[sldev] More about viewer auth in today's RC

Tateru Nino tateru.nino at gmail.com
Wed Dec 5 08:53:20 PST 2007

Previous message: [sldev] More about viewer auth in today's RC
Next message: [sldev] More about viewer auth in today's RC
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


Argent Stonecutter wrote:
> On 04-Dec-2007, at 20:35, Jesse Barnett wrote:
>>> It's not a security system.
>
>>> Like Tess said, this isn't about security.
>
>>> This is about a lot of words that people mix up with security. Like
>>> evidence, and investigation, and forensics, and stuff like that.
>
>> Billion dollar credit card companies would disagree with that
>> assessment.
>
> I don't think so. Credit card companies do not actually apply a huge
> amount of direct effort to security. Your credit card and number
> contain no security features beyond a simple documented (thus
> reproducible) checksum. If they were to make their cards foolproof
> with embedded biometric sensors, encrypted certificates, and
> temper-resistant storage... they would get so much pushback from their
> customers. Instead they apply the effort to fraud investigation, and
> tools to improve fraud investigation, and gathering evidence to detect
> fraud, and so on.
>
Having worked in the banking industry, yes - banks and card companies
work to limit costs due to fraud. That is, costs to themselves - costs
to the customer are generally a very distant secondary concern. Money,
therefore goes into fraud detection systems, rather than things like
card and account security. Card security is primarily a marketing
operation - basically, there's usually only the appearance of enough  of
it to avoid driving customers away.

-- 
Tateru Nino
http://dwellonit.blogspot.com/

Previous message: [sldev] More about viewer auth in today's RC
Next message: [sldev] More about viewer auth in today's RC
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list