[Cryptography] Toxic Combination

Anne & Lynn Wheeler lynn at garlic.com
Wed Dec 10 22:05:27 EST 2014 

On 12/10/14 17:31, Bill Frantz wrote:
> In explanation, I offer "Frantz's law": No security protocol will achieve wide adoption
>  unless it includes a revenue model which someone can use to build a business.
> In explanation for why we have CAs, I offer "Frantz's law": No security protocol will
> achieve wide adoption unless it includes a revenue model which someone can use to build a business.
>
> We can go back to Machiavelli' observation that to introduce a new way of doing things
> requires a strong supporter to overcome the inertia and hostility of all the people doing it
> the old way. The profit motive generates strong supporters.

it can be more than inertia ... there can significant financial interests in existing
status quo ... prospect of any significant disruption can be extremely threatening to
those financial interests.

interchange fees (electronic payment transaction fees paid by merchants to financial
institutions) have been heavily prorated for associated fraud rates.

Circa 2000-2001, there were a number of internet "safe payment" products pitched to the
major ecommerce operations (accounting for something like 70-80% of transactions)
which saw high acceptance ... they were anticipating something like 90% reduction
in the interchange fees they were paying (merchants have been indoctrinated for
decades about interchange fees heavily prorated by associated fraud rates ... with
internet originally falling into CNP/MOTO category).

Then the cognitive dissonance sets in ... the merchants were told that use of "safe
payment" products ... rather than 90% reduction in the interchange fees, there
would effectively be a surcharge on top of the highest rate they were already paying
.... and they all collapse.

2006 there was followup analysis that payment fees account for less than 10% of
EU financial institution bottom line ... while it runs 40-60% of the bottom line
for US financial institutions ... a 90% hit would be enormous financial disincentive.

-- 
virtualization experience starting Jan1968, online at home since Mar1970

More information about the cryptography mailing list