Re: First Virtual?
Mark Terka writes:
Ok, so what are our options, given that this company seems to think of security in terms of a plastic padlock. From corresponding posts on the list, the only other alternative, Digicash, doesn't seem to be too responsive to anyone's participation right now.
It seems to me that DigiCash mistakenly 'jumped the gun' and announced before they were truly ready to test. This is such a common ocurrance in the computer industry that I'm suprised people are making noise over it. However, it indicates their reluctance to ship something before it's ready, which is good considering the technical and political challenges of the task they are undertaking. How can you really compare the proposed DigiCash systems versus FirstVirtual? One is a 'toy' system for moving credit card numbers around without actually broadcasting them in the clear, the other is a cryptographically secure digital cash type system. It's not suprising that FirstVirtual is ready sooner than DigiCash. However, assuming each system was ready and working as advertised, which would you trust for your financial transactions? With the possibility of millions and billions of dollars of commerce ocurring on the net in the near future, which do you think most people will want to use? While FirstVirtual may have it's place in the world of online payment systems, it is IMHO no replacement for a real digital cash system. The fact that most of the people who have even heard of these new payment systems are unaware of the not so subtle differences should alarm most cypherpunks. Digital cash isn't going to happen overnight (although most of us would like it to), and the last thing we want is for systems like FirstVirtual to become the de facto standard for online payment... andrew
How can you really compare the proposed DigiCash systems versus FirstVirtual? One is a 'toy' system for moving credit card numbers around without actually broadcasting them in the clear, the other is a cryptographically secure digital cash type system. Digicash and First Virtual and Net Bank are all payment systems. The primary benefit is moving money. _All_ other benefits are secondary, including privacy and security. As far as actually being a payment system, it's Digicash's trial which is the toy system. It can't move money. First Virtual, no matter what its flaws, can. Not particularly securely, not quickly, but money will move. Just because FV is a bad payments system doesn't mean it's not a payments system. There's no question at all that Digicash's technical means are superior to First Virtual's. But technical means alone do not make a business and Digicash at this moment doesn't have a business but rather only a possible opportunity for one. First Virtual has all sorts of problems. Its security sucks. It will have a higher fraud rate than other credit card uses. Merchants won't particularly like it because of this and the delay in payments. Users won't like it because the interface sucks. It's not fully fungible money, because you can't use it for arbitrary commmerce. Fine. Because of all these concerns, FV won't be suitable for many purposes, but it will be for some. What FV's commercial advantage will be is that they'll have a pre-existing user base on hand when the improved system comes. This is a not insignificant advantage, since it's much easier to deal with someone you've already been dealing with than with somebody new. Eric
-----BEGIN PGP SIGNED MESSAGE----- I saw a presentation Monday by Nathaniel Borenstien of First Virtual. While I agree that there is a strong need for a good digital cash system, FV is not attempting to fill that niche. FV is a credit card clearing system for the internet. Its current system is designed for small transactions involving information resources. It is not intended to be used for selling physical objects of value. As such, it forces the merchant to assume risks, in that the buyer has two opportunities to turn down a transaction. (When it is mailed to them, and when the credit card statement arrives.) That second opportunity to decline charges also adds to the security of the system. I won't say its good or perfect, but it does add something. FV really isn't taking much risk, or making much profit in their $.29+2% transaction fees. FV plans to make its money in other ways. They simply needed a way to collect credit card numbers to make those other ways work. They decided to make that means of payment generally available, and, while hackable, it is better than credit card numbers. (Those who would suggest PGP encryption should take careful note of how much trouble psuedo-mandating signing of posts is creating here.) The other ways FV plans to make money are providing information services, such as joke of the day. Others were not mentioned, and in fact, when someone asked, Nathaniel was avoiding the question when I said they'd be providing jotd, at which point he said yep. He was pretty admant about not talking about vapor. If you get a chance to hear him, do. It was very interesting, and afterwards, off the record, he might have some interesting things to say. Adam | How can you really compare the proposed DigiCash systems versus FirstVirtual? | One is a 'toy' system for moving credit card numbers around without actually | broadcasting them in the clear, the other is a cryptographically secure | digital cash type system. It's not suprising that FirstVirtual is ready | sooner than DigiCash. However, assuming each system was ready and working as
I'm glad I'm not the only one who thinks FV is a joke. The entire security of the system rests on the difficulty of intercepting and forging e-mail. Forging e-mail is dead easy, intercepting isn't much harder. While the implementors are correct that an online payment-system will have to be simple to use in order to gain wide acceptance, sacrificing all security for ease of use is a grave mistake. It just begging to be ripped off, providing people actually sell something via FV worth ripping off.
-----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLt/nCvTEN6SHa9YpAQHpVwQAxGi7aTp9c8Q10oS8O5vtw/U+CDi2aReb cvBfiJxC159MsBcNIpbf98LU7k1ItxWCGQs4OxvJVhXsRj/XlPqerPl+s3LQfxeB TuTGle9R6wV58yLVF6F4xFJoQU8/zYAb0U9nASrBgiXaIV33NkT65GrgQF6wY9aF GTl3b0DoXIw= =OCqk -----END PGP SIGNATURE-----
participants (3)
-
Adam Shostack -
Andrew Lowenstern -
eric@remailer.net