|
Posted by Nomen Nescio on August 24, 2006, 3:00 pm
If you were Registered and logged in, you could reply and use other advanced thread options
webmaster@aquinasandmore.com wrote:
> This is from Amazon's credit card security page: "To provide you with
> an additional layer of security, all credit card numbers provided to
> Amazon.com are stored on a computer that is not connected to the
> Internet. After you type or call it in, your complete credit card
> number is transferred to this secure machine across a proprietary
> one-way interface. This computer is not accessible by network or modem,
> and the number is not stored anywhere else."
>
> Now, I'm wondering how this can possibly be since
Ok, I'm not defending Amazon or claiming they're ultra-secure or
anything, but...
> 1) Amazon does keep credit cards on file and charges them.
They never claimed otherwise.
> 2) Amazon displays part of your credit card number when you are a
> returning customer during the checkout process.
So does Orbitz and a lot of others. Don't forget there's more than one
way to store information. It would even be possible to store those 4
digits on your computer in the form of a cookie, although this is not
how it's done because many people delete them. More likely is a
database containing those 4 numbers that's completely separate from the
"main" credit card info. Those 4 digits are used to determine which
account to charge (you can enter more than one credit card number at
Amazon), and the publicly accessible machine simply tells the
non-public machine to do a transaction for Joe Blow using card #1234
rather than card number #4321.
> If it is a one way connection to this server which isn't connected to
> the Internet or to a modem, how can they possibly ever charge credit
> cards?
I can think of a number of ways, the most likely being that the machine
holding the credit card info does the transaction via it's own
proprietary connection to the "bank" and then simply returns a yes or no
answer, or that the machine holding the credit card info compares a
hash of the CC number to one generated when it's entered, and then the
transaction is processed by a clearing house or other third party who
also holds a copy of the credit card number on queue from Amazon that
the hashes match. All conducted via non-public connectioins
Actually I could probably come up with a few more ideas on this, but
the general theme would be Amazon's "interface" being hardware
restricted to only transferring very specific information. Most
likely just a True/False indication of whether the transaction is
approved.
| 
XML site map