In message <[EMAIL PROTECTED]>, John Levine writes:
>>Why does the clerk at Blockbuster want to see your driver's license?
>>Because his management has been told, by their bank, that if they do
>>not attempt to verify the identity of credit card users they will
>>risk their business relationship with the bank.
>
>It's been my impression that the way you're supposed to verify the ID
>of a credit card user is by checking the signature. I've heard of
>banks telling businesses not to demand separate ID. On the other
>hand, I can easily believe that Blockbuster came up with the ID idea
>all by themselves.
I very rarely rent from Blockbuster, so I may have the details wrong; I
can state for sure how things work at the local video store I usually
patronize.
When I signed up with them, I supplied a credit card number; they
retained that for contingency charges if I fail to return a video.
(Odd -- my local library doesn't do that. But I digress.) In return,
they handed me an account-linked credential -- exactly the sort of
thing that is often advocated on this list.
>From my perspective, the form factor of the credential wasn't ideal; it
was one of those key ring-sized cards, and I soon lost it, probably
during a wallet upgrade. No problem -- they're happy to fall back to
the secondary authentication system, to whit my drivers' license. I
show that to get access to the account, independent of how I actually
pay for the rental. In other words, they are not using my license to
authenticate my credit card. (I would add that the feeds are low
enought that I almost always pay in cash; I have no idea if they even
have the ability to use the stored credit card for rental fees if I
don't present the card separately. Hmm -- the account is old enough
that the expiration date on my credit card has long since expired.
They've never asked me for an update. Maybe they're using a reputation
system?)
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
