I hear in the old days of credit fraud, physical lists of bad-account numbers were send out in the mail, merchants had to review each transaction manually or risk being taken.
I suppose the pressure of having one-time-use card numbers is a legacy/comparability problem, the amount of carbon paper imprints being used today is still fairly high. One-time-use numbers would probably be fairly tricky to implement also, to avoid duplicates while still affording hard to sequence/predict series. On 2/9/2011 1:43 PM, dave wrote: > So the other thing that became obvious is that we are completely wasting our > time > having law enforcement track down people who steal credit cards numbers. > There's no > reason a credit card number should be valid for anything but a single > transaction, > but the banks for some reason don't want to redo their systems. > > So instead, the US Govt subsidizes them and spends all their time hunting > down the > thousands of people involved in credit card theft, which accomplishes exactly > nothing. Honestly, they have better things to do, imo. > > For every "BadB" caught, five more are in line to do exactly the same thing. > Meanwhile, the number of days a credit card can be in use before it gets > compromised > by a hacker is approximately one. What's wrong with this picture? > > -dave > > > Dave Aitel wrote: >> So I was at a meeting last week, and one of the high ranking members >> said something like this, which I'm sure you've heard before: > >> Member: We've improved our communications by setting up this great >> website! It allows us to communicate all our super-important and >> highly confidential information. We had a marketing team put it >> together so it looks really professional and nice and is easy to use. >> We think this will really help our mission. Oh, and we had a friend of >> a friend do a quick free security scan for us, so it's secure too. > >> So here's my simple and 100% accurate metric: If you spent more on >> your GUI than on your security, you don't have a secure application. >> Start preparing for the PR fallout of your website getting hacked now. > > >> -dave >> _______________________________________________ >> Dailydave mailing list >> [email protected] >> https://lists.immunityinc.com/mailman/listinfo/dailydave > > _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
