[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cybercash questions...

To: [email protected], [email protected]
Subject: Cybercash questions...
From: "David Klur" <[email protected]>
Date: Fri, 22 Dec 95 13:39:44 CST
Cc: [email protected]
Sender: [email protected]

     
     Hello,
     
     Just a few questions about Cybercash...
     
     - How is the consumer's credit card # stored on his hard drive?  
     Encrypted with the bank's public key? Or does the consumer have a 
     private key?
     
     
     - How does the merchant know where to ship the goods?  Is the merchant 
     required to ship the goods to the billing address on the cardholder's 
     credit card account?  If so, does the bank provide the merchant with 
     this info?  How is it encrypted?  Or does the customer indicate to the 
     merchant where to ship the goods?  Also, what infor does the merhcant 
     send to Cybercash, and how is it encrypted?
     
     The fraud possibility I see is that Bob could steal Alice's encrypted 
     credit card number (by sniffing when she buys something at Charlie's 
     Internet shop).  Then, without decrypting it, he could use it (still 
     encrypted) at Don's Internet shop, and ask Don to ship the goods to 
     Bob's address.  Since Don will not decrypt Alice's card number he will 
     not know that it is not Bob's card.  Cybercash will validate Alice's 
     card, but will not know that it is really Bob who is the customer.  
     Don will ship the goods to Bob, and Alice will get a fraudulent charge 
     on her bill.
     
     Am I missing something?

Follow-Ups:
- Re: Cybercash questions...
  - From: "Donald E. Eastlake 3rd" <[email protected]>

Prev by Date: Weak keys in Diamond Encryption Algorithm fixed.
Next by Date: Re: Cybercash questions...
Prev by thread: Weak keys in Diamond Encryption Algorithm fixed.
Next by thread: Re: Cybercash questions...
Index(es):
- Date
- Thread