On Mon, Sep 24, 2007 at 02:56:57PM +0100, Thomas Bridge wrote:
> And the risk is not with you putting it on paper, but giving it to
> people who don't handle the security very well.
... such as those who use fax :-)
> > Yes, and any business which asks for a fax plainly isn't thinking about
> > it, they're not trying to protect customers - only themselves. The
>> There is no "huge increased risk" - there is an increased risk, but
> I'm objecting to the use of the adjective "huge". Risks with Credit
> Cards are elsewhere.
There are plenty of risks all-round, but I do think physical copies are
a huge risk, mainly to opportunists.
> Hmmm - lets see. Nice printed fax, stored in a folder somewhere in
> the archives of the vendor, requiring *physical* access to the
Or in a big-bag, who knows?
> As opposed to stored on a database which is accessible over the
> internet. Or a laptop which gets nicked - which has happened a
> couple of times in the UK recently.
Sure, but the problem with faxes - is that the risk is in addition to
the above, it's not like the people who want faxes from you don't also
make you fill in a webform to make their lives easier. So the risk
is only additive, again - only for their benefit - not yours.
> Are you really trying to make the argument that an internet connected
> server is more secure than an office filing cabinet?
No, but I don't accept that the fax will end up in a filing cabinet so
reliably or quickly.
> If I had a database of several thousand stolen card numbers, I
> wouldn't care for credit limits - I'd just keep trying numbers.
But that's not really my worry - my worry is a rogue employee, or bin
collector scanning through the fax images and picking the ones which
look the most lucrative ot them.
> > > Such as ringing up the vendor and giving the details over an
> > > "insecure" line?
>> > Well, no .. such as faxing it.
>> None of the objections you raised regarding the fax don't apply to the
> voice call.
I did say I try to avoid giving it over voice.
Colm MacCárthaigh Public Key: colm+pgp at stdlib.net
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!