Idea off the top of my head - please tell me why it won't work.
Could we parse all form submissions over unencrypted channels and put up an alert ("You _really_ don't want to do this!") if any of the fields was a sixteen-digit number which passed the credit-card-number checksum algorithm?
OK, so some places have four boxes for four digits each, but with clever coding, we might be able to catch that version too.
Gerv
for details an what goes into each companies card numbers, just contact the companies.
most e-commerce, from the business end, is through third party site.
the banks have a contract with at least one company that handles all online transactions for thier business customers. transactions such as processing your credit card data when you buy something from the company.
you could go through the banks to get thier online group, then talk to them about what they want as input, so that the browser can be secured to make the risks lower for both sides of the transaction.
( Canadian system different than US system, different from european system.... )
each payment agency has different layouts, so that is where layouts are controlled, not the site end.
e-commerce sites have to use the processing companie's format, which really has nothing to do with the card type, or length of card number
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
