Flaw in FV process (was FV and Netscape slagging each other off :-)
At 05:56 PM 1/31/96 -0500, Nathaniel Borenstein wrote about Jeffs attack:
Your attack would be caught by us relatively quickly because our model is based not on a single fail-safe piece of security software, but on *process* security. The overall process is multifaceted, with many checks and balances.
Yes this is all fine and good - but your process does not allow for real time delivery of goods. For example: Somebody wants to buy say micrsoft office from me for electronic delivery (yes they have a lot of bandwidth :-). I can authorize a credit card, fun it by my fraud screen and start shipping in less than 30 seconds. At this point the transaction is done. In the FV model as I understand it I'd have to ship the software and wait for an approve/deny/fraud from the user. If it's anything but approved I'm SOL, I still have to pay Microsoft for the product but I didn't get paid. Solve that process flaw and I'll add FV support to software.net. John Pettitt, jpp@software.net VP Engineering, CyberSource Corporation, 415 473 3065 "Technology is a way of organizing the universe so that man doesn't have to experience it." - Max Frisch
Excerpts from mail.cypherpunks: 31-Jan-96 Flaw in FV process (was FV .. John Pettitt@software.ne (1168*)
In the FV model as I understand it I'd have to ship the software and wait for an approve/deny/fraud from the user. If it's anything but approved I'm SOL, I still have to pay Microsoft for the product but I didn't get paid.
Actually, that's not quite right. People dealing in physical goods typically ship them AFTER the "yes" response from the user. And one of the next enhancements to our system, currently implemented and in testing in-house, will feature digitally signed notices to merchants when credit card authorization is obtained. At that point, the merchant's risk will be no greater than in traditional mail-order credit card sales.
Solve that process flaw and I'll add FV support to software.net.
Glad to hear it! -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> Chief Scientist, First Virtual Holdings FAQ & PGP key: nsb+faq@nsb.fv.com
Could someone tell me how to quit this list, I just dont have the time to read anything that is being sent to it. Thanks -- T H E M A N , T H E M Y T H , T H E L E G E N D . ****************************************************************************** * Dylan "Still" Boudreau * Knowledge is proud that she knows so much; * * Internet: x93ojg@stfx.ca * Wisdom is humble that she knows no more. * ****************************************************************************** * Homepage: http://juliet.stfx.ca/people/stu/x93ojg/welcome.html * ****************************************************************************** When someone says, "That's a good question." You can be sure it's a lot better than the answer you're going to get.
participants (3)
-
John Pettitt -
Nathaniel Borenstein -
Still