[FYI] Did Encryption Empower These Terrorists?

Enzo Michelangeli em at who.net
Tue Sep 25 09:45:19 EDT 2001


----- Original Message -----
From: "Steven M. Bellovin" <smb at research.att.com>
To: "Bill Frantz" <frantz at pwpconsult.com>
Cc: <lynn.wheeler at firstdata.com>; "Ben Laurie" <ben at algroup.co.uk>;
<cryptography at wasabisystems.com>
Sent: Tuesday, September 25, 2001 6:31 AM
Subject: Re: [FYI] Did Encryption Empower These Terrorists?


> In message <v03110706b7d555f61a45@[165.247.220.34]>, Bill Frantz writes:
[...]
> >It seems to me that because of the $50 liability limit under US law, most
> >of the risk is carried by the credit card issuers.  They are also in a
> >position to require proper security by contract with the merchant.
> >
>
> Actually, I believe it's by the merchants.  Internet transactions
> generally count as "card not present" transactions, which means that
> the merchants take the risk.

That's correct, and it's the main rationale behind initiatives like Visa's
3D Secure: an attempt to introduce stronger cardholder authentication, so
that the liability for chargebacks may be shifted back to the issuer.

This is actually the second attempt at solving this problem: offering
chargeback protection to merchants was the main attraction of SET, and
merchants and their acquiring banks were also ready to pay for it. However,
it was so inconvenient for the cardholders that they avoided SET-enabled
e-tailers like the plague...

Enzo





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list