[15758] in cryptography@c2.net mail archive
Re: Using crypto against Phishing, Spoofing and Spamming...
daemon@ATHENA.MIT.EDU (Rich Salz)
Thu Jul 15 10:38:18 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 15 Jul 2004 08:42:39 -0400 (EDT)
From: Rich Salz <rsalz@datapower.com>
To: Hal Finney <hal@finney.org>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <20040707164023.C24D757E2A@finney.org>
> SET failed due to the complexity of distributing the software and setting
> up the credentials. I think another reason was the go-fast atmosphere of
> the late 90s, where no one wanted to slow down the growth of ecommerce.
> The path of least resistance was simply to bring across the old way of
> authorizing transactions by card number.
I think your other reason was in fact the primary reason. And, of course,
the primary enablers of the go-fast approach were, in fact, the very same
credit card companies. They made a conscious business decision to treat
online transactions the same as conventional transactions -- I forget the
details, but it was pretty risk-free for a merchant to do online credit
cards, getting low surchage rates. That, coupled with the US law that
limited consumer liability to $50, made CCard-over-SSL a no-brainer over
SET.
>From a consumer viewpoint, CC/SSL is more secure then SET ever was. Since
it wasn't a CCard transacdtion, my liability under SET was unlimited (at
least until Congress caught up to the technology). Looking at the risk
management aspect, SET was a big loser for the customer.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
