For anyone to sniff these packets off of the Internet (which has never been proven to have happened with criminal intent or results) the person would need access to a T1 line and a number of computers. They could only look for packets going to specific sites, not likely a tiny site like ours would be targeted. The person would have to make changes to the router that connects them to a backbone, something the backbone provider is likely to discover. Normally only the packets addressed to their IP block would go through their router. Every packet of data on the internet takes the best route to its destination. The packets are not echoed all over the Internet. Every router on the internet has a routing table that directs every packet over the most efficient route.
They could also only sniff packets of data that were on the backbone that they used that passed the point of the backbone they were connected to. There are many internet backbone operators, so the odds of a hacker (or cracker) being on a segment our traffic passes is unlikely at best. Anyone with the skills and wherewithall to do this would be able to make a lot more money legally.
Once you complete the form and submit it, the entire form is emailed. In our case, the web server and the email server receiving the form are on our private internal network behind a firewall, so the packets never leave our network.
The cases of credit card numbers being stolen are all inside jobs by employees. Here, only the CEO has access to credit card and checking numbers. There have been a couple of cases where databases of credit card numbers were hacked. Our credit card and check orders are not stored on a computer that is accessible from the Internet which was the case of those hacked. It is much less safe to give your credit card to some underpaid retail clerk or waitress. In a few cases, bogus software has been distributed and it was programmed to send its creator credit card and other information from users' personal computers. These things, like virus programs and trojans, are an entirely separate issue having nothing to do with the security of online forms or web sites.
Address verification is run on all credit card orders which eliminates most fraudulent attempts. Even if a credit card number with expiration date or checking account number is stolen, the customer is never held liable or responsible in the case of Internet orders. The customer never gets burned, nor do the credit card companies. Credit card companies bitch about internet credit card fraud, but in reality, they usually don't lose the money, the merchant does. In every case, the merchant gets burned. Retail merchants who actually have the card and run it and get a signature are protected. Internet merchants never have a signature, so they get burned every time.
In all the years we have been in business, including the two years we operated a nationwide dialup ISP, all the fraudulent credit card charges were due to people stealing numbers in a retail or similar enviornment where the card was physically presented, or where done by roommates, lovers, former associates of one type or another who once had access to the person's credit card, or in rare cases, where the credit card was lost or stolen, but few people would bother signing up for internet access or buy products on a site that have to be shipped to a street address with a card that they actually physically possessed and could use to purchase merchandise.
There are hundreds of shopping mall sites. Hundreds of sites allow merchants to open online stores. These sites use SSL secure pages, but this is usually a poor joke on the customer. The SSL protects what you are typing into the form on the site, which is the hardest thing to intercept to begin with. Then the site sends the order form to the merchant in plain text as an email message, which is much easier to intercept if someone really wanted to, plus it has all the information packed together in a small number of data packets.This is totally insecure, but nobody needs to go to that much trouble to steal credit card information and the companies know it. Secure pages are a security blanket for the nervous customer and the digital certificates and other parts of it are just more ways for security businesses to make money.
It is much easier to get forms from a retail merchant or carbons out of a trash can. The credit card information itself is only good for online and phone orders. Anyone shipping mechandise is likely to do address verification and not ship the merchandise anyway. Credit card fraud operations want to have the signature with the card info to make up actual duplicate credit cards that can be used at retail establishments where they can walk away with expensive merchandise.
The fact is Mastercard and Visa are both completely out to lunch. They are convinced that pincodes/security codes on the back of a credit card will completely eliminate fraud. They are so convinced they have it all figured out they have eliminated all other means for an internet merchant to deal with fraudulent credit card use. This is one of the reasons that this site uses iBill for billing, because iBill kinds a database to help protect merchants from credit card fraud. For the customer, this is a good reason why you should sign up only at sites that provide full contact and identity information, such as Gayadult.com..
www.glinn.com/gaybuttons/ Copyright © 2006 by GLINN Corporation