights into payment processing which people outside this industry might not have.)
There's one important component of payment processing you're missing. If it weren't for this component you would be completely correct, so I'm pretty sure I've identified the part you're missing.
Sometimes things go badly, and some kind of fraud protection is needed. That fraud protection costs much more money than the account-to-account transfers you're talking about.
Suppose in one scenario, both parties to the funds transfer trust each other completely, and both sides waive any right to fraud protection. One person can put cash directly in the other's hand, or they can do a free bank transfer. Nothing complicated can happen here, so no extra effort can be expended, so no fees are needed.
In scenario two, suppose the two parties to the funds transfer have a buyer/seller relationship, and the validity of the transfer depends on material properties of that buyer/seller relationship. Think Visa/Mastercard chargeback rights (which are familiar and comfortable to me, so I prefer them as an example). If something goes wrong with the sale, the transfer of funds needs to be reversed. But who can decide if something went wrong with the sale? Who is telling the truth? Maybe the customer is claiming they never received mail-order merchandise, but they actually do have it and are lying? Maybe the customer is claiming they never received mail-order merchandise because the seller never sent it? Maybe something different happened?
Do we really want to require the buyer to take the seller to court to get their money back? (Sure, some merchants are small mom and pops, but some are the size of Gateway, the Gap, LL Bean, etc. Their purse is longer than yours or mine.)
According to my (biased) view of the world, when a merchant runs sales they must pay transaction fees. When they ask me what their fees pay for, here's what I see:
* Some fees are 'interchange' and 'assessments', which go straight to Visa/Mastercard, for their operational costs, and to the banks which issue those cards, for profit. I don't work on the card-issuing side so I don't know. I guess this goes to pay for bank profit, for those rewards points customers get, and to offset the occasional customer bankrupcy or other bank write-off when a customer doesn't pay for the charges they make.
* Some fees pay for the systems used to process those sales, both third-party systems (like Vital Processing Service, vitalps.com) and our own systems. We're a bank, so our systems follow a rigorous (and slow and expensive) development process -- but they're well-designed. We're a bank, with *vastly* greater assets at stake than those companies you see in the news for getting hacked. Those systems aren't cheap to build or maintain. Then again, you're not going to be seeing First National on the news for getting hacked. We won't be pulling a Card System Intl or a DPI Merchant Services any time soon.
* Some fees pay for risk management: if a merchant runs a bunch of fraudulent sales, and then jumps the border to Mexico before anything gets charged back, we have to cough up those funds and then try to collect from the merchant later. We need some money to offset that risk.
* Some fees pay for general company costs: tech support staff, customer service, computer guys, auditors, finance people, building rent, etc.
* Some fees pay for the transfer of funds from the processing company (us) to the merchant's own bank account. That bank transfer isn't free: the two or three days of interest generated goes toward the cost of transferring money. There's no way to say "this transfer is for credit cards, so give us part of the fee back" or "this transfer is for a ch
That's true if the value of dishonesty is infinite. In general (which this story is NOT) you're right. In specific, identity information has a finite value. You CAN pay someone enough to dissuade them from being dishonest in this specific way with this specific set of data.
On a related note, every time I've talked to someone in a call center who makes it obvious they may not be Americans living in America (like someone who asked me to spell Iowa), I asked to be transferred to someone in the USA. When they asked me why, I gave the made-up reason that "because you aren't in the USA, I can't trust you with my personal information. I am unable to sue you if you do something illegal with my information." Maybe that reason wasn't so made up after all... wow...
(That one time, with the person who needed the spelling for Iowa, I called Dell back and got someone with a thicker accent. I immediately asked where they were located, and they said southern Florida. Oops... )
(I work for a credit card processor.)
We need to be more specific. Some companies are credit card issuers -- they create the card numbers and own the bank accounts attached to those cards. Those companies end up collecting interchange and assessments (processing fees) on the sale, but then take the money back again.
Some companies (like the one I work for, and like the one in the story) are credit card processors. We don't issue cards, we process payments against those cards and deposit funds in merchants' bank accounts. We also bear financial responsibility for our merchants. If one of our merchants were to run a ton of fraudulent sales, take the money, and then flee to Mexico or something, we would be responsible for paying for the proceeds from those fraudulent sales to be returned to their customers. When a chargeback happens, we charge our merchants a chargeback handling fee, but we invest far more time and labor into processing the chargeback than what we bill.
Worse than that, if we're found to be responsible for a security problem like this, the bad press, fines, and required security audits and certifications cost much more money than would be made from processing fees.
Visa and Mastercard have this under control. They have created more than enough negative consequences for these kinds of actions that nobody would ever deliberately leak card numbers.
(Nobody ever does this, but Google for the CISP and PCI programs, with enough other search terms that you get credit-card-industry results and not PCI bus or whatever.)
11 dollars seems pretty steep, but then again I've never used eBay or PayPal. Can you break that down for us? How much was payment-processing-related, and how much was listing-and-selling related?
I could understand maybe $1.50 or $2.00 for transferring $75.00. Pure interchange and assessments on a card-not-present Visa or Mastercard sale will cost most of that amount, and the processing company needs a little overhead to cover the small fraction of transactions the processor ends up paying for.
In general, payment processing has to have a cost, because there has to be oversight and oversight costs money. The only free way to transfer money is the buyer placing cash in the hand of the seller. Everything else has people in the loop somewhere. Some kinds of payment processing even have accountability -- fraud management, chargeback rights, stop-payment rights, etc. Those investigations cost money also, and that adds to the price of a transaction.
(I work in the payment processing industry, but other than the article I don't know any more about this incident than you guys do.)
That makes me wonder: how does the security of different payment processors correlate with their processing rates and operational cost? It seems to me, as a First National employee, that our fancy well-designed computer systems, our multiple security-related departments, etc., increase our cost of doing business, so we get beat on price by a lot of other processors. We're not the cheapest processor out there.
Since I'm not an industry expert, and I don't know what everybody else charges for processing, I'm curious: for any Slashdotters who are also merchants (own a business, accept credit card payments), does this ring true? Big company, big systems and good security, higher internal cost, higher prices? Small company, smaller systems and maybe less security, lower internal cost, lower prices?
(Furthermore, why are we rewarding this behavior with a +5? Notice the pulpit-pounding? Notice how he's just repeating his "perpetual-motion" theory, never stopping to explain himself or show his work? That's not a scientist. +5 Funny I can imagine, but this guy's being serious. I tried to help him.)