John Kelsey wrote:
From: cyphrpunk <[EMAIL PROTECTED]>
Digital wallets will require real security in user PCs. Still I don't
see why we don't already have this problem with online banking and
similar financial services. Couldn't a virus today steal people's
passwords and command their banks to transfer funds, just as easily
as the fraud described above? To the extent that this is not
happening, the threat against ecash may not happen either.
Well, one difference is that those transactions can often be undone,
if imperfectly at times. The whole set of transactions is logged in
many different places, and if there's an attack, there's some
reasonable hope of getting the money back. And that said, there have
been reports of spyware stealing passwords for online banking systems,
and of course, there are tons of phishing and pharming schemes to get
the account passwords in a more straightforward way.
Right, the Microsoft operating system as host for virus
/ malware attack for stealing bank and payment systems
value has been going on for a couple of years or so
in a serious (industrial) way.
The payment system operators will surely be sued for this, because
they're the only ones who will be reachable. They will go broke, and
the users will be out their money, and nobody will be silly enough to
make their mistake again.
They might be sued but they won't necessarily go broke. It depends on
how deep the pockets are suing them compared to their own, and most
especially it depends on whether they win or lose the lawsuit.
I don't think so. Suppose there's a widespread attack that steals
money from tens of thousands of users of this payment technology.
That sounds like a version of phishing, 'cept
for being 2 orders of magnitude too small.
There seem to be two choices:
a. The payment system somehow makes good on their losses.
b. Everyone who isn't dead or insane pulls every dime left in that
system out, knowing that they could be next.
Er, no, that doesn't sound like any finance system I
know. See that post to the Register which I think RAH
forwarded, with 2000 in the class. That's just this
week's news.
As per my observations, all FC systems bubble along
with something about 1% fraud plus/minus an order of
magnitude. The credit card people currently report
about 0.1-0.2 % although I think that might be under-
reporting on their part.
Out of that, some people might get
recovered, but enough do not that we wouldn't be able
to push proposition b. with any strength. We know for
example that even though the banks might recover any
direct losses, they won't accept liability for any
other costs including where their fault caused problems
elsewhere.
iang
