slight clarification .... while consumers don't directly pay the transaction fees ... whatever fees that the merchants directly pay ... show up in prices that come out of consumers pocket-book ... which they do pay ... as well as various & sundry fees that consumers pay to their issuing bank as part of various credit related fees & charges.
parts of the issue has always been would the procedures to lower fraud, cost more than the fraud they were limiting. Two things have been happening ... the cost of technology has in general been coming down rapdly ... both the cost of technology needed to limit fraud as well as the cost of technology for various kinds of fraud & counterfeiting (which tends to increase the amount of fraud). misc threads on the subject http://www.garlic.com/~lynn/aadsm5.htm#spki2 Simple PKI http://www.garlic.com/~lynn/aadsm6.htm#terror14 [FYI] Did Encryption Empower These Terrorists? (addenda to chargebacks) http://www.garlic.com/~lynn/aadsm7.htm#auth2 Who or what to authenticate? (addenda) http://www.garlic.com/~lynn/aadsmore.htm#schneier Schneier: Why Digital Signatures are not Signatures (was Re :CRYPTO-GRAM, November 15, 2000) http://www.garlic.com/~lynn/aepay6.htm#ccfraud2 "out of control credit card fraud" http://www.garlic.com/~lynn/aepay6.htm#ccfraud3 "out of control credit card fraud" http://www.garlic.com/~lynn/aepay7.htm#fakeid Fake IDs swamp police http://www.garlic.com/~lynn/2000f.html#64 Cryptogram Newsletter is off the wall? http://www.garlic.com/~lynn/2001c.html#47 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#73 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001f.html#40 Remove the name from credit cards! http://www.garlic.com/~lynn/2001i.html#26 No Trusted Viewer possible? http://www.garlic.com/~lynn/2001j.html#7 No Trusted Viewer possible? http://www.garlic.com/~lynn/2001j.html#9 E-commerce security???? credit has enjoyed quite a bit of market penetration in terms of internet transactions ... in part because it was relatively simple to adopt the existing MOTO-model to the internet http://www.garlic.com/~lynn/aadsm5.htm#asrn2 Assurance, e-commerce, and some x9.59 ... fyi http://www.garlic.com/~lynn/aadsm5.htm#asrn3 Assurance, e-commerce, and some x9.59 ... fyi http://www.garlic.com/~lynn/aadsm5.htm#asrn1 Assurance, e-commerce, and some x9.59 ... fyi http://www.garlic.com/~lynn/2001i.html#52 loosely-coupled, sysplex, cluster, supercomputer & electronic commerce however, x9.59 which had a requirement to preserve the integrity for all account-based transactions in all envrionments with only authentication ... also opens up other payment methods to the internet (as well as general ability to reduce fraud) http://internetcouncil.nacha.org/Projects/ISAP_Results/isap_results.htm NACHA AADS results!! http://www.garlic.com/~lynn/index.html#aads with regard to to rubber hose attack ... there is an issue of ROI (assuming a rubber hose attack has some rational financial motivation as opposed to something akin to random violence) ... i.e. effort to mount the attack vis-a-vis reward in return. The discussion of stealing a web merchant credit card master file may have a relatively modest investment but result in several hundred thousand account numbers for which fraudulent transactions can be executed against. The claim is that ROI for rubber hose attacks would preclude majority of rational financial motivation ... aka they're would be other attacks with signficiant better ROI. While rubber hose attacks might never totally disappear ... the amount of fraud from such events will be very small. misc. past threads in the area: http://www.garlic.com/~lynn/aadsm6.htm#websecure merchant web server security http://www.garlic.com/~lynn/aadsm6.htm#terror3 [FYI] Did Encryption Empower These Terrorists? http://www.garlic.com/~lynn/aadsm6.htm#terror4 [FYI] Did Encryption Empower These Terrorists? http://www.garlic.com/~lynn/aadsm6.htm#pcards The end of P-Cards? http://www.garlic.com/~lynn/aadsm6.htm#pcards3 The end of P-Cards? (addenda) http://www.garlic.com/~lynn/aepay7.htm#netbank2 net banking, is it safe?? ... security proportional to risk http://www.garlic.com/~lynn/aepay7.htm#netsecure some recent threads on netbanking & e-commerce security http://www.garlic.com/~lynn/aepay7.htm#3dsecure2 3D Secure Vulnerabilities? Photo ID's and Payment Infrastructure http://www.garlic.com/~lynn/aepay7.htm#3dsecure3 financial payment standards ... finger slip http://www.garlic.com/~lynn/2001c.html#42 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#54 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001h.html#61 Net banking, is it safe??? http://www.garlic.com/~lynn/2001h.html#67 Would this type of credit card help online shopper to feel more secure? http://www.garlic.com/~lynn/2001i.html#53 Credit Card # encryption http://www.garlic.com/~lynn/2001i.html#57 E-commerce security???? http://www.garlic.com/~lynn/2001j.html#2 E-commerce security???? http://www.garlic.com/~lynn/2001j.html#5 E-commerce security???? http://www.garlic.com/~lynn/2001j.html#44 Does "Strong Security" Mean Anything? http://www.garlic.com/~lynn/2001k.html#55 I-net banking security http://www.garlic.com/~lynn/2001l.html#2 Why is UNIX semi-immune to viral infection? some more general threads: http://www.garlic.com/~lynn/subtopic.html#fraud http://www.garlic.com/~lynn/subtopic.html#privacy [EMAIL PROTECTED] on 11/02/2001 1:25 PM wrote: In a message dated 11/2/01 2:03:05 PM, [EMAIL PROTECTED] writes: << Of course. But this hasn't prevented people from acquiring and using credit cards. More to the point, it hasn't prevented the merchants, banks, and credit card issuers from maintaining and promoting this imperfect system. This would suggest that the losses from fraud (which customers don't pay, at least not here in the US) are amply covered by the income they bring in. This sounds to me like a system that "works" in a practical sense. >> In good times when a 5% loss factor disappeared in the profits it didn't matter. In times when every penny is being squeezed (Airlines), and fraud seems to have doubled the risk management view may have changed. John Ellingson CEO Edentification, Inc. 608.833.6261 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
