Why attackers are increasingly taking the fiat banks to the cleaners

How a sound payment system works

The buyer and the seller generate each their own private keys on their own (secure) equipment. The buyer and the seller compute by themselves their public keys from their private keys. The seller transmits his public key or a hash thereof to the buyer. The buyer produces a signature for his payment transaction, mentioning the amount to pay to the seller’s public key or a hash thereof. The customer transmits his public key and his signature along with the transaction to the ledger. The seller verifies the ledger for the existence of such transaction. If it exists in the ledger, he has effectively been paid.

The security rules

Rule 1: It is strictly forbidden to generate or transmit a private key to someone else
Rule 2: It is strictly forbidden to ask for a private key
Rule 3: It is strictly forbidden to accumulate databases of private keys

How the credit card system works

In the credit card system, the credit card number is at the same time private key, public key, and signature.

The fiat bank breaks rule 1 by generating credit card numbers for its customers and storing them in databases, breaking rule 3. The sellers break rule 2 by asking the customer to provide his credit card number for payment. On top of that, many sellers break rule 3 by accumulating databases of private keys.

It is not possible to protect the credit card system from attack. The fiat banks and the credit card networks have repeatedly been told to stop doing what they are doing now. A combination of external and internal attacks will end up siphoning off all the money accessible by credit cards.

What they are doing, is strictly forbidden.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s