From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Tue, 5 Mar 1996 15:38:54 +0800
To: cypherpunks@toad.com
Subject: re: Validating credit cards
Message-ID: <960303192137.2020177f@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Actually can think of several phleneomum that would satisfy but
first need to separate transactions into relating to electronic items
and relating to physical items.

In the case of physical items, pickup for shipping is probably done in 
batches (example: for FedEx the last pickup typically at 5 pm). It is not 
necessary to verify transactions instantaneously but rather when the order
is processed /shipped. This could be done in a batch mode syncronized with
order processing.

In the case of electronic media there are two choices: either immediate access
or delayed access. In the first case either access can be granted or immediate
verification can be done. In the case of immediate access, it should be
limited to items of restricted value. In delayed access the same batch
processing mode can be performed (during the 0-dark hours most likely).

This leaves only cases where immediate access must be granted and I suspect
that in most cases the vulnerability of 6-24 hours of access before 
verification will be small. Where the possible loss is low, we are back to
(a).

So in the small proportion of transactions where immediate verification and
transfer is necessary, I have no doubt that the existing infrastructure can 
handle it. At "slight additional charge" by the credit card company no doubt.

							Warmly,
								Padgett