From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Fri, 1 Dec 1995 02:23:17 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: The future will be easy to use
In-Reply-To: <01HY8GNOCLCS8WYXCN@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.91.951130123239.3869A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 30 Nov 1995, E. ALLEN SMITH wrote:

> However, if you have optional linking of ID and name, shippers will only 
> ship to keys with such attributes. Because just ID and address, it could 
> be a "hit and run" type attack shipped to a safe maildrop.
> ---------------------------------
> 	If the transaction is via a Credit Card, it's the card issuer's
> liability (and responsibility to determine creditworthiness), unless I'm badly
> mistaken. If it's bank-issued ecash, then it's up to the bank to disgorge
> physical dollars when ecash is presented to them. What's the risk in either
> case?

Credit card fraud -- ie I've snarfed someone's card number and they 
haven't figured it out yet.

Cardholder's liability is $50 (I think).  Depending on the situation (if 
it's a card-is-physically-present transaction or a not-present) the 
liability falls to either the bank or the merchant.

A "proof of address" is a darn good way to reduce (not prevent, reduce) 
that sort of fraud.

Jon
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.