[Cryptography] Paper check security

Arnold Reinhold agr at me.com
Fri Oct 2 17:21:19 EDT 2015


> On Oct 2, 2015, at 4:46 PM, Thierry Moreau <thierry.moreau at connotech.com> wrote:
> 
> On 10/02/15 18:44, Arnold Reinhold wrote:
>> 
>>> On Oct 1, 2015, at 8:52 PM, John Levine <johnl at iecc.com> wrote:
>>> 
>> [crypto-relavance on]
>> 
>> But if the software that people use to print their own checks added a scan-surviving cryptographic signature that included the core information (bank routing, account number, check number, date, payee, amount and whatever I’ve left out), then I argue a plain paper inkjet check would be more secure than one printed on a fancy form but without the cryptographic signature.  Note that unlike a lot of cryptographic proposals, this would be easy to implement and would not require any time-consuming standards making process to get started. One software vendor, e.g. Quicken, could pick a format and start using it. Banks would ignore of course, at least until sufficient customer demand emerged. A simple app could be used to verify the sig.  If a different standard emerges later, it can be used on new checks without need for backward compatibility.
>> 
> 
> So you suggest a PKI. I.e. as a check / digital signatory, I expect every candidate depository financial institution to act as a relying party for my digital signature. Maybe a certification authority in between?
> 


In the use case where banks or check printers authenticate each check as unique, there wouldn’t seem to be much of a PKI needed. One could get the public key to verify checks from the bank’s web site perhaps verifying the bank’s electronic signature via a CA. Individuals printing checks would need to register their public key, a service the company that makes the check writing software might offer. I don’t expect the banks to verify the signatures at first. A few banks might make arrangements with the check writing software company to offer the full service as a way to capture new customers.. The end game is just strong electronic fund transfer with data transmitted by machine readable paper or images instead of a digital electronic communication network. Isn’t that is what checks have become anyway, but with weak security?

Arnold Reinhold



More information about the cryptography mailing list