This is one of my biggest bugbears when it comes to getting information from someone about the security facilities that are in a system. They comment that the system is secure wave, wave, there’s no chance of somebody defeating the security wave, wave, no-one would try to break in wave wave. It’s silly to assume that because you’re dealing with money that nobody would be interested in your system.
I suspect that paypal have had to deal with substantial issues in their tenure as the de-facto e-money system on the internet; Mind you I think that Second Life, with their exchangable Lindens are some form of competition to this (not serious yet).
A statement such as ‘this is secure’ needs to be backed up with proof.
When you perform secure internet transactions the communications take place over an encrypted channel. These security measures are built into the web browser. When a website tries to communicate with you it hands over a digital certificate that says ‘this site is www.foo.com’ and ‘this authority’ assert that I am who I claim to be. Several checks are made. 1. is the site www.foo.com? 2. is the authority ‘this authority’ an authority that is trusted by the browser? 3. Is the certificate ‘in date’? If all is found to be in order then the assertion that the site is ‘www.foo.com’ is to some degree established. That’s it, the only thing you know at that point is that the website is called ‘www.foo.com’.
If you’re trying to go to ‘www.f00.com’ then you’re in a bit of trouble here, though!
More thoughts later, I need to get some lunch.
If it wasn't for carbon-14, I wouldn't date at all