[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Card Not Present, was Re: FW: comments

To: EKR <ekr@terisa.com>
Subject: Re: Card Not Present, was Re: FW: comments
From: Ed Gerck <egerck@laser.cps.softex.br>
Date: Tue, 28 Jul 1998 09:46:45 -0300 (EST)
cc: spki <spki@c2.net>
In-Reply-To: <390lefruu.fsf@kmac.terisa.com>
Sender: owner-spki@c2.net

On 27 Jul 1998, EKR wrote:

>Ed Gerck <egerck@laser.cps.softex.br> writes:

>> EKR wrote:
>> >I maintain that it isn't because the
>> >merchant isn't put in a situation where he needs to recover the
>> >money from the customer,
>> 
>> Well, if the merchant gets for sure a charge-back from the bank in
>> case of card fraud in the Internet case, plus a fine, plus a
>> cancelled account above 1%, then how can you say that the merchant
>> isn't put in a situation where he needs to recover the money from the
>> customer? If the bank does not pay, if the bank insurance does not
>> pay, and the merchant is charged with it -- then, who pays? 
>
>This is only true in Card Not Present. In Card Present, it's
>handled differently, as I indicated previously.
>

Well, the CNP case is the Internet case. Thus, for e-commerce, the
merchant needs to be able to reach the customer in order to
recuperate his money in case of fraud and the customer name is an
important part of that process. This is what I wrote first and I see
that you fully agree. 

Now, if credit card companies want to make the CNP case turn into a
CP case by relying upon a digital certificate (ie, upon the
certificate owner's private key) then ... who is the certificate
owner? The client, not the merchant. Which means that: 

1. the client must have a certificate issued by a CA that the credit
card company approves -- hardly a choice for NPR e-commerce and one
that enforces monopoly.

2. the client must pay what the approved CA demands -- which may
include fat to the credit-card company and others.

3. legal liability issues between client, CA and merchant will be
very fuzzy between different states and different countries, with
different law systems and consumer law systems. For example, return
merchandise rules for on-line shopping.

4. the client will be at risk, always, that his private-key is
snatched from his computer. Grandma chooses a bad password and looses
her house is the scenario here. Hardly a positive one for the
clients.

This "solution" looks like a very bad move, where the merchant
decreases risk but the customer bears all. And, one that goes against
current consumer protection legislation.  Sigh...

Cheers,

Ed Gerck
______________________________________________________________________
Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br
http://novaware.cps.softex.br
-- Internet saves trees, WebBoy UMC saves PCs, you save time and money

References:

Re: Card Not Present, was Re: FW: comments

From: EKR <ekr@terisa.com>

Prev by Date: Re: Card Not Present, was Re: FW: comments
Next by Date: credit card discussion
Prev by thread: Re: Card Not Present, was Re: FW: comments
Next by thread: RE: Card Not Present, was Re: FW: comments
Index(es):
- Main
- Thread