[9482] in cryptography@c2.net mail archive
Re: [FYI] Did Encryption Empower These Terrorists?
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Tue Sep 25 12:04:04 2001
Message-ID: <019701c145c8$5596b380$0200000a@fechk.local>
Reply-To: "Enzo Michelangeli" <em@em.no-ip.com>
From: "Enzo Michelangeli" <em@who.net>
To: "Steven M. Bellovin" <smb@research.att.com>,
"Bill Frantz" <frantz@pwpconsult.com>
Cc: <lynn.wheeler@firstdata.com>, "Ben Laurie" <ben@algroup.co.uk>,
<cryptography@wasabisystems.com>
Date: Tue, 25 Sep 2001 21:45:19 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
----- Original Message -----
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Bill Frantz" <frantz@pwpconsult.com>
Cc: <lynn.wheeler@firstdata.com>; "Ben Laurie" <ben@algroup.co.uk>;
<cryptography@wasabisystems.com>
Sent: Tuesday, September 25, 2001 6:31 AM
Subject: Re: [FYI] Did Encryption Empower These Terrorists?
> In message <v03110706b7d555f61a45@[165.247.220.34]>, Bill Frantz writes:
[...]
> >It seems to me that because of the $50 liability limit under US law, most
> >of the risk is carried by the credit card issuers. They are also in a
> >position to require proper security by contract with the merchant.
> >
>
> Actually, I believe it's by the merchants. Internet transactions
> generally count as "card not present" transactions, which means that
> the merchants take the risk.
That's correct, and it's the main rationale behind initiatives like Visa's
3D Secure: an attempt to introduce stronger cardholder authentication, so
that the liability for chargebacks may be shifted back to the issuer.
This is actually the second attempt at solving this problem: offering
chargeback protection to merchants was the main attraction of SET, and
merchants and their acquiring banks were also ready to pay for it. However,
it was so inconvenient for the cardholders that they avoided SET-enabled
e-tailers like the plague...
Enzo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
