The bank fraud blame game

Anne & Lynn Wheeler lynn at garlic.com
Sun Jul 1 12:06:45 EDT 2007 

re:
http://www.garlic.com/~lynn/aadsm27.htm#31 The bank fraud blame game

slight addendas ...

1) EU finread
http://www.garlic.com/~lynn/subintegrity.html#finread
http://www.garlic.com/~lynn/subintegrity.html#assurance

one of the issues that we looked at early on in x9.59 standard ... somewhat related
to the EU finread ... was what proof did the financial institution have as to the 
integrity of the originating end-point (for doing risk assessment purposes). With
this motivation, X9.59 standard allowed for multiple digital signatures ... which
could include device authentication for finread-like devices (giving some assurance
as to the integrity of the originating end-point)

2) liability

there appears to be a lot more motivation for improving assurance in the online
banking scenario ... say, as opposed to e-commerce and retail payments. in the
e-commerce and retail payments ... financial institutions can charge off a lot
of fraud to the merchants (buried in things like interchange fees). in the online
banking scenario, merchants aren't part of the scene ... just leaving the consumer
and the financial institutions as the responsible parties.

....

misc. recent financial news items ...

Police arrest three suspects in credit card investigation (fraud)
http://www.redlandsdailyfacts.com/news/ci_6262066
ACH Fraud: Clearing House Aims To Clean House
http://www.banktechnews.com/article.html?id=200706260ZQVU91V
Mobile wallets to replace payment cards - report
http://www.finextra.com/fullstory.asp?id=17116
Debit Scam used 'parasite' pin pads
http://www.canada.com/vancouversun/story.html?id=773122d5-556f-4b50-87bc-2dc2ad205126&k=24040
Shoppers 'easy prey' for debit card fraud
http://www.canada.com/vancouversun/news/story.html?id=8e460eed-1bab-4848-9f4c-eefbaecc5ab8

... 

in the early aads chip strawman (from the 90s)
http://www.garlic.com/~lynn/x959.html#aads

form-factor agnostic in user "owned" pda/cellphone were countermeasure
to foreign, unfamiliar POS-terminals that possibly were compromised
(i.e. paranoid consumers could have some responsible control over
their own devices ... as opposed to POS-terminals at random merchants)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list