1995-08-18 - Re: SSL challenge – broken !

Header Data

From: Pierre Uszynski <pierre@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: af3ea70cf90543002120578192d6ae62929f788bc41ad2efb03cc62eaf2ef323
Message ID: <199508181603.JAA09123@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1995-08-18 16:05:02 UTC
Raw Date: Fri, 18 Aug 95 09:05:02 PDT

Raw message

From: Pierre Uszynski <pierre@shell.portal.com>
Date: Fri, 18 Aug 95 09:05:02 PDT
To: cypherpunks@toad.com
Subject: Re: SSL challenge -- broken !
Message-ID: <199508181603.JAA09123@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Jordan (jordan@Heuristicrat.COM) attempts to correct me ;-)

> >  From pierre@shell.portal.com Thu Aug 17 18:29:41 1995
> >
> >  Unfortunately, in this case, insecure credit cards are not an
> >  obstacle to banks making money, so why should they care?
>
> [...] if you think that the major card issuers "don't care" about
> cutting (or eliminating) fraud, you're not talking to the right
> people.  Fraud eats away a big chunk of revenue [...]

Creative quoting aside, the point of my post, if it needs further
clarification, was that the cost of fraud is not only a burden to
the banks as some people seem to think. It is not even only transmitted
back to the customers in the form of higher fees and interest rates.

Card issuers can, do, and should as long as they can get away with it,
rely on methods against fraud that are less costly to them. That's
because they answer to their bottom line, to their share holders.
There are disincentives to fraud in the form of legal penalties and
threat of same, even the impression that credit cards are insecure may
help by limiting what (some) people dare to do with them. The costs of
these methods of fighting fraud is carried in part even by us who don't
even usually use credit cards! The highest the penalties and cost of
enforcement, the lowest the direct burden on banks, but that does not
necessarily mean that our (user's) bottom line will improve.

For citizens and tax payers who are not significant share holders, it's
not enough to ask the card issuers what the cost of card insecurity is
to them. "Our cost is higher."

By making some credit card fraud illegal, enforcing, etc... we actually
allow card issuers to use less secure mechanisms and procedures
(although I'll agree this does not apply to the 40 bit key nonsense,
that's one case where banks and businesses would be happy to use longer
keys.) (the equivalent mis-quote about politicians applies here :-)

Pierre.
pierre@shell.portal.com
(And I will not contribute further to this side thread.)





Thread