[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: All our eggs in one basket?
Some of Jim's points can be addressed with existing protocols. When
the bank sends you cash which you have withdrawn they would want to send
it in such a way that they get a return receipt from you. That way they
can prove you have received it. Schneier's book describes such a
"digital certified mail" protocol in section 6.3 of his book, but it
looks like it uses a lot of data. More concise implementations may
exist.
Other forms of cheating could be imagined. I could send cash to a
company, and they could refuse to send me goods, but claim that they
had done so. Or I could receive goods from a company, but claim that
they never arrived. These could also be addressed with certified mail,
either paper or digital, depending on whether the goods are physical or
electronic.
In an online system, the bank could refuse to accept a cash deposit, even
though it was valid cash, claiming that it had already been deposited.
To prevent this, the bank would have to record who made each deposit in
the past and stand ready to reveal this information. A merchant could
collude with the bank to provide forged deposit records to help with
this scam.
I don't see how to solve this one, but if it were done on a large scale
people might become suspicious about the excess of apparent double-spending
via a small number of merchants. The bank's reputation would suffer, as
long as people found out about it. Perhaps customers should demand that
banks publish statistics about (apparent) double-spending in order to
detect this scam.
Hal Finney
[email protected]