Perry E. Metzger wrote: > Adam Shostack <[EMAIL PROTECTED]> writes: >> On Mon, Jul 02, 2007 at 01:08:12AM +1200, Peter Gutmann wrote: >>> Given that all you need for this is a glorified pocket calculator, >>> you could (in large enough quantities) probably get it made for < >>> $10, provided you shot anyone who tried to introduce >>> product-deployment DoS mechanisms like smart cards and EMV into >>> the picture. Now all we need to do is figure out how to get there >>> from here. >> I'd suggest starting from the deployment, training, and help desk >> costs. The technology is free, getting users to use it is not. I >> helped several banks look at this stuff in the late 90s, when cost of >> a smartcard reader was order ~25, and deployment costs were estimated >> at $100, and help desk at $50/user/year. > > Of course, given the magnitude of costs of fraud, and where it may be > heading in the near term, the $50 a year may be well spent, especially > if it could be cut to $25 with some UI investment. It is all a > question of whether you'd rather pay up front with the security > apparatus or after the fact in fraud costs...
That is why efforts by banks to shift the risk to the customer are pernicious - they distort the incentive the bank ought to have to get the security right. Nicholas Bohm -- Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Mobile 07715 419728 (+44 7715 419728) PGP public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
