[fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

[Travis H.]

> If you have
> to be that confident in your computer security to use the payment
> system, it's not going to have many clients.

Maybe the trusted computing platform (palladium) may have something to
offer after all, namely enabling naive users to use services that
require confidence in their own security.  One could argue it's like
going to a Vegas casino; software vendors (MS *cough* MS) probably
won't cheat you in such a system because they don't have to; the odds
are in their favor already.  The whole system is designed to assure
they get paid, and they have a lot to lose (confidence in the
platform) by cheating you (at least in ways that can be detected). 
And since you won't be able to do anything to compromise the security,
you can't screw it up.
While I wouldn't see an advantage in that, I might recommend it for my
grandmother.

More on topic, I recently heard about a scam involving differential
reversibility between two remote payment systems.  The fraudster sends
you an email asking you to make a Western Union payment to a third
party, and deposits the requested amount plus a bonus for you using
paypal.  The victim makes the irreversible payment using Western
Union, and later finds out the credit card used to make the paypal
payment was stolen when paypal reverses the transaction, leaving the
victim short.
--
http://www.lightconsulting.com/~travis/  -><-
"We already have enough fast, insecure systems." -- Schneier & Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com