The bank fraud blame game

Anne & Lynn Wheeler lynn at garlic.com
Wed Jul 4 15:39:51 EDT 2007 

R. Hirschfeld wrote:
> - differential pricing: electronic purse payments are potentially
>   cheaper to process than those of debit cards because they are
>   offline, but consumers find it more convenient to keep money in
>   their bank account than on a smart card and will likely continue to
>   do so as long as it costs no more.  (This may become less of an
>   issue if/when all vending machines and parking meters are on the
>   internet anyway.)

re:
http://www.garlic.com/~lynn/aadsm27.htm#41 The bank fraud blame game

in the mid-90s a number of US financial institutions looked at the economics
of the EU chipcard electronic purses (modulo the float issue ... which could
be made to work) the issue was that the (much more) expensive chips were
being used to offset the significantly higher PTT costs (and/or just plain
PTT availability) in Europe.

The US could deploy a magstripe authentication card for stored-value ... that
did online transactions using much of the existing online point-of-sale
infrastructure ... for significantly lower overall infrastructure costs
than the EU chip-based offline stored value. The magstripe card basically
became a "something you have" authentication mechanism. The primary trade-off
issue was that the US telecom pricing was so much lower than in Europe
(and lots of 80s & 90s design in europe was being driven by the extremely
high PTT costs and/or, in some cases, lack of PTT availability).

Note, however, the internet along with various telcom and technology changes 
around the world have contributed to significantly changing the online/offline 
economic trade-off considerations.

Independent of the online/offline economic issues ... there are some fraud
and security issues that could drive towards using chips for a more secure
"something you have" authentication device.

however, there is some lingering effects from the older high PTT costs
related to chip-based architectures ... and whether there are any residual
design features related to (originally) supporting offline operation.

Part of this could be seen in the "yes card" exploits ... where, transaction
"business rules" were left in the chip implementation (as oppsed to the chip
being purely an authentication mechanism) ... contributing to the enormous 
vulnerability increase
http://www.garlic.com/~lynn/subintegrity.html#yescard

For the float issue with regard to this class of US gift/stored-value cards 
... they are sold as "merchant" cards ... i.e. the kind of gift & stored-value cards
you see used by coffee shops, video rental, grocery stores, large department
stores, etc. Possibly, in part, because they are "merchant" cards ... as
opposed to "bank" cards ... the associated accounts and balances are
pretty far removed from any jurisdiction that might impose payment of
interest. 

misc. past posts about how the large difference in telecom costs drove different
solutions
http://www.garlic.com/~lynn/aepay11.htm#28 Solving the problem of micropayments
http://www.garlic.com/~lynn/aepay11.htm#70 Confusing Authentication and Identiification? (addenda)
http://www.garlic.com/~lynn/aadsm16.htm#12 Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)
http://www.garlic.com/~lynn/aadsm18.htm#39 Financial identity is *dangerous*? (was re: Fake companies, real money)
http://www.garlic.com/~lynn/aadsm21.htm#12 Payment Tokens
http://www.garlic.com/~lynn/aadsm6.htm#digcash IP: Re: Why we don't use digital cash
http://www.garlic.com/~lynn/2001m.html#4 Smart Card vs. Magnetic Strip Market
http://www.garlic.com/~lynn/2002c.html#22 Opinion on smartcard security requested
http://www.garlic.com/~lynn/2002c.html#23 Opinion on smartcard security requested
http://www.garlic.com/~lynn/2002d.html#41 Why?
http://www.garlic.com/~lynn/2002e.html#22 Opinion  on smartcard security requested
http://www.garlic.com/~lynn/2003h.html#54 Smartcards and devices
http://www.garlic.com/~lynn/2004j.html#39 Methods of payment
http://www.garlic.com/~lynn/2004j.html#43 Methods of payment
http://www.garlic.com/~lynn/2005g.html#34 Maximum RAM and ROM for smartcards

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list