Perry E. Metzger wrote: > Why does the clerk at Blockbuster want to see your driver's license? > Because his management has been told, by their bank, that if they do > not attempt to verify the identity of credit card users they will risk > their business relationship with the bank. Credit card fraud is far > too prevalent, DVDs are easily resold, and the bank wants to make sure > that they won't get defrauded. Blockbuster also wants to minimize > fraudulent use of credit cards (which they end up eating in some > instances) and the loss of their property (which will never be > returned by someone renting a video with a stolen credit card).
the issue is lost/stolen credit cards ... your name is embossed on the plastic and recorded on the mastripe. this provides for the point-of-sale to check for lost/stolen card by attempting the identification process of matching the name on the card with the name on something else. this moves the card out of the relm of authentication into the relm of identification. there was a number of threads (mostly prior to 9/11) about EU privacy directives for making retail electronic transactions as anonymous as cash. basically this involved removing your name from the plastic embossing and magstripe ... so that the card was purely an authentication "something you have" .... and didn't wander across the line into identification. lost/stolen card risks then could be contained by deactivating accounts when the owner reported the card lost/stolen part of the issue has been the appearance of skimming/harvesting compromises http://www.garlic.com/~lynn/subpubkey.html#harvest where the crooks didn't actually have to physically steal the card, they could electronically record the necessary information (w/o the owner's knowledge) and then perform fraudulent transactions. The skimming/harvesting compromises can involve tens of thousands of cards ... not just a single card at a time. Also, the fraud period instead of being limited to possibly a few hrs (when the owner reports the missing card), now could extend to a few weeks (since the owner doesn't notice unitl they get around to examining the next statement). The skimming/harvesting threat and vulnerability can magnify the fraud risk by several orders of magnitude (compared to simple lost/stolen). --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]