Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy The Internet

Online Trust Failing Overall 197

twitter writes "The BBC and ZDNet are reporting on an RSA poll of 1,000 users about failing confidence in ecommerce. 43% of respondents were reluctant to give details to online sites and 70% said that firms were not doing enough to keep their data secure. The BBC goes on to quote experts who back up the perception, ZDNet claims that action is being taken and is well."
This discussion has been archived. No new comments can be posted.

Online Trust Failing Overall

Comments Filter:
  • by WVDominick ( 860381 ) on Friday February 25, 2005 @03:02PM (#11780795) Homepage
    ZDNET is well?
  • I dont mind (Score:3, Funny)

    by Anonymous Coward on Friday February 25, 2005 @03:02PM (#11780798)
    I was born in 1984, a body builder making over 250k a year. Female and my occupation is the fist item in the drop down list. Whats the problem you guys have?
    • by bradkittenbrink ( 608877 ) on Friday February 25, 2005 @03:05PM (#11780822) Homepage Journal
      Female and my occupation is the fist...

      I stopped reading right there, start over please?

    • Female and my occupation is the fist item in the drop down list.

      So... you're "Flat"? Perhaps "-1: 40 comments"? Or would you rather be "Oldest Fist"?
      • > > Female and my occupation is the fist item in the drop down list.
        >
        >So... you're "Flat"? Perhaps "-1: 40 comments"? Or would you rather be "Oldest Fist"?

        I was going to pay homage to Hunter S. Thompson by writing an article on the fist post phenomenon. I started with a Google Image Search for "gonzo fist".

        Heh. Not quite what I was expecting. But it'll do.

    • by ggvaidya ( 747058 )
      nt
  • Sheesh... (Score:5, Insightful)

    by 14erCleaner ( 745600 ) <FourteenerCleaner@yahoo.com> on Friday February 25, 2005 @03:03PM (#11780801) Homepage Journal
    Most people who distrust internet commerce will gladly hand their credit card over to minimum-wage waiters, who disappear into the back room of the restaurant with it for ten minutes. It's all a matter of image and perception.
    • Re:Sheesh... (Score:4, Insightful)

      by Tony Hoyle ( 11698 ) <tmh@nodomain.org> on Friday February 25, 2005 @03:05PM (#11780824) Homepage
      In any good restaraunt this does not happen. You are invited to follow the waiter to the till whereupon he swipes the card and invites you to sign for it.

      I'm not sure I'd want to eat at a place where the waiters were allowed to disappear with credit cards for several minutes - they should be in view at all times.
      • Re:Sheesh... (Score:3, Informative)

        by donnyspi ( 701349 )
        In most restaurants, even nice 4 and 5 star ones, they disappear with your CC. I have never seen people get up after putting their CC in the black leather folder thingy and follow the waiter to the register. I'm sure you are legally allowed to, but never really invited to.
      • In any good restaraunt this does not happen. You are invited to follow the waiter to the till whereupon he swipes the card and invites you to sign for it.

        I've never seen this, and I've eaten at some very expensive places. What restaurants have you been to that do this?

        At any rate, I can see this being a benefit to the customer. Not only can they verify that the waiter isn't going to copy down the number or scan the front and back of your credit card (even though it's still possible to write down the in
    • Re:Sheesh... (Score:5, Insightful)

      by BitwiseX ( 300405 ) on Friday February 25, 2005 @03:09PM (#11780864)
      You beat me to this one. I would GLADLY use my CC over the internet before I would give it to a waiter, cashier, etc. There is little or no difference. Do you have any idea of knowing what happens to those CC slips your local Mom & Pop restaurant process daily? About as much as you have of knowing what happens to your CC# once you buy something at amazon.com. Why all the paranoia? 6 of 1, half a dozen of the other. Put your faith in your CC company and their fraud prevention.
      • Put your faith in your CC company and their fraud prevention

        I think we shouldn't, or at least, I don't want to.

        There should be a method of paying that was time-sensitive, say a two-level authentication method that consisted of a PIN and a randomly generated number that changed with time that could only be authenticated by you and your CC company... just like we do with some sensitive computer passwords (and I'd say that Credit Cards ARE a sensitive password for the users). It could one-transaction only
        • Sounds like that would serve the same purpose as Citibank's "virtual credit card number" service; for an online transaction, it'll generate a one-time-only CC number with a user-specified transaction limit so that the Other Side (or whoever's listening) can't use it again or for more money than you're inclined to authorize.
          • Citibank's "virtual credit card number" service; for an online transaction, it'll generate a one-time-only CC number

            AMEX used to have that, and they dropped the program (don't know why). Bummer.
            • MBNA has that as well. I have used for a number of sites that want to hit you for reoccuring monthly fees. Now I don't need to remember to go back and cancel. If you must know, the last time was transgaming. I'm sick and tired of paying $60 a year for them to not work on any game I want working.
      • Re:Sheesh... (Score:5, Insightful)

        by nacturation ( 646836 ) <nacturation&gmail,com> on Friday February 25, 2005 @03:29PM (#11781037) Journal
        You beat me to this one. I would GLADLY use my CC over the internet before I would give it to a waiter, cashier, etc.

        Same here. I think for most people, though, it's really just a fear of the unknown. Their credit card gets whisked off to some magical technological storage and they can't see what's happening. Even though they don't understand what really happens, their concerns are somewhat justified. There's a different scale of fraud possible when your credit card number gets stored in an online database vs. a waiter writing down the number.

        In the case of a waiter, barring organized crime rings, your card might get used to order a couple of items and that's about it. With an online database, if that site gets hacked your number is now likely circulating amongst various hacker groups and could easily be used to rack up a lot of charges.

        However, in either case your remedy is the same. Contact your credit card issuer, dispute the charges, then they go after the merchants who have to prove that a transaction was made by the owner. If they haven't swiped your card through their terminal and obtained your signature, then the merchant loses that money. Unfortunately, it's always the merchants who take the largest risk in accepting credit card payments.
    • Re:Sheesh... (Score:5, Insightful)

      by ArmchairGenius ( 859830 ) on Friday February 25, 2005 @03:12PM (#11780891) Homepage
      Very good point. The credit card companies are responsible for fraud, so while I obviously am careful about who I give my CC info to, I am not all that worried about it being on some company's database out there in cyberspace.

      Everyone should look at their monthly bills and notify the CC company of any erroneous/fraudulent charges. Then the CC company can take that up with the vendor that made the charge. It's the beauty of using a credit card.

    • Re:Sheesh... (Score:3, Informative)

      by gambit3 ( 463693 )
      I agree. I also think of all those times people give their SSN to work-study college students because that's what the university uses as ID. I know some of that is changing, but in some places it is still widely in use.

      Like the parent poster said.. it's all a matter of perception.
    • You're right. On a related note, the better Web interfaces can also ensure trust. This trust, I believe, is often false; unfortunately, as a general rule, card numbers that are being "remembered" by the transaction server are being "remembered" insecurely. Although Verisign would have you believe otherwise, the transaction information must be decrypted at some point. In this case, the chain really is only as strong as its weakest link.
    • yep, you're on the money.


      The rules and regulations an IPSP has to put up with border on the draconian, whereas a department store has as much or more vulnerable information lying around and don't even have minimum oversight.


      It's interesting to see VISA and Mastercard do everything they can to push responsibility away from themselves whereas they are the *only* party that has the information to stop online fraud in its tracks.

    • Re:Sheesh... (Score:5, Insightful)

      by nine-times ( 778537 ) <nine.times@gmail.com> on Friday February 25, 2005 @03:44PM (#11781161) Homepage
      I can think of one difference: I know that the restaurant I'm in is the restaurant I mean to be in. As far as I know, there hasn't been much reason to worry about "fake" restaurants that take your credit card numbers and then don't bring you food, and when you call the authorities, the storefront evaporates. I guess someone could try a scam like that, but I haven't heard of it being much of a problem.

      But web pages? Most people can't really tell the difference between a real store's site and a fake page designed to look like a real store's site. Plus the ettiquite of net behavior isn't as firmly set in people's mind. If the waiter from the restaurant shows up on your doorstep saying, "Ummm.... yeah, I'm gonna need your credit card for a few more minutes, for the restaurant, I mean," you'd know it was fishy. But a convincing-looking e-mail claiming to be from ebay, people don't know the difference between that and a real e-mail from ebay.

      • Re:Sheesh... (Score:2, Insightful)

        by rbanffy ( 584143 )
        I was discussing this with my mother yesterday. She doesn't trust computers to the measure she goes to the bank to pay her bills and is horrified that I pay almost all my bills without leaving my chair (Brazil has an excellent banking system, with all banks connected to each other since early 70s and able to conduct to-the-minute money tranfers very easily). To her, my advice was "know the tools you are using". If you have no idea of what a post card looks like or how it works, you may think that a secret w
    • Re:Sheesh... (Score:2, Insightful)

      by Seumas ( 6865 )
      Who are these idiots that are being ripped off? I just don't get it. They are basing their belief on nothing but fear-mongering media reports. I do tens of thousands of dollars of business online every year - from groceries and paying bills to buying computer equipment, sending flowers and making donations.

      I have never been ripped off in any way whatsoever and the few times I've had problems with a party, VISA has been quick to handle it for me.

      Yeah, if you buy stuff on an auction site from a guy in Norwa
    • Asking us whether we're "wary" of doing something isn't the whole story.

      I'd say I'm "wary" of giving a clerk personal information in a store checkout line -- but in order to get an occasional break on dog food, I've given a local store some address info. (Hey, she's a Newfie, she eats her share of food.) Lots of retail stores are collecting this type of information now, as part of their loyalty card programs partly.

      If Web sites are vulnerable and could have their database compromised, so is the pet stor

  • by hsmith ( 818216 ) on Friday February 25, 2005 @03:05PM (#11780825)
    or not taking the security concerns seriously. If you are saving peoples Social Security Numbers and CC Numbers then you should be encrypting that data. Venture to guess how many places actually encrypt that in a database?

    But then again i would say most larger places do take these steps. More often than not I won't buy from somewhere I am unsure of or if they are not in the http://www.bbb.org/ [bbb.org]. Plus, how many people know how to always use SSL when sending sensitive stuff? I would venture my grandparents and mother have no idea.

    On a side not to the last statement, i would like to say, office depot does NOT use SSL for their secure communications when you order something from in store.
    • About SSL: when was the last time you heard of somebody's credit-card info being abused by a bad guy who intercepted it in transmission?

      The real problems tend to be mass loss of data from insecure servers, and I'll bet most of them are inside jobs. The Internet isn't really much different than the real world, just more spread out and anonymous.

      I'm personally more worried about somebody tapping into my saving and investment accounts than my credit-card transactions anyway. I try not to have any of tho

    • Indeed (Score:3, Insightful)

      When knowing a number is sufficient to use it (credit cards, SSN), security is impossible.

      It is a fact of life that your important numbers hang around indeffinitely in various databases. Unless more than a number is required to use them, it will become impossible to maintain your identity.
    • by EnronHaliburton2004 ( 815366 ) on Friday February 25, 2005 @03:30PM (#11781046) Homepage Journal
      or not taking the security concerns seriously.

      In my experience during the last few dark years of the dotcom bust, too many of the people responsible for security were canned. I had to quit my last job after 6 months because my suggestions on security -- Simple things such as "Don't use Telnet. Use SSH." and "You really shouldn't 'chmod -R 777' everything", were seen as a barrier to progress.

      I speak to too many technical managers who don't understand why opening non-anonymous FTP is a bad thing, when everything else is done over SSH or a secure VPN connection. When I discuss SFTP, they scratch their head and drool a little bit, and it's clear they don't understand the threat of cleartext passwords ...

      Scary...
    • Venture to guess how many places actually encrypt that in a database?

      And of the places that do encrypt your data in the database, how many of those store the decryption key on the same machine? +5 hack bonus if they use symmetric encryption. Unless they encrypt the info with a public key, then transmit the data to another hardened, not publicly accessible server which decrypts it with the private key and processes the transaction, what good is it?
  • Not just online (Score:3, Interesting)

    by Turn-X Alphonse ( 789240 ) on Friday February 25, 2005 @03:07PM (#11780842) Journal
    I think society as a whole doesn't trust any companies any more. Everyone is so sick of the Government screwing them over and companies ignoring the laws these Governments got paid (by other companies usually) to put in place. Lets face it, I don't trust anyone I can't blackmail or back stab and get back whatever I've give them. The world has become like that and it's getting worse and worse.
    • Lets face it, I don't trust anyone I can't blackmail or back stab and get back whatever I've give them.

      "Thank you, thank you very much. As I accept this award tonight, I'd just like to say that I am only as good as all the people I stepped on to get where I am today. Thank you!"

    • This country must have gone down the drain if cynics like you are moderated "+4 Insightful".

      If friendship or loyalty are not real to you in any tangible form, one day you may realize that you have nothing left to go on for, hence, you will not.

      Get out into the world. Do a bit of community service, create LTSP installations out there, build stuff that people can use and along with the stuff you build, you will build bonds and friendships that will last you a lifetime.

      You appear to be the epitome of capita
  • by Anonymous Coward on Friday February 25, 2005 @03:08PM (#11780850)
    I just got a really nice email from a DR. VICENTE A. SOUSA from the DEPARTMENT OF OIL & DOWNSTREAM SECTOR in ANGOLA.

    Very polite, humble (he even SAYS so) and ... you know, the email was really long with all sorts of details (kind of like those agreements when you put a CD in the computer) so I just said yes because it's supposed to be easy money. :)
  • by ArbitraryConstant ( 763964 ) on Friday February 25, 2005 @03:08PM (#11780851) Homepage
    While I'm somewhat surprised the average user pays attention to such things, I'm not surprised trust is failing in light of recent large scale compromises.

    Until the industry as a whole adopts a strategy of preventing compromises, this is not going to improve. Most companies would rather pay a PR guy to fix their image after the fact than a security consultant to keep it from happening in the first place. That's certainly not how I want my information taken care of.
    • The whole ChoicePoint shebang has been mentiond in both mainstream newspapers (the NYT, for instance) and television news programs (e.g. NBC mentioned it IIRC). Very high-profile mess. I understand their share price has even dropped something like 9% over this.

      It wouldn't surprise me much if the compromise of Ms. Hilton's phone book, etc were also widely known at this point; it's only been joked about on late-night for instance...
    • I disagree. The problem isn't online commerce; it's commerce in general. "Online" is a scapegoat. The industry has already lost your information. It's been gone for years. Commerce in general doesn't work, because it depends on information that everyone ought to know by now is not secret.

      I don't worry about online banking or shopping per se. I worry that someone can walk into a bank, say they're me, and buy a house with my credit rating. I worry that someone can order a plasma TV over the phone with my cred

    • The big compromises haven't actually had anything to do with consumer online commerce. If you want to be safe, avoid having a credit rating or any income. Also, don't have a cell phone. But not much bad can happen if you use your credit card online (aside from the risk in having a credit card in the first place). Of course, the average user has no idea what the news is actually about, and probably doesn't understand what the survey questions actually are asking, either.
  • Change? (Score:2, Insightful)

    by Bender0x7D1 ( 536254 )
    From the article: "This survey demonstrates that awareness and action are replacing fear," Robert Holleyman, BSA's chief executive, said in a statement.

    How is awareness and action replacing fear when people are afraid to shop/bank online but don't handle their passwords any differently?

    Oh, wait... It was an executive who made the statement so all meanings should be reversed.
  • by TripMaster Monkey ( 862126 ) on Friday February 25, 2005 @03:11PM (#11780879)
    Some [users] resort to using the same one for all their online accounts. Those who use several passwords often write them down and hide them in a desk or in a document on their computer.

    Dear God, ain't this the truth??? I'm a network admin at a large company (please don't ask which), and the password situation here would be laughable if it weren't so sad. I ran LC5 on our hash file here, and was shocked and dismayed at the number of passwords cracked within 10 seconds. I'm constantly finding passwords on sticky notes on monitors and under keyboards, and many users haven't even bothered to change the default Lotus password ('password') to something else! >:(

    Last year, a street survey found that more than 70% of people would reveal their password for a bar of chocolate.

    That seems to be about the right figure for users in my company.

    • You know what this means.

      Users need to stop blaming companies and start doing what THEY should do to protect THEIR own data. Security is a process, not a product and it includes securing someone's computer too. I bet the majority of cc thefts are from a virus/trojan not because someone played MitM with the user over TLS/SSL or hacked the bank.

      The users are mostly not aware of this, they need to be educated. Sadly windows makes people believe there are no knowledge required to use a computer and thats
    • Ya the LC thing is always enlightening. Where I used to work when we ran it it found 50% of the passwords instantly, as in not even trying a dictonary attack, just things like variations on usernames and so on that it always try. It was up to about 90% after the dictonary attack, and had all but three with the dictonary + varations.

      Fortunately, the passwords didn't really get you in to much other than the computers, however it was still a sad situtation, and not one the management had any intrest in rectif
    • Last year, a street survey found that more than 70% of people would reveal their password for a bar of chocolate


      Yeah, but the chocolate was delicious!
    • I'm constantly finding passwords on sticky notes on monitors and under keyboards

      You'd be surprised how little difference that makes to security. It's about three minutes worth. Somebody who's sweet-talked his way past your physical security can boot from CD and own the machine in three minutes, install a hardware keylogger in less than thirty seconds, or read a sticky note while walking by. Hiding the password, then, gains you at most a few minutes of intrusion resistance unless you've taken a lot of oth

    • That's because changing a Lotus Notes password is like a 10-step process and, under some circumstances, will make your stored ID files useless.

      Lotus Notes is a crappy piece of software. That's all there is to it.
    • I used to work for a company that required everyone to use the same, default password. I changed mine one day and got a visit from my supervisor a few days later asking why I'd changed it, and an order to change it back. Needless to say, I found another job quick.
  • by dauthur ( 828910 )
    I think the mistrust comes from people who never receive their Free Vi.a.gra Cheep! in the mail. It's such a shame, that M.ale_Enhanc3ment_P1ll sounded good to me.
  • by 14erCleaner ( 745600 ) <FourteenerCleaner@yahoo.com> on Friday February 25, 2005 @03:12PM (#11780898) Homepage Journal
    I recently heard that 50% of identity theft is done by somebody who knows the victim.

    Kind of like the great majority of child kidnappings involve a non-custodial parent. But that's not a scary enough story to draw viewers, so doesn't get reported much.

    (at this point the child-kidnapping activists will rise up and smite me with their negative mod-point hammers, I'm sure. :)

  • by javaxman ( 705658 ) on Friday February 25, 2005 @03:13PM (#11780913) Journal
    Plenty of folks distrust most any business, and often with good reason. I'd link to recent examples of businesses not taking proper care of customer data, or otherwise breaking trust and committing fraud, both online and off ( ChoicePoint certainly comes to mind, as does T-Mobile... then there's Enron, WorldCom, Tyco... ), but the instances are almost too many to list.

    If businesses want people's trust, they need to earn it.

    Should online businesses be trusted ?

    I myself give out accurate personal data only when I really, really have to, and even then am pretty picky about the companies I work with - both online and offline. If confidence has declined, maybe people are learning...

  • ...as long as Claria says it's okay.
  • Proxy CC# (Score:5, Interesting)

    by donnyspi ( 701349 ) <junk5 AT donnyspi DOT com> on Friday February 25, 2005 @03:14PM (#11780920) Homepage
    I like using MBNA bank's credit card number proxy feature whereby you create a onetime use CC# with a limited spending limit to give out online. It's a great feature for paying at Sam's Shady Online Store with a CC# that has a $30 limit and expires in a month.
    • In fairness to other CC companies out there, MBNA is not the only company who does this. Regardless of who your CC company is, check out their website (make sure you get the URL off your statement - don't just blindly type it in or Google for it!) to see if your company offers this service.

    • Re:Proxy CC# (Score:3, Informative)

      MBNA, Citi and Discover all use the same platform, it is provided by Orbiscom [orbiscom.com]. I think there are probably some other banks too, those are just the big ones I know of. Oddly enough American Express used to have a similar program and cancelled it.

      I've been using the MBNA version for many years and hundreds of transaction, and have not had a single fraudulent charge since I started. If they would come up with a version that let me use it at brick & mortar stores, with real plastic, I would be ecstatic.
  • by imrec ( 461877 ) on Friday February 25, 2005 @03:14PM (#11780922) Homepage
    I TOTALLY know! I saw a video of this girl who had confidence that this guy WASN'T going to do this thing to her... AND HE DID! I was like, "I SO don't have confidence in the net anymore!" ...I'm sorry, I don't know where that came from. It must be time to go home...
  • ...As I'm currently working on three sites that have a variety of eCommerce worked into them. One is linking to a ridiculous third party all-in-one shopping cart package the client repeatedly insisted on using. I'm having the damndest time trying to ensure that everything is secure and that items being paid for are being flagged properly when they are fully paid for. Because of the hopping back and forth from our server to theirs I'm using browser cookies and I'm not fond of it at all.

    I have to ask how do
  • It's not just the scammers and phishers and 419 letters. The basic infrastructure for most people is their precious box, and that is falling apart.

    Look: if one of my PCs gets a problem, I start to get sympathetic symptoms. If my notebook crashes, I get really ill too. When it's fixed, I feel much better.

    I run Linux, we all do in this company, but people who run Windows are contaminated from something akin to a epidemic of the plague.

    It's not surprising they are reluctant to trust much else.
  • Online trust (Score:2, Insightful)

    by vurg ( 639307 )
    I lost my online trust when I fell victim to a particular .cx site.
  • by PHAEDRU5 ( 213667 ) <instascreed@gm[ ].com ['ail' in gap]> on Friday February 25, 2005 @03:21PM (#11780965) Homepage
    Here in GA we have ChoicePoint, a company which recently allowed a criminal gang to make off with something like half-a-million IDs.

    Only people in California were notified of the leak, because CA has a law requiring notification. Everyone else is going to have to wait 'til their identity gets stolen.

    The GA legislature is taking up a bill to require notification of GA residents when their personal information is stolen or accidentally leaked.

    Part of the problem, IMHO, is that companies won't tell you when they've shared your information with a non-trusted third party. So, a good first step would be voluntary disclosure.
  • by /Wegge ( 2960 ) <awegge@gmail.com> on Friday February 25, 2005 @03:23PM (#11780987) Homepage
    In Denmark we have very good consumer protection on online trades. Whenever the card holder challenges a withdrawal, the issuing bank shall reverse the transfer immediatly. Afterwards, the burden of proof for actual goods delivery lies with the bank. The banks of course passes the burden on to the online merchants, so we have very few fradulent online traders here in denmark.

    I'm not sure how it works for foreign trades, but as the banks must make the refund, no matter what, the general confidence in denmark is pretty high.

    • Yeah... and by comparison, you also have almost no e-commerce.

    • As an ecommerce merchant, it is true here as well that chargebacks take place before the merchant can defend itself. Only after the chargeback takes place and the money is taken out of the merchant's account can the merchant make a rebuttal.
      This has happenned a couple times to me in the last month as the item and service was delivered but the client didn't recognize our doing business as name.
      The real problem is companies like choicepoint cant take care of their business and the entire ecommerce world is
  • by popo ( 107611 ) on Friday February 25, 2005 @03:30PM (#11781044) Homepage

    The problem is that Credit Card companies, banks and anyone else whose revenue is generated by transaction volume have a vested interest in making transactions easier and more frequent.

    As big a problem as fraud is, the reality is that there is far more to be gained from lowering barriers to credit card use than there are to raising barriers. The other sad corrolary is that the real losers when it comes to fraud are the consumers.

    We have voluntarily traded security for convenience. Now it seems we want our cake too.

    • The only problem with your whining is that credit card fraud is many times more likely to happen when you use your credit card in a brick-n-mortar store, face to face, than when you use it online. And if the number is stolen, the amount fraudulently charged to it will be several times as much.

      This isn't news, or especially obscure. While online credit card fraud may be the "fastest growing category," it's still minor compared to disgruntled cashiers who copy down details on the sly.

      • Uh... next time you call someone a whiner, try reading their post first.

        My post was titled "The Problem isn't the Internet", and I pointed the finger at credit cards and gateways in general.

        Your post on the other hand was redundant and didn't even make sense as response to mine. Go away.
    • Well said.

      The longstanding pattern of providing easy credit predates the Internet. It has led to practices that are insecure by the most rudimentary standards. And yet, it has certainly been profitable for the providers.

      Between the transaction fees charged to the merchants, and the interest collected on credit, revenues for the providers have been greater than losses due to fraud.

      You would think that all parties would benefit from better security, but evidently the providers don't see it that way.

  • 43% of respondents were reluctant to give details to online sites
    Apparently filling out a survey about online security doesn't qualify. Perhaps, 57% of respondents don't mind giving info and the other 43% give it anyway.
  • As someone who works exclusively with e-commerce support and has seen a number of clients' store data, the situation generally ranges from frustratingly bad to comic ineptitude.

    Was troubleshooting a client's osCommerce [oscommerce.com] store to see if we could encrypt and decrypt credit card numbers and return them securely. OSC has a MySQL backend, so to make this a bit easier, I suggested he install phpMyAdmin.

    "Oh, don't worry," he said, "we've already got it installed at www.mywebsite.com/phpMyAdmin."

    When I went to th

  • Is go to netcraft.com and check "What's that site running?..." - If it's running Microsoft anything, then I skip the online credit card and call in the purchase.
  • I can't give out any of my documents, but Google for Visa CISP [google.com]. Requirements are different (less or more strict, compliance required sooner versus later) for different sizes and types of merchants, but Visa is going to start requiring stricter security measures, and backing that requirement up with fines for noncompliance.

    This is a Big Hairy Deal for merchant processors (like the company I work for), who provide credit card acceptance services for merchants.
  • I don't think it's the fear of insecure data transmission that keeps people from buying online, it's wondering whether they'll ever get anything back in return. This is particularly true for small operations out there. They just don't damand the same confidence as Amazon.com and other mega e-retailers.

    However, I've never had a problem with not recieving product I've paid for. In practically every instance, I've been more than happy with my purchase.
  • I know a team that's studying trust and loyalty interests in online commerce circumstances (i.e. eBay, company stores, etc.). I'm posting this in case anybody's interested in such matters.

    http://www.eloyalty.ca/

"I'm a mean green mother from outer space" -- Audrey II, The Little Shop of Horrors

Working...