Re: trouble convincing client of ecommerce security requirements

by Kathy Wheeler <kathyw(at)>

 Date:  Wed, 6 Mar 2002 08:05:46 +1100
 To:  <hwg-techniques(at)>
 Cc:  "Missy Scott" <MBScott(at)>
 References:  assistance
  todo: View Thread, Original

> Any thoughts on this?  Any experiences with ecommerce that wasn't secure?

A comment attributed to an Internet/computer security expert goes along the 
lines "the only truly secure computer [data] is on a server that is turned 
off, unplugged from everything, incinerated and the ashes locked in a bomb 
proof safe" ... all servers can be hacked given time and sufficient 

However, most Credit card fraud is "inside jobs" from dis-honest or 
disgruntled staff.

So basically, all the "secure" measures in the world are little real comfort 
BUT it gives the end user the "warm and fuzzies", and that's what counts.

I think you have plenty of amunition from other posts to put up a very 
convincing argument to your client. After all that, regardless of whether 
they opt for secure servers or not, offer their customers alternatives to 
credit card payment - phone, dd, fax, post etc. and let the cutomer choose 
their preferred level of risk.


HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA