Date: Thu, 6 Oct 1994 05:26:03 -1000 From: irving@sys.toronto.edu (Irving Reid) Message-Id: <1994Oct6.112601.23080@jarvis.cs.toronto.edu> Organization: Computer Science, University of Toronto Subject: WARNING! DO NOT SEND CREDIT CARD NUMBERS IN EMAIL Electronic mail is NOT secure. Sending a credit card number in email is writing it on the outside of the envelope when you mail order - anyone who's looking can read it as it goes by. bugjon@aol.com (BUGJON) writes: >The rec.kites pins should be ready to ship in approximately 4 weeks. >We are accepting orders by E-mail ONLY. Payment can be made by: VISA, >Mastercard, Discover Card, or personal check. The cost is US$4 per pin >plus shipping. You really should re-think this policy. Maybe you can take faxes and paper mail, as long as they include an email address for confirmation. I've been on the net a very long time, and this is the first time I've ever posted a subject line in all capital letters. This is serious. - irving - = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Date: Thu, 6 Oct 1994 08:59:53 -1000 From: zpmobley@trident.tec.sc.us (CHAMP) Message-Id: <371hf9$lu@ns.sunbelt.net> Organization: Trident Technical College Subject: Re: WARNING! DO NOT SEND CREDIT CARD NUMBERS IN EMAIL I would never consider emailing my credit card number, and agree with Irving totally....I myself would like the pin, but not enough to risk my credit with some lurking cyberthief, and you can rest assured they're out there. ________________________________________________________________________________ Thomas C. Mobley "The above well reasoned and insightful opinion Trident Technical College is my own, and is not the opinion of Trident POB 118067 Technical College. Anyone who says different is Charleston SC 2943-8067 itching for a fight." ZPMOBLEY@TRIDENT.TEC.SC.US = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Date: Thu, 6 Oct 1994 10:10:18 -1000 From: jburka@Glue.umd.edu (Jeffrey C. Burka) Message-Id: <371lja$qo@geog40.umd.edu> Organization: Project Glue, University of Maryland, College Park Subject: Re: WARNING! DO NOT SEND CREDIT CARD NUMBERS IN EMAIL In article <371hf9$lu@ns.sunbelt.net>, CHAMP wrote: >I would never consider emailing my credit card number, and agree with Irving >totally....I myself would like the pin, but not enough to risk my credit with >some lurking cyberthief, and you can rest assured they're out there. And here's a third voice suggesting against the inclusion of a credit card number in a piece of e-mail. It's certainly not Jon's fault that he suggested it; it's just not a good idea. Fortunately, Jon *did* say that he would be happy to take checks as long as we e-mail him an order in advance. There's no need to risk your card number... I've already ordered my pins (and dropped the check in the mail...) Jeff -- |Jeffrey C. Burka | Pithy, insightful quote to be inserted | | | when one occurs to me. *If* one occurs | |jeffy@glue.umd.edu | to me. | = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Date: Fri, 7 Oct 1994 08:59:46 -1000 From: infinite@io.com (Gregory Cohen) Message-Id: Organization: Infinite Illusions Juggling Supplies Subject: Re: WARNING! DO NOT SEND CREDIT CARD NUMBERS IN EMAIL In article <371hf9$lu@ns.sunbelt.net> wrote: > > I would never consider emailing my credit card number, and agree with Irving > totally....I myself would like the pin, but not enough to risk my credit with > some lurking cyberthief, and you can rest assured they're out there. > ________________________________________________________________________________ > Thomas C. Mobley "The above well reasoned and insightful opinion > Trident Technical College is my own, and is not the opinion of Trident > POB 118067 Technical College. Anyone who says different is > Charleston SC 2943-8067 itching for a fight." > ZPMOBLEY@TRIDENT.TEC.SC.US There has been a lot of talk about the security of credit card number in e-mail over on the marketing mail-lists. One thing you should remember, you're passwords are just as insecure as E-mail. The software that could be written to get credit card numbers could just as easily watch the telnet port and pick up user/pass information. On top of this, the burdon of proof for fradulant transactions is on the merchant, not on the card holder. It is risky to accept credit-card numbers by e-mail, but less so (how much is for you to say) to send them. -GReg --------------------------------------------------------------------------- Gregory Cohen + Infinite Illusions Juggling Supplies call 1-800-548-6724 + for a catalog or anonymous FTP our catalog from + io.com /pub/usr/infinite infinite@io.com + or Use Mosaic and connect to http://io.com/usr/infinite/ = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Date: Sun, 9 Oct 1994 20:53:26 -1000 From: ricky@hursley.ibm.com (Rick Turner) Message-Id: <1994Oct10.065326.73454@hursley.ibm.com> Organization: IBM UK Labs Subject: Re: WARNING! DO NOT SEND CREDIT CARD NUMBERS IN EMAIL Think about using PGP for this - it's a freely available public key encryption system. It's also sufficiently secure that even governments cannot 'break' it in realistic time. The idea is that the recipient of the mail generates his (her) key, and publishes the 'public' part. You or I, when sending in our order (and therefore credit card #) encrypt the message using the published public key. Said message is then ONLY decodable by the intended recipient, and what is more, can have a digital signature so that it's verifiably from me..... For more detail, read the PGP docs. Rick = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =