RE: E-commerce Security???

From: Chris Merkel (chrism@geo-synthetics.com)
Date: 09/05/01


Message-ID: <3D1C775474CAD211942D00805FC7EB0B4C7D43@wisconsinnt.geo-synthetics.com>
From: Chris Merkel <chrism@geo-synthetics.com>
To: 'jaywhy' <jaywhy2@home.com>, security-basics@securityfocus.com
Subject: RE: E-commerce Security???
Date: Wed, 5 Sep 2001 08:15:20 -0500 


> I guess my question is, How do you keep customer
> information secure? And I'm also guessing my question has no
> right answer.

There are two correct answers:

1. Customer information is kept secure by not keeping it at all.

2. Merchants do the best they can.

Your rant is interesting, but ultimately pointless, because for every
security measure there is, there is a way to circumvent it.

Some miscellaneous points:

Time = Money - By making it very time-consuming for thieves to get in, you
lower the value of the item(s) they are after.

Security is not an all-or-nothing process, but an ongoing effort to take the
profit out of stealing information.

The more valuable something is, the more security will be placed around it,
that's why many people keep canceled checks in the file box at home and
their stock certificates in a safe deposit box at the bank.

The online world is more secure than the offline one. Who do I feel safer
giving my credit card information to? Amazon.com or the waitress in the
diner at the truck stop on the interstate?

Chris Merkel
chrism@geo-synthetics.com
Sysadmin
Geo-Synthetics, Inc.
www.geo-synthetics.com