the merchant had accepted payment without witnessing a signature, the bank could deny responsibility. While this created a reasonable legal argument, in fact merchants are clients of the banks. For the supplier or a service to shift liability to the client can only go so far in commerce. Something had to happen. A way was needed to authenticate on the Web in such a manner that the authentication was non-repudiable; for example, when we manually sign, we cannot reasonable refute from having done so. We need an equivalent mechanism in the digital world. Actually, this mechanism exists, it is called a digital signature, and it is recognized as a legal signature by several governments.

We have previously discussed various aspects of cryptography used to enable a digital signature. So, we’ll only provide a cursory overview here. The basic concept behind a digital signature is for a computer to provide the proof that it knows a privileged piece of information. The digital signature itself is a string of numbers that can only be created by a computer containing a special key. As the digital signature is sent from one computer to another one, the second computer can determine that the signature of the first computer is correct, provided it trusts that only the first computer has the key. Well, as one might be able to guess by now, this means that the first computer must have a secure core. So again, we find ourselves needing a secure core to establish trust in a transaction. For that reason, several schemes have been proposed that involve secure cores for Web commerce. At this point, none has been successful on a large scale, primarily because the fraud level has not been high enough yet for banks to consider investing in this particular counter-measure. However, some intermediate steps have been taken, in particular with a derivative of secure core technology called the One-Time Password (OTP). In this scheme, the secure core generates the one time password in synchrony with the institution to be reached, limiting the possibility of tampering with it.

The second pressure for change on bank cards came from the need for efficiency; transactions that were faster and with less overhead costs involved. While it seems that presenting a credit card or a chip card at the supermarket leads to a quite efficient response, the process did not satisfy merchants. To enhance productivity, they are always in search of faster and less expensive payment mechanisms. In fact, there have been instances of merchants refusing to accept credit cards because of either or both characteristics. Among the sticking points have been fast food restaurants, where food is not the only thing that must be fast nor the only thing that must be inexpensive; the payment mechanism must be fast and cheap too. If it were possible to wave a credit card at the payment terminal resulting in a transaction that was actually faster than cash, then the restaurants would be on the road to a winning proposition. If the transaction fee charged to the merchant were not too much and it was reinforced by the security afforded from not having to store lots of bills and coins then the result would be a definite winner. What is needed is a radio wave card, in short an RFID (Radio-Frequency Identification) token, or its sibling, a contactless smart card, a radio-enabled version if the traditional smart card. Actually, contactless smart cards have been selected for this function and are currently being tested around the world. Since they represent yet another new form of payment with a chip card, they introduce new opportunities for fraud. Consider the hacker who could for example hide point of sale equipment on their body, come close to a client with a contactless card in their wallet, and debit the card, unbeknownst to the client. Of course, there are subsequent counter-measures to ameliorate this threat.

We see that the forces of change affecting trust can be negative, as in fraud, or positive, as in the answer to new needs. The search for trust is unending, and trust itself is, at any moment, the product of a long chain of causes and responses.

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)