for a fuller discussion of SSL & SET discussion ... set x9a10 mailing list
archives
http://lists.commerce.net/archives/ansi-epay/199905/maillist.html
the above has the postings in reverse cronological order.
but, basically the bottom line is that there are a number of merchant
credit card business process that require the merchant to have the PAN (or
merchant credit card stuff doesn't work).
specific posting (from somebody at visa):
http://lists.commerce.net/archives/ansi-epay/199905/msg00009.html
Eric Rescorla <[EMAIL PROTECTED]>@rtfm.com on 07/07/2001 11:54:44 AM
Please respond to EKR <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
To: Lynn Wheeler/CA/FDMS/FDC@FDC
cc: Greg Broiles <[EMAIL PROTECTED]>, [EMAIL PROTECTED], James M Galvin
<[EMAIL PROTECTED]>, [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Re: non-repudiation, was Re: crypto flaw in secure mail standards
[EMAIL PROTECTED] writes:
> one of the biggest problems that has led to most of the regulations is
the
> ease that account-number harvesting can occur and then the account number
> used in fraudulent, non-authenticated transactions. The SET-like
protocols
> didn't address this issue.
How so? In at least one mode, SET denied the merchant the PAN.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
