Subject Re: The Most Important Attribute
From Chad La Joie <lajoie@xxxxxxxxx>
Date Wed, 06 Jul 2011 11:10:21 -0400

And indeed, here in the US, even the banks/payment processors aren't
really held to account.  The tax laws are such that any fraud is able to
be written off as lost income and thus reduces the tax burden of those

But yes, I'm glad for the example.  It shows how little things like
consent and LoA really matter in our day to day lives.

On 7/6/11 11:03 AM, Cantor, Scott E. wrote:
> On 7/6/11 7:33 AM, "Chad La Joie" <lajoie@xxxxxxxxx> wrote:
>> That all sounds fine with the exception that that's not how credit card
>> processing is done.
> And since it's a pet point of mine, I'll note that all of this works
> because liability is squarely on the card issuers and banks, with the cost
> of that passed along to consumers in all the stuff we buy.
> Most people understand the risks of using debit cards without that
> liability protection online and don't do it. Take the liability transfer
> away, and all of it grinds to a halt until all the hard security problems
> magically get solved. Thus, there's no incentive today to solve them and
> they aren't.
> Credit cards are a great example of federation behind the scenes, but you
> couldn't pick a worse example for talking about end user security.
> -- Scott

Chad La Joie
trusted identities, delivered