[9473] in cryptography@c2.net mail archive
Re: [FYI] Did Encryption Empower These Terrorists?
daemon@ATHENA.MIT.EDU (Bill Frantz)
Mon Sep 24 18:07:37 2001
Message-Id: <v03110706b7d555f61a45@[165.247.220.34]>
In-Reply-To: <OF1582D642.1090B296-ON87256AD1.005D060B@LocalDomain>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 24 Sep 2001 14:31:47 -0700
To: lynn.wheeler@firstdata.com, Ben Laurie <ben@algroup.co.uk>
From: Bill Frantz <frantz@pwpconsult.com>
Cc: cryptography@wasabisystems.com
At 10:11 AM -0700 9/24/01, lynn.wheeler@firstdata.com wrote:
>as mentioned in the various previous references ... what is at risk ...
>effectively proportional to the aggregate of the account credit limits ...
>for all accounts that happened to have been stored in any account master
>file ... is significantly larger than any particular merchant may have
>directly at risk because of a security breach. in the "security
>proportional to risk" theory .... the entity that has the risk should have
>control over the security measures, those security measures should be
>proportional to what they have at risk, and the cost of those security
>measures should also be proportional to the risk.
It seems to me that because of the $50 liability limit under US law, most
of the risk is carried by the credit card issuers. They are also in a
position to require proper security by contract with the merchant.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | The principal effect of| Periwinkle -- Consulting
(408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz@pwpconsult.com | fair use. | Los Gatos, CA 95032, USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
