Crazy_Fool - 12:38 am on Dec 12, 2002 (gmt 0)

>>I also think it's very rare that somebody will intercept
>>an email, but I know it's technically feasible.

criminals don't go to the trouble of "intercepting" emails as they move from one machine to another, they simply pop the mailbox or the server open to view the card details in plain text. most people use very simple passwords on their mailboxes or FTP - something they can remember very easily. they never worry about what happens with card numbers once they've arrived on the server.

it's becoming increasingly cheaper to rent a web server and set up your own web hosting business. thousands of individuals are setting up their own hosting companies without any knowledge of server maintenance and security. thousands of web servers around the world are wide open for the whole world to poke around in. criminals can and do set up .forward files in mailboxes to collect customer and card details. whenever they need a new card, they can SSH or telnet into a server and pick up todays newly collected card numbers. they can do this for months without anyone knowing.

any combination of newbie or lazy web host and SSL based e-commerce site is at fairly high risk.