[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Card Not Present, was Re: FW: comments



On 27 Jul 1998, EKR wrote:

>[snip, already discussed]
>
>Ed, the issue at hand is whether the customer's identity is relevant
>when credit cards are used. 

Eric:

The issue here was based on Ian's comment: 

"the merchant cares about the payment authorised by your account 
number, not your name."

to which I said NO -- and explained:

1. The merchant carries the burden of fraud in the Internet
credit-card case. Up to one year after the transaction, plus a fine,
plus a cancelled account if the chargebacks exceed 1% -- a large
accumulated liability issue.

2. When Mr. X uses Mrs. X's credit-card (even with her authorization) 
then Mr. X is technically commiting card fraud -- hence cardholder's
names are important. Even in Card Present cases but much more in Card
Not Present cases, because when the card is not present then the
merchant always carries the fraud burden if Mrs. X cries foul. 

My original comment intended to clarify those two items -- which are
IMO relevant to SPKI as they are often and wrongly cited as an
example why names are not important in some cases. Well, in the
credit-card case they are, specially in the Internet case and
specially to the merchant. Who does not get paid regardless. 

Thus, it is wrong to say that "the merchant cares about the payment
authorised by your account number, not your name". Customer's
identity is specially relevant to the merchant in the Internet case
-- exactly the case where it is harder to ascertain. 

>I maintain that it isn't because the
>merchant isn't put in a situation where he needs to recover the
>money from the customer,

Well, if the merchant gets for sure a charge-back from the bank in
case of card fraud in the Internet case, plus a fine, plus a
cancelled account above 1%, then how can you say that the merchant
isn't put in a situation where he needs to recover the money from the
customer? If the bank does not pay, if the bank insurance does not
pay, and the merchant is charged with it -- then, who pays? 

The real-life answer is that the merchant must pay by a direct bank
draft which is imposed upon him. Afterwards, the merchant must either
prove NR for the customers's transaction and demand the bank to
recharge the card or, must track the customer by using his logs and
sue the customer.

Thus, I see that the opposite of your affirmation is true in
e-commerce.

As to the other side issues, this list is perhaps not the best place
for them. In some issues I agree with you, while in others I am a bit
to the side -- if I can believe Bank of America and other agents. We
can continue this discussion privately or elsewhere -- as I think it
is very interesting for anyone dealing with such cases. Further, it
is funny to see how much is implied and hence not easily perceived --
but nonetheless crucial. 

Cheers,

Ed Gerck

______________________________________________________________________
Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br
http://novaware.cps.softex.br
-- Internet saves trees, WebBoy UMC saves PCs, you save time and money






Follow-Ups: References: