>Anthony Baratta wrote: >What about paying less or zero (or negative)?? 0 or - declined as an invalid entry. If item is shipped, it would be apparent that price does not match before shipping. If member access site, one may disable the access. If immediate access for sw goods, a different system is available. >What about forcing you to do a ton of >charge backs, which cost you money? Well, a possibility, but that means the attacker would have to use his valid card. I would like to see the idiot that would charge his card to a limit, just to make you pay a few buck for chargebacks. I think you would be able to successfuly dispute the chargebacks in that extent. BTW, the IP trail is recorded, so even spoofing the http headers is not good enuff. As for stolen cards, I think that the thief has a better idea how to utilize it. >Your exposing you account login name - that's an >attack point. >If I know the payment system, then I can possibly use that account name >to hack to admin portions of their system and really screw things up. The login name without a valid password will get you nowhere. Dare to try? I think that VeriSign would be blowing a whistle in notime. Not that I like the guys, they are getting too big. But as the security is concerned, they are as secure as you can get.