>>>How do you know their certificate hasn't been stolen, and they haven't even >figured it out yet? How do you know they were trustworthy people in the >first place?<< > >Why do you ASSUME that they're NOT trustworthy people? Do you go through >your entire life in that shell?
Everybody gets a limited amount of trust extended to them, for "free" That amount is NOWHERE NEAR the trust where I hand them my credit card number. Do you hand your credit-card to random people in the street? With a brick-and-mortar retail establishment, I can tell a lot from location, size, even the "look" of the store -- I also know, right off the bat, that they've invested a *TON* of money and won't be able to make it back in a short-time con. With a web-site, I can tell: They paid $119 to somebody for the CA. They paid $20/month or so to somebody else. They maybe paid somebody to design/build the site, or a turn-key system, or... That really doesn't tell me a whole lot. I don't know: They aren't storing my credit card number in their database "just temporarily" while we process it. [I've had to fix this error a couple times myself, and I hate doing shopping carts. Too boring. I quit doing them. I can't imagine how many times a shopping cart "regular" has walked into this situation.] They aren't using a badly-designed system where my CC# appears in "ps auxwwww" output. They aren't using a badly-designed system where the CC# is stored on the disk during processing. [Hint -- Last I checked, Linkpoint's PHP interface did this. Guess what happens when you get a network time out or the script fails for some reason? Your CC# is left hanging around in that file. Sure, if the instructions were followed, only root can read it... If the server hasn't been hacked. If, if, if...] The scripts that process my CC # have correct permissions, and are accessible only to one, okay, *two* people to avoid somebody inserting a back-door. The list of failure points is endless, and I *STILL* don't even trust that randomsite.com has had any kind of background check carried out by the people issuing Certifcates. Jeez, people -- We're talking one of the major players is MICROSOFT! Do you trust them with Security?! I've seen too many bad home-brew shopping carts to have any faith in them. I still shop on-line, but rely on the fact that I can only get dinged for $50, and we'll all be paying even higher interest rates next year. I have no trust that my CC# isn't being exposed. >>>The more I think about this, the more I agree with people who just won't do >eCommerce at all...<< Hey, I'm not saying I don't shop on-line. I'm saying I have no faith that I won't be calling up the credit card company and canceling the stolen account much faster than at a traditional store. I have no faith that the e-theft of credit cards won't raise my interest rates. The CC companies have already proven that they will accept an inordinately high level of theft and just pass on the cost to consumers. What do they care what your interest rates are? -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php