The bank fraud blame game

Anne & Lynn Wheeler lynn at garlic.com
Tue Jul 3 12:29:19 EDT 2007


Adam Shostack wrote:
> It may be, indeed.  You're going (as Lynn pointed out in another post)
> to be fighting an uphill battle against the last attempts.  I don't
> think smartcards (per se) are the answer.  What you really need is
> something like a palm pilot, with screen and input and a reasonably
> trustworthy OS, along with (as you say) the appropriate UI investment.

given the recognition of the serial port issues from the earlier, dial-in
online banking ... providing a strong motivation to transfer responsibility
for all such problems to ISPs (under the guise of moving to the internet)
http://www.garlic.com/~lynn/aadsm27.htm#35 The bank fraud blame game

that even the transfer of a little bit of institutional knowledge would
have enabled the avoidance of later smartcard reader deployment disasters
http://www.garlic.com/~lynn/aadsm27.htm#34 The bank fraud blame game

However, following some of the early "yes card" deployments
http://www.garlic.com/~lynn/subintegrity.html#yescard

it appeared to be more of a case where smartcard organizations were
very narrowly focused on purely smartcard issues and ignoring 
everything else.

that aspect was highlighted in an early presentation about circumstances
surrounding the "yes card" ... and there was a somewhat
uncontrolled comment from somebody in the audience "do you mean to say 
that they managed to spend a  billion dollars to prove that chips are 
less secure than magstripes".

misc. old posts/threads mentioning the pc/sc serial port issue & smartcard
reader deployment disasters
http://www.garlic.com/~lynn/aadsm23.htm#43 Spring is here - that means Pressed Flowers
http://www.garlic.com/~lynn/aadsm23.htm#50 Status of SRP
http://www.garlic.com/~lynn/2002m.html#37 Convenient and secure eCommerce using POWF
http://www.garlic.com/~lynn/2002m.html#39 Convenient and secure eCommerce using POWF

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list