Tuesday, January 24, 2017

Card always present

Credit card fraud includes a class of fraud called Card Not Present, CNP.  Those are online purchases where the fulfillment clerk does not see the card.  The fraud happens when the purchase requires a card fill in field, using a fomr filling bot on your computer.  Some phishing virus has already landed, it is on your computer sniffing when you use your credit info for a purchase.

Smart card is always present, or it has been thumprinted a certified trading bot to act on its behalf.   It wil be Card Always Present.  Always present is verified with the card ID, exposed to other bots.  That ID verifies, via decoding, that the associated accounts obey the rules and are attached to a human. 

If forgeries occur in the pit, the  it is a fundamental error, or someone was blackmailed.  So, simplify theory by simplify stating all trades are between valid bots.  Regardless of the link, two similar bots execute the appropriate exchange protocol, understand where the ledger services are, and know how to scan and bet the basic pits.

The smart cards have other rules built in, and unalterable.  They eventually report missing humans if they haven't seen a thumb print recently. They know what a fair bankruptcy looks like, and will do that without thumbprint upon a judge's order. The know about expiration dates, and may have other timeouts agreed to. And it speaks NFC to the app layer, and during purchases.
The idea is smart cards keep all pricing operations within the sandbox, they have a completed conditional probability menu.  Or, other than priced risk, I know the conditional probabilities of my accounts; my balance sheet is a graph that holds a closed set of conditional probabilities, each entry being a finite probability distribution.

Can card ID theft be a problem?

No, but collecting card IDs is discouraged. The card IDs are not permanent, they have timeouts, the smart card may even create a new one for a specific contract, all with timeouts.  The card ID is more of aencrypted token, like the master charge and /visa tokenization of card transactions. But the card ID has a life over multiple transactions, which should be a finite count.

I would say that card IDs should be collectable by merchants, under contract. So, in a card to card protocol, an exchange of card ID is not revealed.  But, revelation can be enabled by thumbprint. The smart cards can enforce this.

Think of a card ID as the verification of a valid trading contract you, the human, agree to.

 It is a set of instructions defining what and how to trade some digits of yours.  If it is stolen, what can the thief do? Put is back in the box, somewhere, it will just continue trading on your behalf, not his. He can use your card ID in a bogus pit, but ultimately, some ledger service requires my your thumbprint, if the stolen digits are spent. I think it works out, some buult in rules on card ID generation, combined with private and public key, the crypo guys make card ID an important sandbox tool. Especially useful, it is independent of coin type.

No comments: