From: Robert Hettinga <rah@shipwright.com>
To: cypherpunks@toad.com
Message Hash: 3cdcbe5727cad96e2d8dee61c3596a8d6da6185c5fa2697e07317b1a8618c57e
Message ID: <v0311076bb0201386bcb9@[139.167.130.248]>
Reply To: N/A
UTC Datetime: 1997-08-20 03:46:45 UTC
Raw Date: Wed, 20 Aug 1997 11:46:45 +0800
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 20 Aug 1997 11:46:45 +0800
To: cypherpunks@toad.com
Subject: SET discused in Risks Forum
Message-ID: <v0311076bb0201386bcb9@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain
--- begin forwarded text
Date: Tue, 19 Aug 1997 15:42:21 -0400
From: pj ponder <ponder@mail.irm.state.fl.us>
Subject: SET discused in Risks Forum
To: set-discuss@lists.Commerce.Net
Mime-Version: 1.0
Sender: set-discuss-owner@mail.irm.state.fl.us
Precedence: bulk
+----------------------------------------------------------------------+
This message was addressed to: set-discuss@lists.commerce.net
+----------------------------------------------------------------------+
-----BEGIN PGP SIGNED MESSAGE-----
Just got this on the Risks Forum
(usenet comp.risks; html: http://catless.ncl.ac.uk/Risks)
I apologize if this has been posted here already and I missed it.
- ----------------------- from comp.risks: -------------------------------
Date: Sat, 16 Aug 1997 16:20:14 -0700
From: smartcard@sprynet.com
Subject: SET risk
The Secure Electronic Transaction (SET) process is proposed by the
credit-card associations to secure credit-card usage on the Internet. It
consists of a 28-step process using a standard digital certificate. It
relies on vendor software to provide security. These include an
electronic wallet program in the originator's PC, merchant review software
at the merchant's bank, card transaction processing software at the card
issuer bank and merchant software in the merchant's server.
The SET process claims to be better than using a credit card on the
Internet. However, the SET process has three serious exposures - confirmed
with IBM and HP/Verifone. The process does NOT know who is presenting the
certificate. The process does NOT know if merchant employees have
redirected the certificate through another merchant. All of the critical
software is directly accessible by the card users, merchant employees and
bank employees. Historically, these individuals have been the prime source
of fraud in credit card transaction systems.
There are more than 50 other card security products available for Internet
usage. They are generally simplier, faster, and avoid the SET exposures
identified above. Internet transaction users might try the viable
alternatives.
jerome svigals, smartcard@sprynet.com
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBM/n5lF4ZsVsZPDGdAQFdwgQAu8IZGp153xgyJs5km/ah7KYtMmwT8k4d
Pqo1I5qV532thAIjL8y5uGwxraTTQjxOcWTwvP7Y+Z+wh1467nAElYY1t4VPEB1m
K0nZ/3r7kDelj5Jp6H2fTPdBdHWrEj5m/XrTmhVYb0dkQSxW1gFN39y+7AGeBQsO
ctgUfEJY2tU=
=188u
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This message was sent by a majordomo-based automatic list manager.
Subscriptions to and archives of this list are available to any person
or organization. For further information send a mail message to
'set-discuss-request@lists.commerce.net' with 'help' (no quotations)
contained in the body of your message.
--- end forwarded text
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
Return to August 1997
Return to “Robert Hettinga <rah@shipwright.com>”
1997-08-20 (Wed, 20 Aug 1997 11:46:45 +0800) - SET discused in Risks Forum - Robert Hettinga <rah@shipwright.com>