Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
Dave Howe wrote: Roy M. Silvernail wrote: I'd thought it was so Microsoft could offer an emulation-based migration path to all the apps that would be broken by Longhorn. MS has since backed off on the new filesystem proposal that would have been the biggest source of breakage (if rumors of a single-rooted, more *nix-like filesystem turned out to be true). To be fair to MS, that is already here - you can mount NFS volumes as subfolders in 2K and above, just like unix. however, MS don't really seem to want to crow about that - just in case someone points out unix did this literally decades ago I was thinking more of the rumor that Longhorn's filesystem would start at '/', removing the 'X:' and the concept of separate drives (like unix has done for decades :) ). When I first saw this discussed, the consensus was that it would break any application that expected to use 'X:\PATH'-style filenames or chdrive() (or whatever that lib call to change the default drive is). Someone suggested that MS might ship an emulator to handle translation (at some non-trivial cost in performance, else no one would have an incentive to refactor) until the vendors could rewrite their apps to use the new native filesystem. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFS SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
Roy M. Silvernail wrote: I'd thought it was so Microsoft could offer an emulation-based migration path to all the apps that would be broken by Longhorn. MS has since backed off on the new filesystem proposal that would have been the biggest source of breakage (if rumors of a single-rooted, more *nix-like filesystem turned out to be true). To be fair to MS, that is already here - you can mount NFS volumes as subfolders in 2K and above, just like unix. however, MS don't really seem to want to crow about that - just in case someone points out unix did this literally decades ago
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
[EMAIL PROTECTED] wrote: This is what I love about the Internet -- ask a question and get silence but make a false claim and you get all the advice you can possibly eat. Yup. give wrong advice, and you look like a fool. correct someone else's wrong advice, and you make them look foolish (unless you make a mistake in your correction, which seems to be some sort of tradition for spelling flames :) Probably the only reason I even post is because I don't mind looking like a fool, if it lets me correct some misconception I am labouring under :)
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
Roy M. Silvernail wrote: I was thinking more of the rumor that Longhorn's filesystem would start at '/', removing the 'X:' and the concept of separate drives (like unix has done for decades :) ). When I first saw this discussed, the consensus was that it would break any application that expected to use 'X:\PATH'-style filenames or chdrive() (or whatever that lib call to change the default drive is). Someone suggested that MS might ship an emulator to handle translation (at some non-trivial cost in performance, else no one would have an incentive to refactor) until the vendors could rewrite their apps to use the new native filesystem. The more likely solution though is that longhorn will *default* to a \ rooted file system for fixed drives, rather than the current situation where it defaults to a set of drive letters.
Re: Financial identity is *dangerous*? (was re: Fake companies, real money
--- begin forwarded text To: R.A. Hettinga [EMAIL PROTECTED] Subject: Re: Financial identity is *dangerous*? (was re: Fake companies, real money) From: Somebody at a Central Securities Depository :-) Date: Wed, 13 Oct 2004 10:31:10 +0100 i buy the argument that transaction instantaneity is a solution to the identity theft problem - my cash in your hands, at the same time (now) as your goods in my hands, in a way that allows both of us to ensure we have got what we wanted. But there's a trade-off; I have to use money, not credit, now - your point about the buyer 'lending' the seller cash at 0% interest. I'm not sure how the system compensates for that. It seems to me it becomes a risk-cost trade-off for the individual: I can work out the cost to me of using real money not credit; then I know what I am paying to insure myself against identity theft. Of course I probably rely on the credit people covering me against a lot of the risk of identity theft, and I may not even pay them for that cost (if it is built into the APR they charge and I can avoid interest by paying off the card quickly)... so to me identity theft risk is almost costless. Why then would I choose to insure myself explicitly by using cash instead of credit? What is it that makes all the individuals start thinking about the best interests of the system (which should be cheaper without all these hidden insurance costs) instead of thinking about their own interests?! David R.A. Hettinga [EMAIL PROTECTED] 12/10/2004 15:52 To:John Kelsey [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] cc: Subject:Re: Financial identity is *dangerous*? (was re: Fake companies, real money) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 9:49 AM -0400 10/12/04, John Kelsey wrote: Hmmm. I guess I don't see why this story supports that argument all that well. More like the straw that broke the camel's back, admittedly. A long time ago I came to the conclusion that the closer we get to transaction instantaneity, the less counterparty identity matters at all. That is, the fastest transaction we can think of is a cryptographically secure glop of bits that is issued by an entity who is responsible for the integrity of the transaction and the quality of assets that the bits represent. Blind signature notes work fine for a first-order approximation. In other words, an internet bearer transaction. In such a scenario, nobody *cares* who the counterparties are for two reasons. The first reason is existential: title to the asset has transferred instantaneously. There is *no* float. I have it now, so I don't *care* who you were, because, well, it's *mine* now. :-). Second, keeping an audit trail when the title is never in question is, in the best circumstances superfluous and expensive, and, in the worst, even dangerous for any of a number of security reasons, depending on the color of your adversary's hat, or the color your adversary thinks his hat is, or whatever. Keeping track of credit card numbers in a database is an extant problem, for instance, with a known, shall we say, market cost. We'll leave political seizure and other artifacts of totalitarianism to counted by the actuaries. Clearly, book entry systems where I can do transactions in your name and you are held liable for them are bad, but that's like looking at Windows 98's security flaws and deciding that x86 processors can't support good OS security. I'm walking out on a limb here, in light of what I said above, and saying that when there's *any* float in the process, your liability for identity theft increases with the float involved. Furthermore, book-entry transactions *require* float, somewhere. They are debt-dependent. Someone has to *borrow* money to effect a transaction. (In a bearer transaction, the shoe's on the other foot, the purchaser is *loaning* money, at zero interest, but that's what the buyer wants so the system compensates accordingly, but that's another story.) Because the purchaser has to borrow money to pay, and because you *cannot* wring the float out of a transaction (that is, you can get instantaneous execution, but the transaction clears and settles at a later date; 90 days is the maximum float time for a non-repudiated credit-card transaction, for instance), I claim that book-entry transactions will *always* be liable for identity theft. Put another way, remember Doug Barnes' famous quip that and then you go to jail is not an acceptable error handling step for a transnational internet transaction protocol. I would claim that enforcement of identity as a legal concept costs too much in the long run to be useful, and that the cheapest way to avoid the whole problem is to go to systems which not only don't require identity, but they don't even require book-entry *accounts* at all to function at the user level. Financial cryptography has had that technology for more than two decades now, so long
Re: Financial identity is *dangerous*? (was re: Fake companies, real money
At 5:27 PM -0400 10/19/04, R.A. Hettinga wrote: David Somebody named David, apparently... ;-) Shoot me now, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
-- On 12 Oct 2004 at 10:52, R.A. Hettinga wrote: A long time ago I came to the conclusion that the closer we get to transaction instantaneity, the less counterparty identity matters at all. That is, the fastest transaction we can think of is a cryptographically secure glop of bits that is issued by an entity who is responsible for the integrity of the transaction and the quality of assets that the bits represent. Blind signature notes work fine for a first-order approximation. In other words, an internet bearer transaction. In such a scenario, nobody *cares* who the counterparties are for two reasons. The first reason is existential: title to the asset has transferred instantaneously. There is *no* float. I have it now, so I don't *care* who you were, because, well, it's *mine* now. :-). Second, keeping an audit trail when the title is never in question is, in the best circumstances superfluous and expensive, and, in the worst, even dangerous for any of a number of security reasons, Two problems: 1. Instantaneous and complete transfer is irrevocable, thus attractive to ten million phishing spammers, virus witers etc. 2. Governments want everyone to keep records on everyone else, and make those records available to the government, thus discriminate against the more cashlike forms of internet money. It is clear that the world needs a fully cashlike form of internet money, that there is real demand for this, but the low security of personal computers makes it insecure from thieves, and the hostility of national governments make it insecure from governments. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG DomXDn/9ASGjDlA7/rM0YxIpV6BFP/F2G82U5fRF 4q51oYmi85ShC8+0oDT4+4nUVsGKolpQZ+8ozyJWM
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
On Wed, 13 Oct 2004 09:27:20 -0700, James A. Donald [EMAIL PROTECTED] wrote: Two problems: Kinda... 1. Instantaneous and complete transfer is irrevocable, thus attractive to ten million phishing spammers, virus witers etc. Instantaneous and complete transfer of cash to a mugger, burglar, or other hoodlum is difficult to revoke, thus I watch my back when I go to a bank machine and limit my exposure by not transporting more anonymous value tokens than I need to 2. Governments want everyone to keep records on everyone else, and make those records available to the government, thus discriminate against the more cashlike forms of internet money. Agreed. My habit of pulling a $20 out of the bank machine all the time looks... interesting. Really though, it's just a change-jar on speed: grab $20, spend $12 of it, throw the rest in my change jar. Repeat tomorrow. After a while the change jar looks pretty healthy... In a way it's self-laundered, mini-mixmastered money. There is no proof that this transaction here was the reason that drug dealer over there is X dollars richer and Y ounces lighter. It is clear that the world needs a fully cashlike form of internet money, that there is real demand for this, but the low security of personal computers makes it insecure from thieves, and the hostility of national governments make it insecure from governments. Agreed. I would hope that users of iCash get fully educated on what that entails: that that blob of bits is just as much $20 as that green piece of paper or that big pile of quarters. And if someone gets it and spends it, you may as well have been mugged. People do eventually learn when it costs them something out of pocket. Now that they've learned that the white headphones mean I'm a target with an iPod, mug me! I see a lot of iPod users with boring old sony or koss headphones. Right now, insecurity doesn't cost the end-user enough. As soon as some virus comes along and wipes out some new york times columnist's savings, and he screams about it, then and only then will the slightest nonzero percentage of the sheeple pay attention for a bit. Hm... this is one of those liberty vs. security moments, isn't it? Risk of carrying value versus freedom to engage in private transactions acceptable to all the players. -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 9:49 AM -0400 10/12/04, John Kelsey wrote: Hmmm. I guess I don't see why this story supports that argument all that well. More like the straw that broke the camel's back, admittedly. A long time ago I came to the conclusion that the closer we get to transaction instantaneity, the less counterparty identity matters at all. That is, the fastest transaction we can think of is a cryptographically secure glop of bits that is issued by an entity who is responsible for the integrity of the transaction and the quality of assets that the bits represent. Blind signature notes work fine for a first-order approximation. In other words, an internet bearer transaction. In such a scenario, nobody *cares* who the counterparties are for two reasons. The first reason is existential: title to the asset has transferred instantaneously. There is *no* float. I have it now, so I don't *care* who you were, because, well, it's *mine* now. :-). Second, keeping an audit trail when the title is never in question is, in the best circumstances superfluous and expensive, and, in the worst, even dangerous for any of a number of security reasons, depending on the color of your adversary's hat, or the color your adversary thinks his hat is, or whatever. Keeping track of credit card numbers in a database is an extant problem, for instance, with a known, shall we say, market cost. We'll leave political seizure and other artifacts of totalitarianism to counted by the actuaries. Clearly, book entry systems where I can do transactions in your name and you are held liable for them are bad, but that's like looking at Windows 98's security flaws and deciding that x86 processors can't support good OS security. I'm walking out on a limb here, in light of what I said above, and saying that when there's *any* float in the process, your liability for identity theft increases with the float involved. Furthermore, book-entry transactions *require* float, somewhere. They are debt-dependent. Someone has to *borrow* money to effect a transaction. (In a bearer transaction, the shoe's on the other foot, the purchaser is *loaning* money, at zero interest, but that's what the buyer wants so the system compensates accordingly, but that's another story.) Because the purchaser has to borrow money to pay, and because you *cannot* wring the float out of a transaction (that is, you can get instantaneous execution, but the transaction clears and settles at a later date; 90 days is the maximum float time for a non-repudiated credit-card transaction, for instance), I claim that book-entry transactions will *always* be liable for identity theft. Put another way, remember Doug Barnes' famous quip that and then you go to jail is not an acceptable error handling step for a transnational internet transaction protocol. I would claim that enforcement of identity as a legal concept costs too much in the long run to be useful, and that the cheapest way to avoid the whole problem is to go to systems which not only don't require identity, but they don't even require book-entry *accounts* at all to function at the user level. Financial cryptography has had that technology for more than two decades now, so long that the patent's about expired on it, if it hasn't already. The aspect of this that's generally spooky is not the existence of book entry payment systems, it's the ease with which someone can get credit (in one form or another) in your name, based on information they got from public records and maybe a bit of dumpster diving, some spyware installed on your machine, or a phishing expedition. How the payment systems are cleared isn't going to change that, right? (I know you've thought about this stuff a lot more than I have, so maybe I'm missing something) See above. When you use book-entry transactions, by definition, you need identity. Biometric, is-a-person, go-to-jail-if-you-lie-about-a-book-entry identity. With bearer transactions, digital/internet or otherwise, you don't have identity. You don't *need* identity to execute, clear, and settle the transaction, primarily because all three happen at once. There's no float between the three activities. You don't have to send someone to jail if they lie, because the transaction never executes in the first place if they do. Now, there are tradeoffs. The first one is key management, which as Schneier likes to point out, is a hard problem. Personally, I think that if you don't have to associate a key with a flesh-and-blood body in meatspace, a whole continent full of problems just disappears. In a bearer transaction, it's orthogonal to the issue of security anyway, and all it does is cost you money to do for no added benefit. The second one is security of the digital bearer notes and coins themselves, which, frankly, scares people in the finance business most of all. However, I would claim that all organizations, and even people :-), do their *database* and
RE: Financial identity is *dangerous*? (was re: Fake companies, real money)
OK, I'll bite. Or rather... Well, your initial postulate was stated in such a way as to be fairly unrefutable, the key word being float. Only companies, etc...provide that by requiring that the transacted funds flow through their coffers for a moment, where they extract their discount revenue. At this stage of the game, nobody when their head screwed on tight would argue that Internet-based businesses don't represent an increase in Risk (whether that increase will eventually make float-based business models impossible is an entirely different matter). Interestingly, the Visa organization recently launched a Purchasing Card platform which merely facilitates EFTs (a step towards your oft-mentioned Geodesic Society?)...there's a fixed and small discount revenue touch that's independent of the size of the transaction (and they can afford to do this because there's no float, ergo no risk). In this case, Visa is providing value added information systems for the transactions, but in a sense they're allowing their member banks to more or less completely step out of the transaction if they wish. Now of course, Paragraph 2 is only related to Paragraph 1 by the fact that I wrote both of them in one post. To my knowledge, Visa's new PCard platform has nothing to do with Internet-based risk PER SE, but in the long run I'll doubt we'll lable this a coincidence. -TD From: R. A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Financial identity is *dangerous*? (was re: Fake companies, real money) Date: Fri, 8 Oct 2004 19:14:08 -0400 Okay. So I'm coming to the conclusion that book-entry settlement, with its absolute requirement for both identity and float between transactions, is becoming more and more *un*-safe to use as internet ubiquity increases. Anyone want to pick up the other side of this and tell me why not? No bugbears or horsemen need apply... Cheers, RAH --- http://www.msnbc.msn.com/id/6175738/print/1/displaymode/1098/ MSNBC.com Fake companies, real money Elaborate con wrings cash out of stolen credit cards By Bob Sullivan Technology correspondent MSNBC Updated: 7:15 p.m. ET Oct. 7, 2004 T-Data, a small New-York based software company, doesn't take credit cards -- never has in its 20-year history. But a few weeks ago, owner Jeff Duhl found himself looking over $15,000 worth of credit card charges seemingly accepted by his store. A quick investigation revealed most of the charges had been made using stolen credit cards. Slowly, he caught on: Someone had stolen a batch of credit card accounts, then stolen his company's name, set up an imposter version of T-Data, and rung up thousands of dollars worth of fake purchases. The profits were then desposited into checking accounts controlled by the imposters. It is ingenious, said Dan Clements, who operates merchant advocacy site CardCops.com. Duhl wasn't the only victim of this new brand of corporate identity theft: At least 50 other firms apparently also had their identities stolen in the scheme. For credit card thieves doing their best to wring money out of a stash of stolen accounts, it seems like the perfect scam. How to profit from stolen credit cards While millions of credit card account numbers are stolen every year -- 60 million last year, and perhaps 120 million this year, according to one estimate -- turning them into cash can be tricky. Merchandise ordered with the card must be delivered somewhere, which is risky. Massive cash withdrawals are quickly spotted by credit card associations. The scheme Duhl's firm was caught up in is a heady, complex alternative: First, credit card thieves find a legitimate company unlikely to already be accepting credit card transactions. They then impersonate that company and set up accounts with merchant processing providers, whose role it is to transfer funds between credit card companies and merchants. Using stolen credit cards, the thieves then start sending small payments, usually $498 or $598 at a time, to the fraudulent merchant accounts. The credit card companies send funds to the processors and they in turn send the funds off to bank accounts controlled by the criminals. They are flying under the radar on each transaction unless someone does a whole lot of work, Duhl said. A key part of the scheme: The thieves went to the trouble of registering the domain www.T-datasoftware.com, then set up a fake Web site. The site looked like a believable business to the merchant processing providers, who gave the thieves their accounts. Duhl's imposters were able to set up accounts at seven different payment processing firms. When Duhl investigated, he discovered some 50 other Web sites -- most mere imitations of one another -- all sitting on the same computer server. They got away with $15,000 (in charges) at my company, Duhl said. Multiply that by the number of sites, the number of companies, these folks could be getting away with millions of dollars, he said. It's
Financial identity is *dangerous*? (was re: Fake companies, real money)
Okay. So I'm coming to the conclusion that book-entry settlement, with its absolute requirement for both identity and float between transactions, is becoming more and more *un*-safe to use as internet ubiquity increases. Anyone want to pick up the other side of this and tell me why not? No bugbears or horsemen need apply... Cheers, RAH --- http://www.msnbc.msn.com/id/6175738/print/1/displaymode/1098/ MSNBC.com Fake companies, real money Elaborate con wrings cash out of stolen credit cards By Bob Sullivan Technology correspondent MSNBC Updated: 7:15 p.m. ET Oct. 7, 2004 T-Data, a small New-York based software company, doesn't take credit cards -- never has in its 20-year history. But a few weeks ago, owner Jeff Duhl found himself looking over $15,000 worth of credit card charges seemingly accepted by his store. A quick investigation revealed most of the charges had been made using stolen credit cards. Slowly, he caught on: Someone had stolen a batch of credit card accounts, then stolen his company's name, set up an imposter version of T-Data, and rung up thousands of dollars worth of fake purchases. The profits were then desposited into checking accounts controlled by the imposters. It is ingenious, said Dan Clements, who operates merchant advocacy site CardCops.com. Duhl wasn't the only victim of this new brand of corporate identity theft: At least 50 other firms apparently also had their identities stolen in the scheme. For credit card thieves doing their best to wring money out of a stash of stolen accounts, it seems like the perfect scam. How to profit from stolen credit cards While millions of credit card account numbers are stolen every year -- 60 million last year, and perhaps 120 million this year, according to one estimate -- turning them into cash can be tricky. Merchandise ordered with the card must be delivered somewhere, which is risky. Massive cash withdrawals are quickly spotted by credit card associations. The scheme Duhl's firm was caught up in is a heady, complex alternative: First, credit card thieves find a legitimate company unlikely to already be accepting credit card transactions. They then impersonate that company and set up accounts with merchant processing providers, whose role it is to transfer funds between credit card companies and merchants. Using stolen credit cards, the thieves then start sending small payments, usually $498 or $598 at a time, to the fraudulent merchant accounts. The credit card companies send funds to the processors and they in turn send the funds off to bank accounts controlled by the criminals. They are flying under the radar on each transaction unless someone does a whole lot of work, Duhl said. A key part of the scheme: The thieves went to the trouble of registering the domain www.T-datasoftware.com, then set up a fake Web site. The site looked like a believable business to the merchant processing providers, who gave the thieves their accounts. Duhl's imposters were able to set up accounts at seven different payment processing firms. When Duhl investigated, he discovered some 50 other Web sites -- most mere imitations of one another -- all sitting on the same computer server. They got away with $15,000 (in charges) at my company, Duhl said. Multiply that by the number of sites, the number of companies, these folks could be getting away with millions of dollars, he said. It's not clear how much money the criminals really did get away with in the end. Many of the processing firms interviewed for this article claimed they caught on to the fraud after the transactions had cleared, but before the suspects had withdrawn the money from various checking accounts around the country. One did concede, however, that the scheme has real potential. 'Hundreds of thousands' over a weekend If you don't catch it you could lose hundreds of thousands of dollars over a weekend, said David Steinberg, chief credit officer at Merchant E Solutions, one of the processing firms used by the thieves. Steinberg said his company had never suffered such a loss, but that the industry is bustling with fraud attempts. Some 5 to 10 percent of all applications his firm receives are turned away as potentially fraudulent, he said. Phyllis McNeill, a spokeswoman for Global Payments, another processing firm hit in the scam, confirmed a fake account had been set up in T-Data's name with her company. She said the account was actually set up through a reseller, and was shut down after eight transactions had been performed. Randy Lobban, director of risk management at North American Bancard, said the con artists were able to open up an account at his firm and pass eight charges through the system, but the funds were never released. They never got any money, Lobban said. He alerted the U.S. Postal Inspection Service to the incident. Representatives at First Data and Wells Fargo also confirmed that fake accounts had been opened at their firms. An official at