Rubber hose attack (fwd)
Jim Choate
ravage at ssz.com
Sat Nov 3 09:58:50 PST 2001
---------- Forwarded message ----------
Date: Sat, 3 Nov 2001 09:51:10 -0700
From: lynn.wheeler at firstdata.com
To: JohnE37179 at aol.com
Cc: cryptography at wasabisystems.com, Jason.Gruber at btinternet.com,
JohnE37179 at aol.com, rick_smith at securecomputing.com, vertigo at panix.com
Subject: Re: Rubber hose attack
i believe i said that ROI represented the total cost of the program to
eliminate some fraud compared to the total amount of fraud. in the credit
card scenerio it isn't enuf to know the cost per event. assuming that
adding chips to those payment cards is a solution. in there US there are
something less than a billion new cards sent out each year ... and adding a
chip could cost on the order of $25 each. Just for the chips (ignoring for
the moment the issue of reader provisioning) ... that cost might be
somewhere in the $15b to $20b per annum range. There would have to be a
huge number of $3500 per fraud events eliminated by a comprehensive chip
program to justify it.
so as referenced in the previous postings .... advances in technology can
reduce the cost of dealing with fraud (in the chip card case ... it would
be nice to reduce it from $20b/annum to maybe under $1b/annum; say a
combination of significantly reduced chip costs as well as the number of
new sent out each year) while at the same time increasing the amount of
fraud (criminals find it easier to counterfiet existing cards increasing
the amount of traud that happens).
However, generically (except for some specific exceptions), the majority of
fraud has tended to be insider fraud. Just improving things with strong
authentication &/or identification doesn't directly address insider fraud,
significant audit, command & control, and compensating procedures are
needed to be in place to address significant amounts of insider fraud (who,
effectively by definition, have already been authenticated and identified).
JohnE37179 at aol.com on 11/02/2001 08:26 pm wrote
Again, this is only a very small part of the problem. The Inspector
General's
office reports that the average identity fraud in the Social Security
Administration costs over $100,000. Texas Medicaid loses approximately 25%
of
its $4 billion budget to fraud. The ABA reports that the average cost of
each
credit card fraud for the issuer exceeds $3500. Each incident of identity
fraud in recruiting costs DOD over $500,000.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cypherpunks-legacy
mailing list