I buy a lot of books over the Internet, where many dealers have a
practice of asking Credit Card details to be emailed to them in two
tranches; and some specifically ask for the second to be emailed after
a delay of at least 20 minutes.

I have never had any problem.

Is it perceived to be more secure than using a 'Secure Server' or
faxing?

---

Clarification of Question by probonopublico-ga on 09 Aug 2003 22:14 PDT

OK ... I'm giving up on this one.

But many thank for your comments.

Hello.

I am not a security expert, but my somewhat lay understanding is that
any e-mail has the potential for being intercepted and read.  The
information is 'not' encrypted. Of the millions (maybe billions) of
emails being sent each day, the chances of an email with a (partial)
credit card number being intercepted is tiny. The chances of someone
intercepting the second email (with the rest of the number) is even
smaller.

Theoretically, it is possible for one to get a whole credit card
number transmitted by two emails, but the risk is 'very, very' low.

Generally speaking, a merchant accepting credit card payments on a
'secure server' uses an encryption technology (SSL) that is
near-impossible to break.  This is what the encrypted information
looks like as its traveling over the Net.

Actual Encrypted Credit Card Information:
qANQR1DBwU4DxF4+wUvEJdcQCAC94QP1cNm/1pJqr0TeW+5Kpt61U7Bia4kVBbdp
XltinKyFpn+CVvDhOpWKqyNLkaZwN9HNOleA7k40TNMkuWl9TRm890SmCp03wcPk
EKKaNDQ4j8alJeIiaEycjfER/TwKWlbnr/pt5Qjpd+lwK6vnOVZzG9O132iqdZXU
EfxT6E

This information typically remains encrypted even while on a secure
server, so in the unlikely event that a hacker 'breaks in,' all they
would find is a bunch of goobledee-gook.

I imagine the reason why these merchants are asking for the credit
card number via e-mail is because they don't have the financial
resources to afford secure credit card processing.  It costs money, ya
know. =)

In short, you're probably relatively safe using this practice, but I'd
be interested in hearing horror stories from others who disprove my
understanding.  I suppose anything is possible.

Don't have an opinion on the security of faxing.

Hope this information helps.

If by two traunches you mean two emails, then it would be more secure
than sending the details all in one email. It would not be more secure
however than using a "secure server".

Faxing/Emailing probably has the same security, because the person
would need to somehow tap into the line between you and the
destination to obtain the credit card number. While a fax line may be
harder to tap into, the billions of emails that are sent also gives
you security, and splitting up your credit card info into two emails
is a great idea. I agree with respree that the chance of intercepting
both is very tiny, unless someone had planted a trojan/virus on your
computer or on the vendors computer.

If the stores have the option of using a secure https:// server, you
should use that method because it is safer. If not, just remember that
if your credit card number ever is used by someone else, you will only
be responsible for the first $50 or so that is spent, the rest of it
will be covered by your credit card company.

tisme-ga

Hi, Respree & Tisme

Many thanks for your comments.

Much appreciated!

Regards

Bryan