Cookies could lead to credit card fraud, claims Novell chief

A former Silicon Valley deputy district attorney has hit back at claims by Eric Schmidt, Novell's chief executive, that computer cookies could lead to credit card fraud over the Internet.

During his keynote speech at last week's Business Week Digital Economy Conference in San Francisco, Schmidt admitted that he had fallen victim to credit card fraud himself, and claimed the fraudster may have obtained his credit card information through cookies.

But Paul Wasserman, who has prosecuted cases of theft, fraud and eavesdropping over the Web, slammed Schmidt's comments as "ill informed, disingenuous and just plain silly".

A cookie is a small piece of information that an HTTP server sends to users' browsers when they connect to it for the first time so that it remembers them during subsequent visits. The technology is often used for marketing purposes, but Schmidt argues that cookies are dangerous and could threaten user privacy if they are abused.

Because sites are able to monitor their users due to what Schmidt terms "the little droppings you leave behind", a fraudster can intercept cookies and fool the sites into believing that their transactions are being made by a legitimate credit card holder. He added that although his personal credit card liability was only $50, it was far higher for the credit card company.

A spokesperson for Schmidt also maintained that cookies posed security risks and said that the industry must move beyond them to find a better way of managing personal information.

But Wasserman argued that cookies were safe because they do not hold credit card numbers. "There's absolutely nothing safer than buying something with a credit card over the Internet - it's vastly more secure than the last restaurant meal Schmidt bought with his Visa or Mastercard," he attested.