At 11:02 AM 12/6/96 -0500, you wrote:
Can anyone briefly discuss the anonymity features (or lack thereof) for Mondex?
The following information is gleaned from Seth Grodin's "Presenting Digital Cash" (Sams.net Publishing 1995), the British Environmental Health and Trading Standards' response to Simon Davies' false advertising claim against Mondex, The FAQ page of Mondex's web site, and Tim Jones' testimony before the U.S. House of Representatives. Each card is uniquely identified, and the id of the card is linked at the issuing bank with the identity of the card holder. According to Grodin, each card has 3 logs, the transaction log (recording the recipient, date, and amount of the last ten transactions), a pending log of current transaction process, and an exception log recording "unsuccessful transactions". When the exception log is filled, card is disabled. Traders' tills retain the last 300 transactions as card number, value and date. (Presumably this log info can be offloaded to another devise after every 300 transactions, so the merchant's log can be limitless in size.) Tills record the card's identity, not the user's identity. However, banks have access (I'm not sure by what mechanism) to the till logs, and can then link transactions to card holders (or at least to the individual to whom they have issued the card - whether or not this is the person actually using the card.) Mondex touts their system's ability to monitor aggregate monetary flow, presumably through monitoring merchants' tills. (Jones to House of Reps: "Retailer's terminals and bank cashpoints provide many opportunities for Mondex to capture transaction data and patterns of behaviour which can be analysed to give warning of suspicious circumstances.") In addition to aggregate data, there is also some mechanism for isolating unusual activity on a particular card. (Jones to House of Reps: "In addition, Mondex transactions can be assessed automatically against threshold parameters, derived from past experience. Discovery that a transaction exceeded such thresholds can raise a warning, which can enable a member bank to disable or lock the card if desired.") I don't know how this is supposed to work, but I suppose it could be linked to the exception log on each card, which may record anomalous transactions as well as unsuccessful ones. Banks have the option of issuing cards which require on-line authorization for transactions (or, I imagine, for transactions above a certain threshold or meeting some other sort of criteria.) Much of the monitoring capacity seems to depend on communication between merchant tills and banks, or through auditing of individual deposits and withdrawals at the bank. (Jones to House of Reps: "Suspicions can be aroused, for instance, by regular or frequent value redemption from particular 'unexplained' sources, by a high average of redemptions relative to the card limit (for example, an individual's card behaving as if it was handling the amounts appropriate to a shopkeeper's card) or single large redemptions from an unusual location.") But apparently value can also be transferred between consumer wallets, and I don't know how that is monitored. I'm eager to learn anything more about this. djp