>>>How do you know their certificate hasn't been stolen, and they haven't even
>figured it out yet?  How do you know they were trustworthy people in the
>first place?<<
>Why do you ASSUME that they're NOT trustworthy people?  Do you go through 
>your entire life in that shell?

Everybody gets a limited amount of trust extended to them, for "free"

That amount is NOWHERE NEAR the trust where I hand them my credit card

Do you hand your credit-card to random people in the street?

With a brick-and-mortar retail establishment, I can tell a lot from
location, size, even the "look" of the store -- I also know, right off the
bat, that they've invested a *TON* of money and won't be able to make it
back in a short-time con.

With a web-site, I can tell:
They paid $119 to somebody for the CA.
They paid $20/month or so to somebody else.
They maybe paid somebody to design/build the site, or a turn-key system,

That really doesn't tell me a whole lot.

I don't know:

They aren't storing my credit card number in their database "just
temporarily" while we process it.
[I've had to fix this error a couple times myself, and I hate doing shopping
carts.  Too boring.  I quit doing them.  I can't imagine how many times a
shopping cart "regular" has walked into this situation.]

They aren't using a badly-designed system where my CC# appears in "ps
auxwwww" output.

They aren't using a badly-designed system where the CC# is stored on the
disk during processing.
[Hint -- Last I checked, Linkpoint's PHP interface did this.  Guess what
happens when you get a network time out or the script fails for some reason?
 Your CC# is left hanging around in that file.  Sure, if the instructions
were followed, only root can read it...  If the server hasn't been hacked. 
If, if, if...]

The scripts that process my CC # have correct permissions, and are
accessible only to one, okay, *two* people to avoid somebody inserting a

The list of failure points is endless, and I *STILL* don't even trust that
randomsite.com has had any kind of background check carried out by the
people issuing Certifcates.  Jeez, people -- We're talking one of the major
players is MICROSOFT!  Do you trust them with Security?!

I've seen too many bad home-brew shopping carts to have any faith in them. 
I still shop on-line, but rely on the fact that I can only get dinged for
$50, and we'll all be paying even higher interest rates next year.  I have
no trust that my CC# isn't being exposed.

>>>The more I think about this, the more I agree with people who just won't do
>eCommerce at all...<<

Hey, I'm not saying I don't shop on-line.  I'm saying I have no faith that I
won't be calling up the credit card company and canceling the stolen account
much faster than at a traditional store.

I have no faith that the e-theft of credit cards won't raise my interest

The CC companies have already proven that they will accept an inordinately
high level of theft and just pass on the cost to consumers.  What do they
care what your interest rates are?

Like Music?  http://l-i-e.com/artists.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to