From the online mailbag In response to a Nov. 24 Opinion: PCI 3.0: The good, the changes and why it's not ugly, by Greg Rosenberg, security engineer, Trustwave The part I don't understand: Do they [third-party service providers, online retailers and merchants] keep the credit cards numbers in clear text to start with? Even some simple encryption would help limiting the exposure. Even better, when the card system does the authorization for the repeated use (such as an automatic bill pay), it should be fairly easy to generate a hash that includes both the number of the credit card and the merchant ID and use it for any future transaction. It's like issuing a one-time credit card that can be used only by this particular merchant. In response to a Nov. 14 news story, U.S. spy program targeting Americans' mobile phones, report says: Professor Hayes is naive in his comment: "Ultimately, the FBI and similar agencies have no inclination or even the resources to analyze the general public's communications and are only interested in finding criminal suspects." He has left specific groups and people who are not criminals that members of the U.S. government want to target, such as the abuses by the IRS reported over the last couple of years, as well as the more recent revelations that the White House was illegally receiving confidential tax return information from the IRS.
展开▼