Who's in Charge?


On credit cards, the Internet and paranoia                  By Rick Altman

The following exchange has become a regular occurrence at our offices: We receive e-mail from a CorelDraw user - let's say her name is Susan - and she has just bought one of our books or registered for our conference using our online order form.  She has filled out almost all of the form; we know her work address and her phone number, and in the case, she has also supplied her home number and address.  We know how many hours she uses Draw and we even know her T-shirt size.
    She gives us everything except her credit card number.
    In that box, she writes, "I don't give my card number over the Internet;  sending by fax instead."  And sure enough, 15 minutes later, Susan sends us a fax with her credit card number and expiration.
    Is Susan just being careful, or is she being paranoid?  Perhaps the former...definitely the latter.
    The reason behind this behavior does not require deep thought.   The World Wide Web gives many of us the heebie-jeebies.  Do you know how it works?  I don't.  I understand my car better than I do the Web.  It's mysterious and magical, and you have heard wildly concocted stories about evil Web lurkers gaining access to your computer while you are online.  This makes you nervous.
    This is all perfectly understandable. It's also perfectly irrational.   Your view of acceptable risk as far as your credit card is concerned is way out of whack.  Let's have a look.
    First, let's try to predict all the bad things that could happen to your credit card if you gave it out over the Internet.  Then let's assign probabilities to those events.  In order of highest probability:


    Your submitted e-mail message could get lost and destroyed, and with it your credit card number.  This is the most likely of all scenarios, 1 in 500,000 at best, and it is completely moot, because your credit card number went down with the plane.
    It could accidentally be sent to someone else, and that someone else would start charging like crazy on your card.  How often do you get e-mail intended for someone else?  Probably never, and if you did, and it included a card number would you go charging on it?
    Let's say you were devoid of scruples.  You might keep a $100 bill if you found it on the street, but you wouldn't use someone else's card.  It's too risky; you could go to jail. So this scenario would only put you at risk by the fantastically low probability that your e-mail is mistakenly sent to someone else and that person is a criminal.  Probability: 1 in 10 million.

    Someone could somehow see your e-mail as it is making its way to its intended destination.  Well, yes your e-mail might have to traverse through various Internet backbones - companies like Advanced Network Services, UUNet technologies, or MCI. Yup, those multi-billion-dollar companies would just love to get their hands on your little credit card.
    The argument is foolish on another level, because fishing your e-mail out of UUNet would be akin to reaching into a glass of water with your fingers and pulling out one molecule.  Probability: 1 in a billion.

    Your e-mail could reach the end of its trip and be surreptitiously read by the Internet Service Provider that houses the Website you responded to.  Indeed, this is well within the capability of the ISP that hosts the site, but if the proprietors of the ISP wanted to make illegal charges on a credit card, why would they choose yours?
    Most of their clients pay their monthly payments on a credit card.   A crook at an ISP has plenty of opportunity to fudge a monthly charge, rather than risk a completely unauthorized charge on a credit card to which he has no legal access.   Probability: Ridiculous to even consider.

    Your e-mail could wind up in someone else's hands, by some method not explainable within the science of the Internet.  That person could then start charging wildly on your card.  Probability: 1 in infinity.

    Let's return to Susan.  She faxed her credit card to our offices.  She's lucky - it's a small office, and the fax machine is next to our trusty office manager.  But Susan didn't know that.
    We could just as easily have been a corporation of 10,000, and her fax could have been sitting on the tray of a group fax machine for hours.  It could have been seen by countless workers, of unknown consciences or criminal tendencies.  Now Susan has placed herself at measurable risk.  Still minutely small, in my view but well beyond the risk of the Internet.
    Now let's talk about you.  You had lunch at Denny's; did you pay with plastic?  The waitress disappeared with your card!  Why, she could have ordered 500 CDs from Tower Records before returning to your table.  This is measurable risk.
Despite the wild stories, the Internet is a far safer place than the rest of the world.   There may be lots of perverts and dirty old men on the Internet in search of pornographic Websites and adult chat rooms, but urban police will verify that these people rarely fit criminal profiles outside the sexual arena.  Face it, you're better off giving your credit card to the Webmaster of a site than to the clerk at a mall.
    In the final analysis, your credit card number is mediocre commodity, easily attained by someone who puts his or her mind to it.  Your best protection against credit card fraud is your own careful record keeping, because your bank or credit institution protects you against fraudulent charges.
    And for your own sanity, the best attitude to take is to accept the fact that a lot of people you don't know are going to have easy access to your credit card number, whether you send it across the Internet or not.  It's not worth the worry, it's not worth the paranoia.
    Writing this, I am reminded of the environmental crisis we had years ago, for which health officials wanted to spray insecticide form helicopters to stave off an incursion of a foreign fruit fly.  To convince a nervous neighborhood of  the safety of the operation, the head of the operation called a press conference and, while the news cameras were rolling, drank a glass of the insecticide.
    It is in that spirit that I finish this column:
            4271-3820-8627-7056, expiring June of 1999.


Printed in the August 1997 issue of Corel Magazine.


Return to PrairieWeb.