Jordan (jordan@Heuristicrat.COM) attempts to correct me ;-)
From pierre@shell.portal.com Thu Aug 17 18:29:41 1995
Unfortunately, in this case, insecure credit cards are not an obstacle to banks making money, so why should they care?
[...] if you think that the major card issuers "don't care" about cutting (or eliminating) fraud, you're not talking to the right people. Fraud eats away a big chunk of revenue [...]
Creative quoting aside, the point of my post, if it needs further clarification, was that the cost of fraud is not only a burden to the banks as some people seem to think. It is not even only transmitted back to the customers in the form of higher fees and interest rates. Card issuers can, do, and should as long as they can get away with it, rely on methods against fraud that are less costly to them. That's because they answer to their bottom line, to their share holders. There are disincentives to fraud in the form of legal penalties and threat of same, even the impression that credit cards are insecure may help by limiting what (some) people dare to do with them. The costs of these methods of fighting fraud is carried in part even by us who don't even usually use credit cards! The highest the penalties and cost of enforcement, the lowest the direct burden on banks, but that does not necessarily mean that our (user's) bottom line will improve. For citizens and tax payers who are not significant share holders, it's not enough to ask the card issuers what the cost of card insecurity is to them. "Our cost is higher." By making some credit card fraud illegal, enforcing, etc... we actually allow card issuers to use less secure mechanisms and procedures (although I'll agree this does not apply to the 40 bit key nonsense, that's one case where banks and businesses would be happy to use longer keys.) (the equivalent mis-quote about politicians applies here :-) Pierre. pierre@shell.portal.com (And I will not contribute further to this side thread.)