[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL challenge -- broken !

To: [email protected]
Subject: Re: SSL challenge -- broken !
From: Pierre Uszynski <[email protected]>
Date: Fri, 18 Aug 1995 09:03:58 -0700
Sender: [email protected]

Jordan ([email protected]) attempts to correct me ;-)

> >  From [email protected] Thu Aug 17 18:29:41 1995
> >
> >  Unfortunately, in this case, insecure credit cards are not an
> >  obstacle to banks making money, so why should they care?
>
> [...] if you think that the major card issuers "don't care" about
> cutting (or eliminating) fraud, you're not talking to the right
> people.  Fraud eats away a big chunk of revenue [...]

Creative quoting aside, the point of my post, if it needs further
clarification, was that the cost of fraud is not only a burden to
the banks as some people seem to think. It is not even only transmitted
back to the customers in the form of higher fees and interest rates.

Card issuers can, do, and should as long as they can get away with it,
rely on methods against fraud that are less costly to them. That's
because they answer to their bottom line, to their share holders.
There are disincentives to fraud in the form of legal penalties and
threat of same, even the impression that credit cards are insecure may
help by limiting what (some) people dare to do with them. The costs of
these methods of fighting fraud is carried in part even by us who don't
even usually use credit cards! The highest the penalties and cost of
enforcement, the lowest the direct burden on banks, but that does not
necessarily mean that our (user's) bottom line will improve.

For citizens and tax payers who are not significant share holders, it's
not enough to ask the card issuers what the cost of card insecurity is
to them. "Our cost is higher."

By making some credit card fraud illegal, enforcing, etc... we actually
allow card issuers to use less secure mechanisms and procedures
(although I'll agree this does not apply to the 40 bit key nonsense,
that's one case where banks and businesses would be happy to use longer
keys.) (the equivalent mis-quote about politicians applies here :-)

Pierre.
[email protected]
(And I will not contribute further to this side thread.)

Prev by Date: Re: Export policy change
Next by Date: Re: Where is the key cracking farming software?
Prev by thread: Re: SSL challenge -- broken !
Next by thread: Re: SSL challenge -- broken !
Index(es):
- Date
- Thread