<div>Hi Peter,</div>
<div> Doing a micropayment, I dont see much of a problem. I have to admit at this point i was working as security expert for one such product from Ericsson a decade ago. It didnt take off as it was too early ( or too much security :-) )</div>
<div>regards</div>
<div>Anish<br><br></div>
<div class="gmail_quote">On Fri, Feb 25, 2011 at 2:26 PM, Peter Fairbrother <span dir="ltr"><<a href="mailto:zenadsl6186@zen.co.uk">zenadsl6186@zen.co.uk</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div class="im">Chris Salter wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">Hello UKCrypto,<br><br>"The Challenge of Turning Phones into Credit Cards - The Challenge of<br>Security & Why the UK is Key".<br>
<br><a href="http://www.trustedreviews.com/mobile-phones/review/2011/02/24/The-Challenge-of-Turning-Phones-into-Credit-Cards/p1?utm_source=newsletter&utm_campaign=clicks&utm_medium=daily_20110225_1277" target="_blank">http://www.trustedreviews.com/mobile-phones/review/2011/02/24/The-Challenge-of-Turning-Phones-into-Credit-Cards/p1?utm_source=newsletter&utm_campaign=clicks&utm_medium=daily_20110225_1277</a><br>
or<br><a href="http://preview.tinyurl.com/4w4wz46" target="_blank">http://preview.tinyurl.com/4w4wz46</a><br></blockquote><br></div>It seems to be a very stupid implementation, and quite possibly a stupid idea as well - no-one seems to have worked out the security model so far, or even have worked out any working security model.<br>
<br>That should have been done *first*.<br><br>Is this micropayments, or major purchases? Is a PIN entered on the 'phone? Does the issuer put a tamperproof chip in the 'phone?<br><br>I'm not surprised that the Kaspersky guy is keen, more business for him - but is he going to take responsibility. and more important accept liability, when things go wrong? As K. take zero liability for the effectiveness of their software at present, I kinda doubt it.<br>
<br><br><br>However if Visa want to implement it, and take the risk, fine by me - as long as I don't have to bail them out (again), and as long as paying by card remains an option. This should be a legal requirement, like chip and signature cards vs chip and PIN cards.<br>
<br>Come to think of it, it may be a legal requirement already, depending on the way the present law is interpreted - but that's not an area of law I'm familiar with.<br><br><br><br>BTW I don't have a mobile 'phone, and I don't want one.<br>
<font color="#888888"><br><br>-- Peter Fairbrother<br><br><br><br><br><br><br><br><br><br><br><br></font></blockquote></div><br>