Push 0 #1 May 2, 2003 What do you guys think about using email to send CC numbers? What is the real risk I'm running with that? I understand that the email goes through my SMTP server to the POP3 server on the receiving end. I trust the receiving end. Does the SMTP server normally archive emails? I would imagine that's an invasion of privacy, or is it? -- Toggle Whippin' Yahoo Skydiving is easy. All you have to do is relax while plummetting at 120 mph from 10,000' with nothing but some nylon and webbing to save you. Quote Share this post Link to post Share on other sites
Faber 0 #2 May 2, 2003 i dont really know but you could get the person to send an check instead if your too afraid Stay safe Stefan Faber Quote Share this post Link to post Share on other sites
Push 0 #3 May 2, 2003 There's always fax, too, but I'm lazy. Maybe I should use the dz.com email, I'm sure Sangiro wouldn't steal my CC number I need it to setup donations anyway. Hopefully after this transaction the online billing thingy will finally be updatedYou know, that's a thought. Why not use the dz.com email addy? Hrm... -- Toggle Whippin' Yahoo Skydiving is easy. All you have to do is relax while plummetting at 120 mph from 10,000' with nothing but some nylon and webbing to save you. Quote Share this post Link to post Share on other sites
skybytch 259 #4 May 2, 2003 Lots of customers send me c/c info by email. A couple of ways to make it "safer" - send part of the numbers in one email and the rest of the numbers in another one, or put the credit card info in a word file and attach that to the email. Quote Share this post Link to post Share on other sites
freeflyz 0 #5 May 2, 2003 Let me just say it's not safe.I know! Quote Share this post Link to post Share on other sites
Push 0 #6 May 2, 2003 The more I think about it, the better I like the idea of using the dz.com addy. The receiving end is secure, and Sangiro would never do something like that. I'll do that and let you guys know how it goes -- Toggle Whippin' Yahoo Skydiving is easy. All you have to do is relax while plummetting at 120 mph from 10,000' with nothing but some nylon and webbing to save you. Quote Share this post Link to post Share on other sites
Jimbo 0 #7 May 2, 2003 QuoteWhat do you guys think about using email to send CC numbers? That it's a Bad Idea. Quote What is the real risk I'm running with that? The risk is that someone could (a) intercept the email before it arrives at its intended destination, or (b) that someone could intercept the email after it arrives at its intended destination, or (c) that one of Joe Shithead's friends could snag the email off of his computer after the email arrived. Don't send something like your credit card info over the wire without encrypting it first. QuoteDoes the SMTP server normally archive emails? It can. Any SMTP server between you and your final destination could be archiving emails for any number of purposes, legitimate or not. The email could be stuck on an SMTP server for any length of time depending on how successful the SMTP server is at contacting the next hop. QuoteI would imagine that's an invasion of privacy, or is it? Why would it be? It might be morally objectionable, but I don't think it's an invasion of privacy. After all, you'lre relying on someone elses equipment to get your message to the final destination. What they do with that message while it's on their system is their business. Make sense? Use some form of encrypted communication to deliver your credit card info. If you can't encrypt the communication between you and the receiver then think about doing it the old fashoined way and pick up the phone. - Jim"Like" - The modern day comma Good bye, my friends. You are missed. Quote Share this post Link to post Share on other sites
Opie 0 #8 May 2, 2003 Quote The more I think about it, the better I like the idea of using the dz.com addy. The receiving end is secure, and Sangiro would never do something like that. I'll do that and let you guys know how it goes Just don't use a pm on here. We all know what HH does with them Quote Share this post Link to post Share on other sites
Skypup 0 #9 May 3, 2003 Credit card numbers in e-mail is definatly not safe!!!! If you really must do it go here: http://www.pgp.com/products/freeware.html It is free encryption software that is fairly easy to use. Both the sender and reciever need to install the software and then make a password to their randomly generated encryption. Then it is just a matter of writing the e-mail, clicking the encryption button and sending it off. Alternativly there are services such as PayPal, which is free to start up, and charges a VERY small charge per transfer.T.S.S # 5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To dream great dreams is itself an act of daring. -Eric Shipton & Bill Tilman ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Quote Share this post Link to post Share on other sites
nathaniel 0 #10 May 3, 2003 Using PGP for a one-time transaction doesn't give you good safety unless you can exchange keys securely (ie, not over teh intarnet). but it's better than plaintext... If I needed to send someone I just met my CC# and all I had was the internet to do it, I would be more worried about its safety in his/her hands than in transit. If the recipient was in a public space when s/he read your email any shoulder-surfer could bogart it, etc. If you're really paranoid I think escrow services are the way to go...gets you a margin of confidence in your goods as well as your CC#. but it costs money so maybe not worth it if your transaction is going to be small. nathanielMy advice is to do what your parents did; get a job, sir. The bums will always lose. Do you hear me, Lebowski? Quote Share this post Link to post Share on other sites
indyz 1 #11 May 3, 2003 QuoteUsing PGP for a one-time transaction doesn't give you good safety unless you can exchange keys securely (ie, not over teh intarnet). Actually, it's very secure. The whole point of public key cryptography is that you can freely disseminate your key. Quote Share this post Link to post Share on other sites
nathaniel 0 #12 May 3, 2003 Have you ever heard of key signing? Man-in-the-middle attack? The point about sharing public keys is true, but anyone else can share "your" key too, and give theirs instead of yours. An attacker doing this to both sides in a transaction can effectively read or spoof the transaction. This is (part of) the reason key signing companies like verisign, thwate, etc came into existence. nathanielMy advice is to do what your parents did; get a job, sir. The bums will always lose. Do you hear me, Lebowski? Quote Share this post Link to post Share on other sites
indyz 1 #13 May 3, 2003 QuoteHave you ever heard of key signing? Man-in-the-middle attack? Yes. And yes. And I consider emailing my public key to be safe enough for a low-to-medium dollar amount transaction. In that case, what I am mostly worried about is a an under-paid ISP employee reading my email or some script kiddie sniffing my packets. If we want to up the paranoia level a little bit, he can call me back and read off the checksum. QuoteThis is (part of) the reason key signing companies like verisign, thwate, etc came into existence. There are several documented cases of impostors spoofing keys or (in at least one case) of obtaining legitimate signed keys in the name of a well known software company. Quote Share this post Link to post Share on other sites
Windwalker 0 #14 May 4, 2003 The analogy I always use is a postcard. Would you feel comfortable writing your credit card number on the back of a postcard and mailing it to someone? Anything sent over the Internet, that isn't encrypted, is there to be seen by anyone who looks. The Internet is a public UNTRUSTED network! It is not private, or secure, in any way shape or form. Long distance is cheap these days. Use the phone. Tapping phones is a pain in the ass and can't be done by a kid who downloaded some really cool software from the Internet. ------------------------------------------------------- Windwalker Whatever doesn't kill me, just makes me cry. Quote Share this post Link to post Share on other sites