>For instance, lets say I walk in the store and do an X9.59 transaction with >a chipcard. The issuing financial institution gets an electronic signature >along with the 8583 transaction, check the authentication and integrity of >the transaction, checks the other information related to the transaction >and sends back a real time approval. The merchant then lets me walk out >with the merchandise.
Sure, X9.59 or EMV is problably just fine at least as long as you trust the terminal where you insert your chip-card. However, on the Internet using a web-store X9.59 end-to-end is anything but ready for prime-time. And the interesting thing is that the Internet approach (3D) MAY one day find its way down to the brick-and-mortar shop as it makes no sense to long-term have multiple infrastructures for payments. I guess we can agree on this last line at least? And then agree on that it will be "the battle of the payment systems". Or has somebody already won? I don't think so. >I would assert that any change that you would make to the above >description makes it less KISS, more complex, and less secure. To me using banks as trusted providers, authenticators and archievers seems like KISS as this is what banks have been doing since day #1. /anders
