Summary: recommend use of PGP encryption for credit card ordering,
but note that most failures of security occur at the merchant.

Information security and Internet firewall systems are my job.
See http://quozl.us.netrek.org/resume.html for my professional resume.

There are three data transmissions and four storage places for mail.
To be complete, you must consider the security of these seven items.

The usual route of mail works like this;

sender-client --> sender-server --> receiver-server --> receiver-client

If I send a message to Don, it is stored for a short time on my
machine, and then sent to my preferred mail server.  It is then sent
by that mail server to Don's mail server.  Don then picks it up from
his mail server using his machine.

For most of you, the sender-server is your ISP, the receiver-server is
the the other guy's ISP.  Further, the sender-client is your machine,
and the receiver-client is the other guy's machine.  The existence of
a contract between each person and their ISP provides for some risk
reduction; it is in the ISP's interest to be secure.  Read your terms
and conditions though; many try to reduce their liability.

Thus, in normal circumstances, the only insecure link is between the
two mail servers at the two ISPs.  As has been stated, this isn't
trivial to intercept.

However, some of you use a mail service that is not at your ISP.  For
you, your receiver-server is across the internet from where you connect.
The risk there is that there is just one or two packets that your
machine sends to your POP or IMAP server that authenticates you.
Programming a sniffer to detect that sequence is trivial.  You should
change your passwords regularly and avoid storing large amounts of mail
uncollected from the remote server.


Interception of packets in order to intercept mail is not very practical
unless the deviant is operating close to a mail server that handles your
message.  Look at the "Received:" header lines in your mail messages to
see where they have been.  You are relying on the security systems of
each of the organisations that own the systems through which your mail
moves.

Attackers can gain access to systems at those organisations if they are
inadequately protected.  They can retain access for long periods, if
they are not detected.


Now think of the security at the merchant site.  Do they keep all their
electronic mail orders on a system shared with all their employees?
Are your credit card numbers therefore exposed to large numbers of
people?  What if someone breaks in?

What will significantly reduce the risk exposure?  Encryption of mail,
end to end.  The most popular/available program for this is PGP.
But if the merchant stores your information unencrypted, all you have
protected against is eavesdropping on transmission.

Personally, I think the whole idea of credit card systems is hilarious.
You can spend your money by just providing a number over the telephone
that anyone could overhear, and the only real check done by the vendor
is whether you have sufficient credit.

However: I can see the convenience.  Only wish I had one that operated
as a limited debit card.  I don't need credit, but I could do with the
ease of ordering parts!

--
James Cameron   mailto:quozl@us.netrek.org   http://quozl.us.netrek.org/