Re: ORC?

Bboxcomp@aol.com
Fri, 17 Jan 1997 02:05:27 -0500 (EST)

In a message dated 97-01-16 17:17:17 EST, dmurray@pdssoftware.com (David
Murray) writes:

> I really like the part where they take your credit card info and send
> it back in cleartext. sheesh. haven't they heard of HTTPS or SHTTP?
>
>
> David N. Murray | PDS
> Sr. Software Engineer | 670 Sentry Parkway
> 610/828-4294 | Blue Bell, PA 19422
> dmurray@pdssoftware.com

hi David....

To answer your question, sure we've heard of HTTPS and SHTTP, however, you
neglected to indicate that our order form is in two parts and you were
unaware of what was happening when you placed your order.

The first part contains everything 'except' your credit card number. The
second part contains 'only' your credit card number. When you pressed
'Continue' to go to the second part of our order form, the first part,
'without' your credit card number, was emailed to us.

When you completed the second part (your credit card number only), the second
email was sent. Thus, we have a very simple, yet what we believe to be, very
secure system in place. There is no way for anyone to intercept either one of
these emails and make illegal use of your credit card. They would need both,
which is highly unlikely to be in the same email packet travelling all over
the internet. There is nothing to descramble, as with HTTPS, etc., which
would contain everything one would need to make illegal use of your credit
card.

We also believe that there is a lot of hype about the mis-use, or potential
mis-use of credit cards on the internet. Mis-use is more likely to take place
when placing telephone orders and giving someone all of your information over
the phone, or even in a restaurant. When was the last time you followed your
waitress/waiter when you handed them your credit card and they went away and
didn't return for 10 minutes? How about carbon copies?

We hope you feel more comfortable with our ordering system.

Thanks,

Frank