MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_01C5F022.74611180" This document is a Single File Web Page, also known as a Web Archive file. If you are seeing this message, your browser or editor doesn't support Web Archive files. Please download a browser that supports Web Archive, such as Microsoft Internet Explorer. ------=_NextPart_01C5F022.74611180 Content-Location: file:///C:/E517B225/Shop-Online.htm Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="us-ascii" Why I Shop Online

Why I Shop Online

Carl Ellison=

23 November 2005

1&nb= sp;        Background

I’m a security architect by profession.  As part of my career history, I wo= rked for the first online payment gateway company, CyberCash, and in that compan= y we were aware of all existing threats against online commerce and a bunch that haven’t materialized yet.

In the course of this experience, I devised a few observations and rules for myself and my friends about online shopping.

2&nb= sp;        Cryptography doesn’t protect you onlin= e

Cryptography is wonderful stuff.  That’s what you’re usi= ng when you see the little closed padlock icon in the margin of your browser window.

=

I got into computer security through a passion for cryptography and I’m still passionate.  When you have a chance to use cryptography, do it.

However, just seeing this padlock does not mean you are safe.

What this padlock means is that the information you pr= ovide (like a credit card number) can not be eavesdropped between your computer a= nd the server offering the web page.  So, in the common shopping situation, you might define safety as mak= ing sure your credit card number isn’t misused by someone.

The cryptography here stops someone between your machi= ne and the web page server from seeing your credit card number, but:

  1.   Many attacks today (called phishing) induce you to go t= o the wrong web server where you see a carbon copy of the correct web page.<= span style=3D'mso-spacerun:yes'>  So, to all appearances, you w= ent to the right page – but it’s on the wrong machine. It’s= on a machine under the control of the attacker.
  2.   Your credit card number will probably be held in a database on = that server.  Many attackers l= ooking for credit card numbers break into web servers and just download the w= hole database.  As Willie Sutt= on said, he robbed banks because that’s where the money is.  Attackers rob server databases because that’s where thousands of credit card numbers are stored= .
  3.   Remember Choicepoint? http://www.epic.org/= privacy/choicepoint/
  4.   Spyware is a h= uge threat.  If your computer= has spyware – or, worse, the kind of infection called a bot – then that attack software can wait for you to type a credit card number and then send t= hat number back to a server run by the attacker, where it is put into the attacker’s database.  You can and should protect your computer with security measures.  See http://suppor= t.microsoft.com/?pr=3Dsecurityhome for guidance along those lines.

3&nb= sp;        Credit Cards

So, with all that gloom and doom, why do I shop online= ?

I shop because the credit card companies protect me.  They have to.  When I hand my credit card to a wa= iter at a restaurant and he takes it into a back room, he could easily be making= a copy to sell to some attacker.  This doesn’t require online shopping to enable the attack.  This attack has been possible for decades – long before computer shopping was invented – and the credit card companies have addressed it very well, at least from the consumer’s point of view.

By national regulation in the US, when you use a credit car= d and the number is stolen and misused by some attacker, you are liable for only = the first $50.00 of charges the attacker ran up.  In my experience, though, no credi= t card company has ever charged me that $50.  Rather, they took any false charge on my statement and put the liabi= lity for the full charge back onto the merchant.

From a security geek’s point of view, the way th= ey protect me is with a two part protocol. The first part is handing over your card to the waiter, reading it over the phone to an telephone salesperson, writing it on a mail-in form or entering it on a web page.  Those are all equivalent.  This part has enough security to g= et the merchant to send you the thing you bought, but you aren’t out any mon= ey yet.

The second part of the protocol is when you get the statement from the credit card company.&nb= sp; It’s your job, now, to read over that statement and make sure = that every line item is something you actually did buy.  If you find something you didnR= 17;t buy, you call the credit card company and reject the charge.  That starts an investigative proce= ss and might result in reversal of charges.  For the line items that you agree you bought, you then write a check= to the credit card company and mail it.  This completes the second part of the protocol.

Because those two parts occur at different times and u= se information delivered by independent channels (the second part delivered by= the post office), it is very difficult for the attacker to intercept both parts= and subvert the whole protocol.  B= ecause it ends with your writing a check, that piece of the process has its own security and that’s probably enough to block the attacker.  That is, if the attacker could for= ge your checks, then that’s the most direct attack and there’s no reason to engage a credit card purchase.

4&nb= sp;        Debit Cards

Most debit cards look just like credit cards and they = act almost the same.  There is a regulation limiting your liability in cases where the debit card number is stolen.

However, there is a major difference.  When you buy with a debit card, the money comes out of your checking account immediately.  There is no check-writing process.=   When you get your statement, it sh= ows things already done.

So, if there is a charge you didn’t make on the statement, you can’t just refuse to include that in the check you wri= te. There is no check you write. Instead, you have to open a procedure with the bank to try to get reimbursed for this charge.

I have never tried that procedure, but I assume that u= ntil this is resolved, your account does not have the contested money in it.  In that case, if the attacker drai= ned your account dry, you are doing all this process to get reimbursed while be= ing broke.

For this reason, even though the law protects me, I refuse to carry a debit card.  I consider them too dangerous.  I would certainly never use one for mail order, telephone order or w= eb shopping and strongly recommend that my friends not use them.

5&nb= sp;        Electronic Funds Transfers (EFT)

This is what I use to have my paycheck automatically deposited.  It is what some merchants want me to use to pay for goods.

I absolutely refuse to pay for anything by electronic (direct) funds transfer!

As far as I know, there is no regulation limiting my l= oss if someone uses EFT to drain my bank account.=   No one is responsible for reimbursing me.  This makes EFT very desirable for a merchant.  Once you have money= by EFT, you can count on it. It won’t be later challenged, as a credit c= ard payment can be.  It won’= t be later withdrawn.  But that same quality that makes this desirable for a merchant makes it completely unacceptable to me as the consumer.  With EFT I am totally at the mercy of the merchant.  Worse, I don’t know of any safeguards of my EFT information that would prevent an attacker from tapping into my account and draining it (in one transaction or in a series of transactions).  Such safeguards might exist.  If so, please se= nd them to cme@acm.org and I will modify th= is page.

6&nb= sp;        My rules for online shopping

  1. Never pay for anything by EF= T.
  3. It saves money for the merchant.
  4. It saves time for me.
  5. I can do it from anywhere.
  6. I don’t have to burn gasoline to do it.

 

 

------=_NextPart_01C5F022.74611180 Content-Location: file:///C:/E517B225/Shop-Online_files/image001.jpg Content-Transfer-Encoding: base64 Content-Type: image/jpeg /9j/4AAQSkZJRgABAQEAYABgAAD/4QAWRXhpZgAASUkqAAgAAAAAAAAAAAD/2wBDAAgGBgcGBQgH BwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/ 2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIy MjIyMjIyMjIyMjL/wAARCABBANgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQF BgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS 0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4 eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi 4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREA AgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl 8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImK kpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP0 9fb3+Pn6/9oADAMBAAIRAxEAPwD3+iiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKA CiiigAooooAKKKKAK16cQjnHzev19/8APt1FHp7Y/DH8vT26dsfJdv2IhXGBls5JIAwCe30//Uea zPtEY6Sxe3Lf/E+w/LthdssaHyDjp0V+3T5G9vb26e2FKzX1eNtej0pYwxazlufNU8AD5QuCB6+3 TvwFKTGjrKKzf7Wj9Yv++m/+Jo/taP1i/wC+m/8Aiaq6FY0qKzf7Wj9Yv++m/wDiaP7Wj9Yv++m/ +JougsaVFZv9rR+sX/fTf/E0f2tH6xf99N/8TRdBY0qKzf7Wj9Yv++m/+Jo/taP1i/76b/4mi6Cx pUVm/wBrR+sX/fTf/E0f2tH6xf8AfTf/ABNF0FjSorN/taP1i/76b/4mj+1o/WL/AL6b/wCJougs aVFZv9rR+sX/AH03/wATR/a0frF/303/AMTRdBY0qKzf7Wj9Yv8Avpv/AImj+1o/WL/vpv8A4mi6 CxpUVm/2tH6xf99N/wDE0f2tH6xf99N/8TRdBY0qKzf7Wj9Yv++m/wDiaP7Wj9Yv++m/+JougsaV FZv9rR+sX/fTf/E0f2tH6xf99N/8TRdBY0qKzf7Wj9Yv++m/+Jo/taP1i/76b/4mi6CxNqP+oH/A /wD0Bq4wWeoyaqP+Jj5Vhgu/7tC4/wBheOSc8E9Oc9Od3Wbm6v7IQ2F/bWU27JleJpflwQQBgcnP X/8AWOc/sjXf+hps/wDwXH/GkwFix/wsGPaCB/ZM+ATn+JaKk0zRbq01o6nf61BeOLSS3VI7Voz8 2D6kdR+tFSxk/wDZlh/z5W3/AH6X/CrVnZ21uty8NvDGxiwSiAHG9fSipof9Vcf9cx/6EtAHFf6N LZZkH2O2tVhjuGtrJJ7uUvHvDoGBATIK7irl2EigKV3HmfDWu/ahdXnmx39ikkwhS7sYo5LxYzx5 GxV+dlOQpVssAmVyWrvDomnazo1gt/arK0cC+XICUkjyBnY6kMucDOCMjg8Vw95aeEbG/ubbWj4j N8kz7jFNHKuwsTHhpCWPyFeprOtW9nE9LLMvWNqOLbslfRXf3aad36Lqelw2tvbMzQQRRMw2kogU kZzjj6D8q5zVZLbSfBh1COwt5rlLZGRPLXdK2BkDg/MRnsfoa1vD3/IBtMeb5W0+R523f5O4+Vu2 8Z2bc1nXHiCx8P2unS3mpxWDzae0cLySBMtuhJAO1uwP8J/DNZ16rhQlUitbHFVpezqyp3vZtfcc 3b3FhpGsaef7SS9srlnW+a5tgsdv8jMGUkZRdygDcWwGO4scEehQ2tvbMzQQRRMw2kogUkZzjj6D 8q8+8UeNLPW/Cmq6XB4hhv7m6tzFBax3AkaWQkYVVEKkk9hn8DXo9c2XYidam3OPLrtaxEkkzlbr UtE0ix0yO7is1nuolwXjUnoMtjv1zyQODyK5e2+I2itrUVnLpVpJaSShDdxxqgiXON7g5AXOMnIw Mn2p3xA0eO50LTtSmt7maOGzC74VLCDjcWcDJ24zz0G3nO7jz7wql94itX8PafZS+VcygXV1Cm5U DAjdI3HCqGKqTycgcmvdjTovDyrJyc1Zctko6397mvdpaaKzv3TuvOqVK/tbQTsraWVvW/8Ake9a uNN0fSLvUpNLSeK1jMsiQxR79o5YjcQOBk9e3GTxTIbnw/LeR2DjTYdSZQxsHaIzoSu7BUE8gc8Z HfOOan8R2V1qfhrUtPsxCbi6tngQzOUQbwVJJAJ4BJxjnGOOtZzaHfzwXxlNtHNd6pZ321ZGZUWI W+9c7Rk5hfHHORnGTjjO8LPWvCd5olvq/n6XBaTbV3TvEuxyu7y2OcBwDyuc1duZvDtn5v2qTS4P K/1nmtGuz7nXPT/WR/8Afa+orCPhbUlsdIj2wyvpVs9jGsWpT2vnRkRYlZ413K37rmP5h82dx2jM 9p4QeysbmCEWavJe2Equisv7m3FuNpzub/llJtBZvvDJ5Jpgab3nhiLT4tQkuNISylbZHcs8Qjdu eA3Qn5T+R9KLW40K71a+0uOCzF7ZsBJAyJvKlEbeF67f3gGcdcisjUfCt7NrlzqkJSUyTuUhXUJr M7Hit0JMkQJyGtz8uCCGByCMVqeH9FuNCkntkW2aykWJw6MysjpDFDsCHd8uIt24uTzjBxuKA0/7 MsP+fK2/79L/AIUf2ZYf8+Vt/wB+l/wq1RQMq/2ZYf8APlbf9+l/wo/syw/58rb/AL9L/hVqigCr /Zlh/wA+Vt/36X/Cj+zLD/nytv8Av0v+FWqKAKv9mWH/AD5W3/fpf8KP7MsP+fK2/wC/S/4VaooA q/2ZYf8APlbf9+l/wo/syw/58rb/AL9L/hVqo551t0QlGlkkbZDCn3pW9B6D1PQD8AQQlvBp9lcR yeRbxSOHSLbGAzHYc4wOwPJ/xAJVC1laS9WZ5oWaQmMzYyshAJ8qAdkXqX/iPfnkoYItfbPFX/Qp N/4EWv8AjSNd+KmRl/4ROQBuDturYZ79mruqKuyFc4RbnxQiBE8IFVUYAE9qAB+dRTf8JDcyRST+ CY5ZITujZ5bRih45BJ46D8q9AoocUxxlKLunY4R7nxS6lT4SfB9Lm2B/MNQtz4oRAieECqqMACe1 AA/Ou7ooshXOG+2eKv8AoUm/8CLX/Gmvc+KXUqfCT4Ppc2wP5hq7uiiyC5wi3PihECJ4QKqowAJ7 UAD86d9s8Vf9Ck3/AIEWv+NdzRRYLnDfbPFX/QpN/wCBFr/jR9s8Vf8AQpN/4EWv+NdzRRZBc4b7 Z4q/6FJv/Ai1/wAaPtnir/oUm/8AAi1/xruaKLILnDfbPFX/AEKTf+BFr/jR9s8Vf9Ck3/gRa/41 3NFFkFzhvtnir/oUm/8AAi1/xo+2eKv+hSb/AMCLX/Gu5oosgucN9s8Vf9Ck3/gRa/40fbPFX/Qp N/4EWv8AjXc0UWQXOG+2eKv+hSb/AMCLX/Gj7Z4q/wChSb/wItf8a7miiyC5w32zxV/0KTf+BFr/ AI0fbPFX/QpN/wCBFr/jXc0UWQXOG+2eKv8AoUm/8CLX/GoJD4kmlMj+EJC5Qxk/a7cfIeq/e6cn j3r0CiiyC556qeIlZWXwfIGRPLUi8t8quc7R83T2or0KiiyC4UUUUxBRRRQAUUUUAFFFFABRRRQA UUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB/9k= ------=_NextPart_01C5F022.74611180 Content-Location: file:///C:/E517B225/Shop-Online_files/header.htm Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="us-ascii"

   &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;    2

------=_NextPart_01C5F022.74611180 Content-Location: file:///C:/E517B225/Shop-Online_files/filelist.xml Content-Transfer-Encoding: quoted-printable Content-Type: text/xml; charset="utf-8" ------=_NextPart_01C5F022.74611180--