EMV and Re: mother's maiden names...
Ed Gerck
edgerck at nma.com
Sat Jul 16 13:36:24 EDT 2005
Thanks for some private comments. What I posted is a short
summary of a number of arguments. It's not an absolute position,
or an expose' of the credit card industry. Rather, it's a wake-
up call -- The time has come to really face the issues of
information security seriously, without isolating them with
insurance at the cost of the consumers. Why? Because the
insurance model will not scale as the Internet and ecommerce
do.
In other words, "CardSystems Exposes 40 Million Identities"
as a harbinger. Now that we know more about the facts in this
recent case, expect more to come unless we begin to improve
our security paradigm.
Yes, public opinion and credit card companies can and will
force companies that process credit card data to increase
their security. However, as my comments show, how about the
"acceptable risk" concept that turns fraud into sales?
Do As I Say, Not As I Do?
By weakly fighting fraud, aren't we allowing fraud systems
to become stronger and stronger, just like any biological
threat? The parasites are also fighting for survival. We're
allowing even email to be so degraded that fax and snail
mail are now becoming atractive again.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list