OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Pat Farrell (pfarrellpfarrell.com)
Date: Tue Jun 12 2001 - 15:18:37 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    At 12:47 PM 6/12/2001 +0100, Rachel Willmer wrote:
    >--On 08 June 2001 06:21 -0400 "R. A. Hettinga" <rahshipwright.com> wrote:
    >I don't know about 3D-SSL, or 3D Secure, but the "3D" in 3D *SET* stands
    >>for "3 Domain". God knows what that means.
    >It means "3 Domain" rather than the original model which had 4, I think.
    >The basic idea is that you no longer have to enforce/enflict SET as far as
    >the consumer - the consumer can be authenticated by their bank in anyway
    >the bank feels comfortable with.

    For those not facile in the credit card processing world, the four players are
    1) the consumer
    2) the merchant
    3) the merchant's bank (acquiring bank)
    4) the consumer's bank (issuing bank)

    The original SET design focused on ensuring that the merchant was legit, and
    that the consumer was legit. Part of the reason SET failed was that the
    issuing banks
    realized that SET would cost them billions of dollars to
    setup/issue/maintain/deactivate
    certificates for the consumers, yet the only thing that the certs did was
    protect the issuing bank from the consumer. Since the issuing bank has a
    relationship
    with the consumer, and can control the account, this was no real benefit to the
    bank.

    The original CyberCash credit protocols (circa 1996) did not bother with
    consumer certs,
    rather it kept a database of valid accounts. Worked fine in practice for
    four or so years
    (until I left).

    What I find interesting about the new three Domain SET is that it is
    leaving out
    the #1 party. And keeping the #2 acquiring bank.

    Back when physical charge slips were carried to the bank, having an
    acquiring bank
    made sense. It was also clear years ago that an electronic payment system
    could easily present the purchase directly from the merchant to the
    consumer's issuing
    bank, skipping one whole set of transactions, overhead and fees.

    Of course, this was rarely mentioned arround banks, as most had both an
    issuing and
    an acquiring side, with fees on both.

    Pat

    Pat Farrell voice: (703 587-9898)
                   email: pfarrellpfarrell.com
                   text pager: 7035879898messaging.sprintpcs.com