Thanks for some private comments. What I posted is a short summary of a number of arguments. It's not an absolute position, or an expose' of the credit card industry. Rather, it's a wake- up call -- The time has come to really face the issues of information security seriously, without isolating them with insurance at the cost of the consumers. Why? Because the insurance model will not scale as the Internet and ecommerce do.
In other words, "CardSystems Exposes 40 Million Identities" as a harbinger. Now that we know more about the facts in this recent case, expect more to come unless we begin to improve our security paradigm. Yes, public opinion and credit card companies can and will force companies that process credit card data to increase their security. However, as my comments show, how about the "acceptable risk" concept that turns fraud into sales? Do As I Say, Not As I Do? By weakly fighting fraud, aren't we allowing fraud systems to become stronger and stronger, just like any biological threat? The parasites are also fighting for survival. We're allowing even email to be so degraded that fax and snail mail are now becoming atractive again. Cheers, Ed Gerck --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
