From: smb@research.att.com
To: szabo@netcom.com (Nick Szabo)
Message Hash: 06c4be729e1f01156b692e383f2a5d88103be45403fbe91322edd4d0fc0d2c70
Message ID: <9401102342.AA04115@toad.com>
Reply To: N/A
UTC Datetime: 1994-01-10 23:46:37 UTC
Raw Date: Mon, 10 Jan 94 15:46:37 PST
From: smb@research.att.com
Date: Mon, 10 Jan 94 15:46:37 PST
To: szabo@netcom.com (Nick Szabo)
Subject: Re: Internet billing scam?
Message-ID: <9401102342.AA04115@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
DNS indicated that this organization does in fact
have one site, mary.iia.org. Even so, this is not
enough for me to trust them with my credit line.
This conclusion may apply to many other, more legitimate-looking
operations that spring up in the near future.
This demonstrates that privacy is only one reason to go
to digital cash; the biggest reason may be the massive
fraud commonplace in the current electronic system.
Online billing is moving towards this incredibly
insecure system where our $multi-thousand credit lines
are exposed by giving out their short "keys" to numerous
unknown entities.
Nick Szabo szabo@netcom.com
You raise an interesting point; however, it's far from clear that
digital cash is a solution. In fact, it may even be a negative
factor in some contexts.
Let's look at why some vendors -- whether of network services, hotel
rooms, or rental cars -- much prefer credit cards, even though the
card issuer will charge them a few percent off the top. The answer
is that in these cases, customers have the potential to run up a
large bill -- that is, a debt -- between interactions with the
provider. Furthermore, this debt is often legitimate, i.e., the customer
really did consume that amount of service. A vendor possessing a
credit card number *will* be paid, with minimum hassle. If the
customer skips town, the card issuer eats the charge. But that's
part of their cost of doing business, which they try to minimize
via things like credit checks.
If credit cards didn't exist, the vendor would have to assume the
risk. Most are not nearly as large as the card issuers, and they
don't have the lead time to do a credit check in many cases. Their
usual answer is to demand a deposit. That's fine with either regular
cash or digital cash -- but if and only if you can afford that kind
of capital outlay. And those deposits are often very large compared
to the final actual bill, because the vendor wants to cover the larger
potential bill (i.e., a wrecked car). I suppose one could invent a
deposit broker, who took a few percent to cover the short-term loan
of (perhaps) large sums, and who issued digital cash tokens.
But there's one more important point to consider: U.S. law on
disputed credit card purchases. Suppose that this organization
really is fraudulent (though the evidence for that varies between
slim and none, and the person who sent the original note may be
headed for a libel suit). The customer isn't liable for the bill,
subject to assorted restrictions and caveats. The card issuer has
to eat that, too -- and it's up to them to try to collect from the
offending merchant. Why send cash -- digital or otherwise -- to
a potentially-disreputable organization, when you can protect yourself
quite easily?
Digital cash solves some problems very nicely -- but I don't think
this is one of them.
--Steve Bellovin
Return to January 1994
Return to “smb@research.att.com”
1994-01-10 (Mon, 10 Jan 94 15:46:37 PST) - Re: Internet billing scam? - smb@research.att.com