[11667] in cryptography@c2.net mail archive
Re: Interests of online banks and their users [was Re:
daemon@ATHENA.MIT.EDU (jon@jonsimon.com)
Tue Sep 17 17:39:51 2002
In-Reply-To: <20020917143438.GA85195@lightship.internal.homeport.org>
Date: Tue, 17 Sep 2002 13:07:43 -0700
To: Adam Shostack <adam@homeport.org>
From: jon@jonsimon.com
Cc: cryptography <cryptography@wasabisystems.com>
>Now, lets say you don't tell the customer with known bad
>software to go away, because you value their business. Are you now
>culpable in some way? After all, you *knew* that client was
>comprimised...
As far as I know, banks assume that a certain percentage of their
transactions will be bad and build that cost into their business
model. Credit and ATM cards and numbers are as far from secure as
could be, far less secure than somebody doing online transactions
from a Wintel machine on an unencrypted connection, let alone an
encrypted one. Until somebody takes full advantage of the current
system and steals a few trillion dollars in one day, the problems are
easier to deal with than a solution. Until that happens, there's no
reason for banks to go through the pain of dealing with or requiring
Pd.
-Jon Simon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
