Web Security and Commerce
by Simson Garfinkel with Gene Spafford


Unconfirmed error reports are from readers.  They have not yet been 
approved or disproved by the author or editor and represent solely the
opinion of the reader.


Here's a key to the markup:

        [page-number]: serious technical mistake
        {page-number}: minor technical mistake
        <page-number>: important language/formatting problem
        (page-number): language change or minor formatting problem
        ?page-number?: reader question or request for clarification

This page was updated October 3, 2000.



UNCONFIRMED errors and comments from readers:


[19] 3rd bullet point (or 5th paragraph):
(I am quoting from "June 1997: First Edition".)

The heading for the bullet list is (2nd paragraph):

	"Likewise, the merchant faces real risks as well:"

The bullet point in question reads in full (3rd bullet):

	"Sonia might be Jason, a 14-year-old computer prankster 
	who has stolen Sonia's credit card number and is using it 
	illegally to improve his CD collection."

The "error" is that this would be a problem for the bank (or financial 
institution) that issued the credit card - not a problem for the merchant 
(barring negligence on the part of the merchant, which wouuld be a separate 
issue).

In fact, on the previous page (p.18), it says in the first line:

	"...If a credit card merchant gets a credit card approved 
	and ships out a CD, the bank is obligated to pay the merchant 
	for the charge, even if the credit card is reported stolen 
	later that day."

Thus, the risk is the bank's and not the merchant's.