[FYI] Did Encryption Empower These Terrorists?

lynn.wheeler at firstdata.com lynn.wheeler at firstdata.com
Thu Sep 27 09:24:36 EDT 2001 

I'm not sure I understand. A lot of the association credit regs have to do
with establishing consumer confidence & trust when dealing with totally
unknown merchants. Disputes/chargebacks can be more than "I didn't perform
that transaction" (mostly because it is so easy to execute
non-authenticated fraudulent transactions) ... there are a whole variety of
disputes/chargebacks having to do with non-delivery &/or non-performance
... i.e. even in credit card & card holder present situations;  In fact,
there is the whole scenerio referenced previously where airline tickets are
bought with a credit card and the airline goes bankrupt ... the acquiring
bank is then liable.
http://www.garlic.com/~lynn/aadsm6.htm#terror9

even with authenticated transactions there are still some aspects of
MOTO-transaction reg (mail-order, telephone-order) that could still apply
... for instance, in the case of hardgoods, your account is not to be
billed until goods are actually shipped. there is still the scenerio that
goods never shipped.

if disputes/chargebacks were to be totally eliminated for authenticated
transactions then (x9.59) credit & debit would really be put on a totally
level playing field ... also discussion
http://www.garlic.com/~lynn/aadsm6.htm#terror9

note that there are some basic security 101 principles that can be applied
here  ... as done by X9.59 ... whenever there isn't end-to-end continuous
security & end-to-end continuous, seemliess authentication (say when it is
split into multiple different operations and transactions and not a single
seemless operation) then there are bound to be gaps & cracks in the
security .... into which fraud can creep ....




"Enzo Michlangeli" <em at who.net> on 9/26/2001 5:26 PM wrote:

That's 3D Secure's job (see above). Once the issuer has authenticated the
cardholder, neither merchant nor acquirer can be held responsible for
chargebacks: the issuer pays, and then deals with its cardholder as it
deems
fit. (If you want my opinion, the very reason why Visa developed 3D Secure
is that they are sick of being involved in the dispute resolution process).







---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list