[FYI] Did Encryption Empower These Terrorists?
Dan Geer
geer at world.std.com
Sun Sep 30 16:07:14 EDT 2001
> It seems to me that because of the $50 liability limit under US
> law, most of the risk is carried by the credit card issuers. They
> are also in a position to require proper security by contract with
> the merchant.
The $50 limit (Reg Z) is explicitly and precisely intended
to move the risk to those most able to bear it, albeit with
the significant goal of thereby reducing reluctance on the
part of the customer community at large to use credit cards
where they might naturally have used cash. Putting it
differently, the risk management trade-off is that the
increased volume of fees due to freer customer use of credit
cards exceeds the fraud loss under modern surveillance methods
of deterring fraud. Figure 50-80 basis points for fraud for
the major card associations; figure 3x that for customer service
as something to compare to.
--dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list