Vladimir: Calm down. This is why I started my post with "Maybe this is stupidly obvious question but....." I am trying to illustrate some simple points and ask some simple questions: 1. Risk to a cardholder is on a vastly different scale than risk to the Bank Consortiums that run the credit card business. Charge offs and fraud are of course as you point out a cost of doing business. If it is not an acceptable risk to the card holder and the bank it won't happen. The bank won't deploy a system that they view as exposing them to unacceptable loss. The cardholder will not use a system that offers him no recourse to recover losses. End of Story. 2. The Bank Consortiums are doing a poor job of explaining to cardholders merchants and developers such as you and me that are supposed to implement these "open" specs exactly *what* our risks are in developing and deploying these systems on our servers. The bank consortiums will have contracts or usage agreements governing the clearing of transactions in cyberspace. When a loss is claimed by a cardholder, how will the loss (if there is one) be allocated between the cardholder, merchant, the company operating the server that processed the credit card and the bank be allocated. 3. I'm getting tired of seeing posts this list about what is more dangerous cyberspace or restaurantspace. Let's focus on the real mechanics of how the ground rules of credit card clearing will operate in cyberspace. The credit card consortiums can advance the cause of electronic commerce by stating in unambigous terms what their views are of these ground rules. Developers, cardholders and merchants can then make a judgement on whether those risks are acceptable to each party respectively. Regards: -arc Arley Carter Tradewinds Technologies, Inc. email: ac@hawk.twinds.com www: http://www.twinds.com "Trust me. This is a secure product. I'm from <insert your favorite corporation of government agency>."