The bank fraud blame game
Nicholas Bohm
nbohm at ernest.net
Mon Jul 2 07:53:04 EDT 2007
Perry E. Metzger wrote:
> Adam Shostack <adam at homeport.org> writes:
>> On Mon, Jul 02, 2007 at 01:08:12AM +1200, Peter Gutmann wrote:
>>> Given that all you need for this is a glorified pocket calculator,
>>> you could (in large enough quantities) probably get it made for <
>>> $10, provided you shot anyone who tried to introduce
>>> product-deployment DoS mechanisms like smart cards and EMV into
>>> the picture. Now all we need to do is figure out how to get there
>>> from here.
>> I'd suggest starting from the deployment, training, and help desk
>> costs. The technology is free, getting users to use it is not. I
>> helped several banks look at this stuff in the late 90s, when cost of
>> a smartcard reader was order ~25, and deployment costs were estimated
>> at $100, and help desk at $50/user/year.
>
> Of course, given the magnitude of costs of fraud, and where it may be
> heading in the near term, the $50 a year may be well spent, especially
> if it could be cut to $25 with some UI investment. It is all a
> question of whether you'd rather pay up front with the security
> apparatus or after the fact in fraud costs...
That is why efforts by banks to shift the risk to the customer are
pernicious - they distort the incentive the bank ought to have to get
the security right.
Nicholas Bohm
--
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK
Phone 01279 870285 (+44 1279 870285)
Mobile 07715 419728 (+44 7715 419728)
PGP public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list