nanog mailing list archives
Re: CVV (was: Re: bloomberg on supermicro: sky is falling)
From: George Michaelson <ggm () algebras org>
Date: Thu, 8 Nov 2018 16:16:36 +0700
There are two parts of the problem. The first is the assumption of risk: the current model of operation in the US (like in other western economies) puts the onus of risk of misuse of the card on specific actors. When you change the basis from signature (fraud) to chip+pin (leak of knowledge) you have to change the legal basis. Remember, this is an economy where WRITING CHEQUES is still normal. Clearly, the legal basis of money transactions in the US is hugely complicated by savings and loan, credit unions, banks, state and federal law, taxes. We all have some of this worldwide, they have a LOT. Secondly, the cost basis. Who pays? In most of the world the regulator forced cost onto specific players because they could, and forced people to tool up because they could. But, the costs did have to get met. Some people paid more than others. In the US, for reasons not entirely unlike the first set, *making* people do things with cost incursion is remarkably difficult. Making the Walmart brothers re-fit every terminal, when they can go down to DC and buy votes to stop it happening, Making Bank of America spend money re-working its core finance models to suit online chip+pin when it can go down to Walmart and lean on the owners to go down to DC and buy votes... Seriously: Its not lack of clue. Its lack of intestinal political fortitude, and a very strange regulatory and federal/state model. On Thu, Nov 8, 2018 at 4:11 PM Mark Tinka <mark.tinka () seacom mu> wrote:
On 11/Oct/18 21:31, Chris Adams wrote:Requiring an ID is also a violation of the merchant agreements, at least for VISA and MasterCard (not sure about American Express), unless ID is otherwise required by law (like for age-limited products). I've walked out of stores that required an ID.It has always been curious to me how/why the U.S., with one of the largest economies in the world, still do most card-based transactions as a swipe in lieu of a PIN-based approach. In South Africa (and most of southern Africa), all banks make the use of PIN's mandatory, for all types of cards. With the rest of Africa using credit cards more recently, I imagine they are also PIN-based. Europe also use PIN's, as far as I have experienced. Asia-Pac was swipe-based for a long time when I lived there, but I know places like Malaysia and Singapore have started a major PIN-based transaction drive in the past 3 years. 3D Secure for the online version of the transaction also means your card number and CVV number are less susceptible to fraud via restaurants and the like. Of course, this is not fool-proof, as both the merchant and bank need to support and mandate this, which is not well-done at a global level. Mark.
Current thread:
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Mark Tinka (Nov 08)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) George Michaelson (Nov 08)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Mark Tinka (Nov 08)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Scott Christopher (Nov 08)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Chris Adams (Nov 08)
- Re: CVV Alain Hebert (Nov 09)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Stephen Satchell (Nov 09)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Chris Adams (Nov 09)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Mark Tinka (Nov 08)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) George Michaelson (Nov 08)
- RE: CVV (was: Re: bloomberg on supermicro: sky is falling) Frank Bulk (Nov 08)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Todd Underwood (Nov 08)
- Re: CVV Simon Leinen (Nov 08)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Mark Tinka (Nov 08)