On 25/09/2007, Colm MacCarthaigh <colm at stdlib.net> wrote:
> > As opposed to stored on a database which is accessible over the
> > internet. Or a laptop which gets nicked - which has happened a
> > couple of times in the UK recently.
> Sure, but the problem with faxes - is that the risk is in addition to
> the above, it's not like the people who want faxes from you don't also
> make you fill in a webform to make their lives easier. So the risk
> is only additive, again - only for their benefit - not yours.
The original point was made with reference to joker.com - I presume
they would have reasonable security procedures and that the additive
risk from faxing the imprint of the card is insignificant. I
certainly don't see a basis for huge.
(FWIW, I don't use joker.com and policies like the above are unlikely
to get me to budge from Melbourne IT).
> > Are you really trying to make the argument that an internet connected
> > server is more secure than an office filing cabinet?
> No, but I don't accept that the fax will end up in a filing cabinet so
> reliably or quickly.
The fax has to be filed somewhere so they can find it again if need be.
> > If I had a database of several thousand stolen card numbers, I
> > wouldn't care for credit limits - I'd just keep trying numbers.
> But that's not really my worry - my worry is a rogue employee, or bin
> collector scanning through the fax images and picking the ones which
> look the most lucrative ot them.
Which is still a risk with the details being held on a database.
I've worked in environments where they had Credit Card numbers, names,
addresses and expiry dates all stored on the same sheet of paper, and
also stored in an database or spreadsheet on the network.
Burning the paper copies wouldn't have given you any extra security.
In fact, they were harder to get hold of.
> > > > Such as ringing up the vendor and giving the details over an
> > > > "insecure" line?
> > > Well, no .. such as faxing it.
> > None of the objections you raised regarding the fax don't apply to the
> > voice call.
> I did say I try to avoid giving it over voice.
So why pick the point?
You do realise that in the days before the Internet plenty of people
sent their CC details through the post *with signature* or used them
over the phone?
You seem to be asserting that the modern encrypted methods are somehow
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!