Watching this thread has been fascinating. I want to underscore and summarize a tiny bit. First, I commented about the aspects of FV's system that made it particularly hard to mount a large-scale automated attack against the FV transaction system. Then, David Wagner asked:
Is it just me, or does this sound like a challenge? ..... Maybe Sameer will create a Hack FV page :-) Or maybe NB will offer a $1000 bug bounty to anyone who can successfully forge a transaction in FV's system (since it's so foolproof)...
Before I could answer, Sameer said more or less what I would have said, although I'm sure he didn't think he was offering FV's position:
FV isn't worth it.
This is absolutely true in the sense that a simple one-time attack on FV is well-understood and easy to mount. (For those of you who haven't seen it, I recommend that you read our paper on lessons from First Virtual's first full year in operation, available at ftp::/ftp.fv.com/pub/nsb/fv-austin.{ps,txt}. Among other things, it spells out in precise detail how to break the FV transaction system -- see Appendix A, Question 25: "How can a criminal break First Virtual's system, and does it matter?" Unlike other systems, FV doesn't claim to be "foolproof" -- quite the contrary, we very deliberately tell you exactly how to break the system, and we focus on limiting the damage that can be done by such an attack. Given that fact, a bounty is ludicrous. We're not going to turn around and pay you a bounty for doing exactly what we told you how to do! A bounty on crypto-payment-systems makes sense precisely because the possible costs of a bug can be so high. However, Sameer went on to write:
Actually, Hack FV seems pretty pointless. Someone hacks FV, and a chargeback is issued on the credit card. Big deal. Same old outdated credit-card based payment systems. No more secure than credit cards.
This last line is not quite right. The email loop that FV adds will, in general, cause fraud to be detected far more quickly than it is detected in today's credit card world. Thus FV is a bit more robust (if not more "secure", a word fraught with problems of definition) than the physical credit card infrastructure. Using encrypted credit cards on the net, however, is demonstrably *less* secure/robust than the existing physical credit card infrastructure, as the first-year paper also explains in detail. Finally, Bill and Sameer (jointly, sort of) provided a very brief synopsis of the "does it matter?" part:
Besides, if you hack FV you've got the money :-)
Uh, no you don't. I can't think of any ways you could hack FV and actually make money at it, because in the end the credit card would just get a chargeback.
FV is vulnerable to several nuisance attacks, and we make no bones about that fact. We've even seen it happen a couple of times -- no money was lost, and the culprit was persuaded to cease and desist via pressure through his ISP. But we've designed the system to be very robust in protecting the actual money, which is what we believe MUST be a payment system's first priority. -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> (FAQ & PGP key: nsb+faq@nsb.fv.com) Chief Scientist, First Virtual Holdings VIRTUAL YELLOW RIBBON==> http://www.netresponse.com/zldf