Lack of fraud reporting paths considered harmful.
Perry E. Metzger
perry at piermont.com
Mon Jan 28 07:12:03 EST 2008
"James A. Donald" <jamesd at echeque.com> writes:
> Perry E. Metzger wrote:
>> The call-the-customer-and-reissue mechanism is a
>> mediocre solution to the fraud problem, but it is the
>> one we have these days.
>
> Why is it a mediocre solution?
>
> The credit card number is a widely shared secret. It
> has been known for centuries that widely shared secrets
> have a short life expectancy and should be frequently
> re-issued.
>
> The only better solution is unshared secrets. Is that
> what you had in mind?
Naturally. However, given what we have now, reissue is the only
reasonable option.
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list