[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mondex
At 11:02 AM 12/6/96 -0500, you wrote:
>Can anyone briefly discuss the anonymity features (or lack thereof) for
>Mondex?
The following information is gleaned from Seth Grodin's "Presenting Digital
Cash" (Sams.net Publishing 1995), the British Environmental Health and
Trading Standards' response to Simon Davies' false advertising claim against
Mondex, The FAQ page of Mondex's web site, and Tim Jones' testimony before
the U.S. House of Representatives.
Each card is uniquely identified, and the id of the card is linked at the
issuing bank with the identity of the card holder.
According to Grodin, each card has 3 logs, the transaction log (recording
the recipient, date, and amount of the last ten transactions), a pending log
of current transaction process, and an exception log recording "unsuccessful
transactions". When the exception log is filled, card is disabled.
Traders' tills retain the last 300 transactions as card number, value and
date. (Presumably this log info can be offloaded to another devise after
every 300 transactions, so the merchant's log can be limitless in size.)
Tills record the card's identity, not the user's identity. However, banks
have access (I'm not sure by what mechanism) to the till logs, and can then
link transactions to card holders (or at least to the individual to whom
they have issued the card - whether or not this is the person actually using
the card.)
Mondex touts their system's ability to monitor aggregate monetary flow,
presumably through monitoring merchants' tills. (Jones to House of Reps:
"Retailer's terminals and bank cashpoints provide many opportunities for
Mondex to capture transaction data and patterns of behaviour which can be
analysed to give warning of suspicious circumstances.")
In addition to aggregate data, there is also some mechanism for isolating
unusual activity on a particular card. (Jones to House of Reps: "In
addition, Mondex transactions can be assessed automatically against
threshold parameters, derived from past experience. Discovery that a
transaction exceeded such thresholds can raise a warning, which can enable a
member bank to disable or lock the card if desired.") I don't know how this
is supposed to work, but I suppose it could be linked to the exception log
on each card, which may record anomalous transactions as well as
unsuccessful ones.
Banks have the option of issuing cards which require on-line authorization
for transactions (or, I imagine, for transactions above a certain threshold
or meeting some other sort of criteria.)
Much of the monitoring capacity seems to depend on communication between
merchant tills and banks, or through auditing of individual deposits and
withdrawals at the bank. (Jones to House of Reps: "Suspicions can be
aroused, for instance, by regular or frequent value redemption from
particular 'unexplained' sources, by a high average of redemptions relative
to the card limit (for example, an individual's card behaving as if it was
handling the amounts appropriate to a shopkeeper's card) or single large
redemptions from an unusual location.") But apparently value can also be
transferred between consumer wallets, and I don't know how that is monitored.
I'm eager to learn anything more about this.
djp