The problem is incentive alignment. For example, for CNP (card not
present) fraud, the merchant eats the loss, so the credit card
company has limited incentive to make the system more secure. After
all, they still get their cut even on charge-backs.
Same problem here: everybody might be better off with a more secure
system, but the benefits don't occur until almost everyone uses the
system, so nobody has an incentive to go first.
That should, I think, make some predictions about the deployment
and effectiveness of anything really new and effective. As with
certain types of credit card fraud, it appears to be cheaper for
the financial institutions to build the costs into their fee
structure and then just eat the losses, rather than making
significant investments in better systems or more inconveniences
that might drive customers away.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf