----- Original Message ----- From: "Ian Grigg" <[EMAIL PROTECTED]> Sent: Sunday, September 07, 2003 12:01 AM Subject: Re: Is cryptography where security took the wrong branch?
> That's easy to see, in that if SSL was oriented > to credit cards, why did they do SET? (And, > SHTTP seems much closer to that mission, on a > quick reading, at least.) Actually they do target very different aspects. SET, 3D-Secure, and any other similar have a different target then SSL. To understand this it is important to realize that instead of the usual view of two-party transactions, credit card transactions actually take 3 parties; Issuer, Seller, and Buyer. SSL covers the Seller-Buyer communication, and can also be applied to the Seller-Issuer communication, but on a transaction basis it offers nothing for the Issuer-Buyer (the important one for minimizing costs for the Issuer). SET/3D-Secure/etc address this through various means but the end target is to create a pseudo-Buyer-Issuer link, through the Seller. This allows the Issuer to minimize costs (less chance of having to make a call) and because it is behind the scenes technology has no reason to be accompanied by a reduction in fees (and actually because of the reduced likelihood of buyer fraud, it may be possible to charge the seller _more_). In the end SSL and SET/3D-Secure/etc target entirely different portions of the problem (the former targets seller fraud against the buyer, latter seller against issuer). Both of these are important portions, of course the real upside of SET/3D-Secure/etc is that the seller doesn't have a choice, and the fees in accordance with the "fraud-reduction" may very well increase the costs to the seller, the buyer costs of course stay the same. End result: lower fraud, increased fees->higher profit margins. However, if it meets expectations, it is entirely possible that all legitimate parties (non-fraud entities) will see improved profits (seller has reduced fraud and charge-backs, buyer less likelihood of the $50 penalty, issuer higher fees). Will it meet those expectations? I have no idea. Joe Trust Laboratories Changing Software Development http://www.trustlaboratories.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]