The bank fraud blame game

Nicholas Bohm nbohm at ernest.net
Mon Jul 2 07:53:04 EDT 2007


Perry E. Metzger wrote:
> Adam Shostack <adam at homeport.org> writes:
>> On Mon, Jul 02, 2007 at 01:08:12AM +1200, Peter Gutmann wrote:
>>> Given that all you need for this is a glorified pocket calculator,
>>> you could (in large enough quantities) probably get it made for <
>>> $10, provided you shot anyone who tried to introduce
>>> product-deployment DoS mechanisms like smart cards and EMV into
>>> the picture.  Now all we need to do is figure out how to get there
>>> from here.
>> I'd suggest starting from the deployment, training, and help desk
>> costs.  The technology is free, getting users to use it is not.  I
>> helped several banks look at this stuff in the late 90s, when cost of
>> a smartcard reader was order ~25, and deployment costs were estimated
>> at $100, and help desk at $50/user/year.
> 
> Of course, given the magnitude of costs of fraud, and where it may be
> heading in the near term, the $50 a year may be well spent, especially
> if it could be cut to $25 with some UI investment. It is all a
> question of whether you'd rather pay up front with the security
> apparatus or after the fact in fraud costs...

That is why efforts by banks to shift the risk to the customer are
pernicious - they distort the incentive the bank ought to have to get
the security right.

Nicholas Bohm
-- 
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK

Phone  01279 870285    (+44 1279 870285)
Mobile  07715 419728    (+44 7715 419728)

PGP public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list