The bank fraud blame game
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Jul 1 09:08:12 EDT 2007
"Perry E. Metzger" <perry at piermont.com> writes:
>pgut001 at cs.auckland.ac.nz (Peter Gutmann) writes:
>> (The usage model is that you do the UI portion on the PC, but
>> perform the actual transaction on the external device, which has a
>> two-line LCD display for source and destination of transaction,
>> amount, and purpose of the transaction. All communications enter
>> and leave the device encrypted, with the PC acting only as a proxy.
>> Bill of materials shouldn't be more than about $20).
>
>I've been thinking this was the way to go for years now.
Such a device was actually manufactured in Europe in the late 1990s,
unfortunately they couldn't find any bank willing to pay the cost, and it was
discontinued. Similar devices are still being made for some vertical-market
applications, but they're sold at astronomical prices.
Given that all you need for this is a glorified pocket calculator, you could
(in large enough quantities) probably get it made for < $10, provided you shot
anyone who tried to introduce product-deployment DoS mechanisms like smart
cards and EMV into the picture. Now all we need to do is figure out how to
get there from here.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list