Re: FAQ: e-Signatures and Payments

[Anders Rundgren]

Maybe it is a bad idea to respond to your own postings but I give it a try -:)   A logical consequence with the stuff below is that things like EMV, and X9.59 has no bright future as they cannot support a reliable signature mechanism except on a cryptographic level.  But 3D Secure can!  And 3D Secure is just the first shot in this direction.   Stay tuned /a ----- Original Message ----- From: Anders Rundgren To: internet-payments Sent: Wednesday, November 12, 2003 09:08 Subject: FAQ: e-Signatures and Payments Extract from an FAQ for an on-line e-signature standards proposal in progress: ... That is, DRY Signatures are neither useful nor intended to be used where the signature requester is unknown or maybe even untrusted by the user. Does not the "trusted service provider" limit usability? Although this may be considered as a serious disadvantage of DRY Signatures, the same limitation is actually applicable to just about all on-line systems, as both on-line "receipts" and automatic client-side archival of "evidence" are usually missing. That is, the user must indeed rely on the service provider to cater for trustworthy handling of the data involved. Newer on-line payment systems, like VISA's 3D Secure, address this in a very elegant fashion by instead of requiring users to sign transactions directly to possibly unreliable merchants, instead routes payment requests to the user's own trusted and known bank (issuer). By doing that, users can be reasonably assured that transaction requests are archived, and that signature requests will always be in the same format as well as in a language that the user understands. This scheme even allows fraudulent merchants to be automatically blocked by the bank. Regards Anders Rundgren (Editor)