the straight-forward mapping of credit card payment to the internet used "MOTO" business process (mail order/telephone order, aka existing non-face-to-face operation) to handle poorly authenticated transactions. http://www.garlic.com/~lynn/aadsm5.htm#asrn2 http://www.garlic.com/~lynn/aadsm5.htm#asrn3
the financial industries standard work on that was basically to provide authenticated transaction using digital signatures to all electronic payment transactions .... with the requirement given the standards group "to preserve the integrity of the financial infrastructure" ... aka the x9.59 work applies to credit transactions, debit transactions, ach transactions, gift card transactions, etc. and applicable to all environments (internet, non-internet, point-of-sale, etc) An x9.59 issue is that it removes the requirement for name associated with the transaction. This meets an EU requirement that at the point-of-sale, an electronic transactions should be as anonymous as cash. The claim then is the x9.59 work is privacy neutral .... aka identification is removed from the transaction. To the extent there is any identification involved .... it is in mapping individuals to accounts. Gift cards don't have mapping of individuals to accounts ... and x9.59 would neither increase nor decrease the annonymity of gift cards. Gift cards are typically procssed with the some point-of-sale terminal as existing debit/credit cards and at least initially typically flow thru the same network. That means that the current webserver based use of credit cards .... flows into the same network that debit and gift cards flows into. The issue isn't the mechanics of enabling debit and gift cards for internet webserver use .... the issue is providing authentication in an "open & insecure" network (the internet) compared to closed/secure network that the point-of-sale terminals directly connect into. X9.59 is defined to provide such authentication in a secure manner across all payment transactions. With respect to credit &/or debit accounts, again X9.59 neither increases nor decreases the annonymity of those accounts; to the degree that particular institutions allow annonymity associated with such accounts ... x9.59 then is privacy neutral in the protocol. so the issue here is that the bits and pieces of privacy-enhanced payment transactions already exists and has for some time. a new one doesn't really need to be invented; the basic issue is really the technology needed to transission some of these existing privacy-enhanced payment transactions from closed network to an open network environment. misc. refs: http://www.garlic.com/~lynn/index.html#x959 http://www.garlic.com/~lynn/subtopic.html#privacy [EMAIL PROTECTED] on 1/27/2002 12:08 pm forwarded: On Saturday, January 26, 2002, at 09:55 PM, Dr. Evil wrote: > We know that some kind of privacy-enhanced payment system has been one > of the long-time c'punk goals, probably for at least ten years. We > know that we are probably further away from having that be a reality > than we were ten years ago. This is excusable; the obstacles are > enormous. You need a lot of people to use it before it's useful, and > there are all kinds of regulatory problems. And there are a whole > list of other problems, too. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]