Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[802SEC] Re: 802all: URGENT - More Tips on Using Web Registration !!!

To: <802info@ieee.org>, "802 ALL" <stds-802-all@majordomo.ieee.org>
Subject: [802SEC] Re: 802all: URGENT - More Tips on Using Web Registration !!!
From: "Ivan Reede" <i_reede@amerisys.com>
Date: Fri, 15 Jun 2001 08:41:41 -0400
Cc: "802 Exec" <stds-802-sec@ieee.org>
Organization: AmeriSys Inc.
References: <7971F8E10FC92A4A8843153152E62CF9086EF020@xch-nw-12.nw.nos.boeing.com>
Reply-To: "Ivan Reede" <i_reede@amerisys.com>
Sender: owner-stds-802-sec@majordomo.ieee.org


Hello to all,

I think we should start a public discussion on the topic of this Verisign
mechanism

Although it may be convienet for the agency who processes our credit card
info to have us "do it ourselfs", I think this is a major step backwards in
quality of service. I for one find it objectionable that we MUST have our
credit card info circulate over the internet. In some conuntries, it is
mandatro for ISP's to store records of data travelling from your PC to other
machines on the internet. This means that although maybe encrypted, an audit
trail of your data can end up in an endless trace route. If anyone in one of
those "router" services is dihonest, you may end up in trouble. For most
countries, fraud made on your credit card based on data collected on the
internet is solely at your own risk! And the standard fraud liability limits
may not apply.

Buz, I think we need to put an end to this now. Your staement below clearly
states that although you may be accomodating people for this time around
that you are intened in  making credit card apyment over the internet
compulsary! We need to keep the possibility of "card on file" or
pre-reistering without penality by paying our registration on site.
Undersatnd that I am not saying registering on site without penalty but
paying pre-registration on site or by "card on file" without penalty should
be an option. I appreciate your efforts to mechanise things. I think there
are places where mechanisation is great. I think this is NOT one of them.
There are ways to make this mechaism voluntary instead of compulsary.

We, out of all people, know that TCP/IP communications are not very secure,
no matter how you may try to make us beleive they are. I also know that many
"forms" submitted over the internat are logged, recorded and archived by ISP
routers for legal audit trail reasons. There is no real control of who
accesses those logs within most ISPs.

People, this is a democratic group.

I would like to hear the voice of "the people" on this topic.

How many of you appreciate being cohersed into a form of payment over the
internet without choice and with penalties if you don't use it.

How many of you appreciate having your credit card data, personnal address,
etc... being given to a third party without specific knowledge of what the
third party may do with this information and whithout control over to whom
they may sell it to?

Just an opinion,

Ivan Reede

======================================


----- Original Message -----
From: "Rigsbee, Everett O" <Everett.Rigsbee@PSS.Boeing.com>
To: "802 ALL" <stds-802-all@majordomo.ieee.org>
Cc: "802 Exec" <stds-802-sec@ieee.org>
Sent: Thursday, June 14, 2001 6:57 PM
Subject: 802all: URGENT - More Tips on Using Web Registration !!!


>
> ATTENTION:  All IEEE 802 Attendees !!!
>
> WARNING !!!   Some additional important Information for Web Registration
Users:
>
> * All Credit Card numbers must be entered with NO embedded spaces or
dashes,
> e.g.  NNNNNNNNNNNNNNNN  for VISA, M/C, or Discover, and
>         NNNNNNNNNNNNNNN     for AMEX
> or you receive the generic "Transaction Declined" message which provides
no guidance
> on the reason for failure !!!  This is especially a problem for AMEX card
users, since the
> the number with spaces or dashes will fit in the field (not true for the
other cards) but
> the transaction is always declined for invalid account number.
>
> I have requested that VeriSign fix this problem by removing the spaces or
dashes before they
> test the account number, or at least provide a caption on their form,
which collects the CC info,
> to warn of this requirement, and they have indicated that they will look
into it, but that may take
> some time. So for now you just have to remember:  NO DASHES or SPACES for
CC#'s, only digits.
>
> We do recognize that the generic "Transaction Declined" message is
confusing because it indicates
> several possibilities, which may or may not apply.  Please be assured that
our system does not
> attempt to verify addresses or ZIP codes with the ones which the credit
card company has on file.
> That is NOT the reason your transaction was declined !!!
>
> * NO  Ampersand's (i.e. "&") Are Allowed !!!  I have learned that VeriSign
chose to use
> the "&" character as their field delimiter, so they will not permit an "&"
to appear in any
> entered field. Suggested work-around is to use the word "and" instead.  (I
know, I know;
> this would be simple to fix with an escape sequence or quoting convention,
but they
> seem unwilling to consider doing that at present.
>
> Some Additional User Tips:
>
> * International Phone Numbers:  the VeriSign field checker does not allow
a "+" (i.e. Plus
> Sign) in front of the Country Code, even though it IS the most common
convention.  They
> are apparently working on a fix for this, but suggest that in the meantime
that you may
> use a "-" (i.e. a Minus Sign/Hyphen) instead.
>
> * The "State" field has now been made optional to alleviate difficulties
for some of our
> International attendees whose countries don't have states.  If we restore
the mandatory
> requirement in the future, we will include the instruction to enter "NA"
if the field is "not
> applicable for your country".
>
> * There is no provision for a "Credit Card On-File" any more.  Keeping
credit card info
> on file is too much of a potential liability.  We only resorted to that
option because we
> did not have a secure method for processing payments.  Now that we have a
secure
> (encrypted) payment mechanism we will no longer store credit card
information.
>
> * The processing for your charge is now IMMEDIATE (within 24 hours of
approval).
>
> We're very sorry about the start-up problems but we hope to continue
improving as we
> gain more experience.  Please bear with us, and if you experience or spot
a problem,
> please let us know ASAP.  Thank-you for your patience and cooperation.
:-)
>
>
> Thanx,  Buzz
> Dr. Everett O. (Buzz) Rigsbee
> Boeing - SSG
> PO Box 3707, M/S: 7M-FM
> Seattle, WA  98324-2207
> (425) 865-2443    Fx: (425) 865-6721
> everett.o.rigsbee@boeing.com
>
>
> TO REMOVE YOURSELF FROM THIS LIST:
> Send an email message with no subject to:
>
> majordomo@majordomo.ieee.org
>
> and put as the first 2 lines of the message the following:
>
> unsubscribe  stds-802-all  <your-email-address>
> end
>

References:
- [802SEC] URGENT - More Tips on Using Web Registration !!!
  - From: "Rigsbee, Everett O" <Everett.Rigsbee@PSS.Boeing.com>

Prev by Date: WPAN/ RE: WLAN/ Agenda for July Meeting
Next by Date: [802SEC] Fwd: P802.1X Approval Notification
Prev by thread: [802SEC] URGENT - More Tips on Using Web Registration !!!
Next by thread: [802SEC] SEC meeting is re-scheduled for 3pm-7pm Friday July 13th
Index(es):
- Date
- Thread