July 25, 2005

Payment news - two classic story endings and a new start

In payment news, two stories are ending. Jim reported on the Blind Signature patent expiry party:

Guest of honor David Chaum challenged us: How to change the world for the better by implementing new protocols.

I like to think that is what FC is about; but I'm also old enough and bloodied enough to know that without revenues we can't sustain the cash flow to employ the programmers to write the protocols to change the world for the better....

And, over in Congress, the CEO of CardSystems is moaning that his company might be out of business if Mastercard were to follow Visa and Amex in dropping them from the credit card processing business.

The head of a payment processing firm that was infiltrated by computer hackers, exposing as many as 40 million credit card holders to possible fraud, told Congress yesterday that his company is "facing imminent extinction" because of its disclosure of the breach and industry's reaction to it.

"As a result of coming forward, we are being driven out of business," John M. Perry, chief executive of CardSystems Solutions Inc., told a House Financial Services Committee subcommittee considering data-protection legislation. He said that if his firm is forced to shut down, other financial companies will think twice about disclosing such attacks.

A curious response - as the company offers little or nothing positive to the damage that it has potentially done to 240,000 credit card holders, I'm not sure what there is to say! (What was the average cost of identity theft to the victim, again?(

There's little help from the credit card companies:

Credit card companies say they are trying to stave off unneeded panic. And costs are an issue as well; if a new card costs $30 to create, 40 million cancelled cards would cost $12 billion to replace.

"Obviously." Seriously, this company must die. Like Arthur Andersen, the message has to be sent. Regulation didn't work. The Regulator didn't do anything. Contracts didn't work. Audits do not work, whether it was by Cable & Wireless or Mickey Mouse. Pontifications by a myriad of security experts didn't work.

Nothing worked - and it's time to form a hanging party and go get us some bandits. (If it's any consolation, when the users get to a-lynching in civil courts, CardSystems will appreciate the humane way out.) The Chistian Science Monitor goes on to report that considered thought and intelligence seen in Washington DC:

But state lawmakers were skeptical. "It seems there's a very paternalistic theme to those comments, which is 'We know what's best for consumers,'" said Massachusetts state Rep William M. Straus.

He said the issue should be turned over to the victims of ID theft: "Would they trade a 10 percent discount from Sears for everything they've been through?"

Now there's a thought! In closing, looks like ePoints made a big splash in the New Scientist:

The ePoints system set up by Agnes Koltay and Daniel Nagy is different. It allows anonymous person-to-person transactions over the web, and though the software itself costs money, Nagy says every subsequent transaction will be free. Charles Cohen, founder of failed e-currency Beenz, supports this thinking. People will only adopt new payment systems if they are free, he says.

To use ePoints, a person requests an ePoint "note" - in reality an encrypted code that represents some amount of ePoints - from an ePoints issuer. The issuer is the person or body that administers the system and ensures that ePoints aren't duplicated. The issuer cryptographically signs each ePoint note in exchange for some money of equivalent value in another currency, say pounds or dollars, or for some work done, or as payment for some other service.

When someone spends ePoints, the person receiving them in payment contacts the issuer to verify they are not counterfeit. The cryptographic algorithms ensure the issuer cannot tell where the ePoint originated, nor the chain of hands it has passed through, only that he has been asked to confirm an ePoint is authentic.

But anonymity alone is not going to make people use it. If ePoints is going to catch on, it will have to find a niche that makes it attractive to a large pool of users. That's where ePoints' cheap and borderless nature comes in. ePoints can be seen as an international electronic currency and this, Nagy and Koltay believe, along with security and anonymity, will provide the niche it needs.

ePoints may also be attractive to companies that want an electronic method for handling payments of a few pennies. Credit card companies charge a minimum fee for each transaction they process, and for transactions of less than a few dollars this can represent a large slice of the total. In return, credit card companies provide a high level of security. But as Nagy points out, this is overkill when only small sums are changing hands. A penny transaction should not need a lot of security, Nagy says. A thief will gladly invest five pennies of effort to steal a credit card, but no smart thief will spend five pennies to steal a one-penny ePoint.

Nagy and Koltay are not the only ones aiming at the micropayments niche. In spite of the rocky beginning of digital cash in the 1990s, several alternative micropayment systems have sprung up, including Peppercoin, PayCash and Open Money.

And recently a big name has shown interest. Nagy says a test version of the entire ePoints software system was recently downloaded by engineers at Google. News reports suggest the company will soon launch a competing service to PayPal. As with a cash transaction, only the two parties to the transfer need know each other's true identity.

The rest of the article is well worth reading as well.

Posted by iang at July 25, 2005 04:18 PM | TrackBack

Are any of the FC'ers here affiliated with this International Financial Cryptography Association of Jean Camp's of Harvard mentioned in the New Scientist article?
What are they doing?

Posted by: Daniel A. Nagy at July 27, 2005 02:09 PM

IFCA is an odd beast; you get to be a member if you turn up to the conference, but that's only for the year. Pretty much all in the FC community have at one stage been members, but many aren't on a regular basis.

The conference is (um...) quite pricey and oriented more to the academic market who have to publish or perish, so for startups and practical FCers it is really seen as a networking event and their one annual holiday on the beach. There have been attempts to broaden the base to include the startup and commercial market; An ongoing debate...

An alternate is the DigitalMoney conference in London which is commercial / Finance layer, and we used to run EFCE in Edinburgh which was tech/tech/tech/ layers 1-3 ... to get the cheap price you had to present and you had to deliver transactions within a minute of starting or go down in flames! A lot of fun :-)

I'm thinking that now is the time to run EFCE again, so if anyone is keen, shout.

Posted by: Iang at July 27, 2005 02:40 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.