From: Arley Carter <ac@hawk.twinds.com>
Date: Fri, 17 Nov 1995 07:20:28 +0800
To: John Pettitt <jpp@software.net>
Subject: Re: credit card conventional wisdom
In-Reply-To: <199511161930.LAA20815@software.net>
Message-ID: <Pine.HPP.3.91.951116152854.21342B-100000@hawk.twinds.com>
MIME-Version: 1.0
Content-Type: text/plain


In this context is the merchant defined as the the corporation selling the
physical good for delivery or the corporation that is operating the server?
These two parties under certain circumstances may be the same party, but 
in this example lets assume they are seperate entities.

If I am interpreting "internet based stores" in the proper context, the 
cardholder and the bank have recourse against the company operating the 
server.  Is this correct?  

Regards:
-arc

Arley Carter
Tradewinds Technologies, Inc.
email: ac@hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from <insert your favorite 
corporation of government agency>."

On Thu, 16 Nov 1995, John Pettitt wrote:

> At 10:48 AM 11/16/95 -0800, Vladimir Z. Nuri wrote:
> >
>         ... about credit card liability
> 
> Hmmm, a few words about credit card liabilty.
> 
> The situation now is that in a "card not present" transaction the merchant is
> liable for the fraud.  This means that *a lot* of internet based stores are 
> getting eaten alive by fraud.  The big issue right now is not cards being
> stolen from the telco switch (yes it's a risk but can anybody cite it
> happening?).
> The issue is authentication of the card user.  We have a significant
> investment in 
> AI / credit scoring code to defeat the wannabe crackers.  This goes way beyond
> mod 10 checks and address verification.
> 
> [ as an aside I've put two people in jail this year for card fraud ]
> 
> John
> John Pettitt, jpp@software.net
> VP Engineering, CyberSource Corporation, 415 473 3065
> 
>