You missed my point. Read on...
> b) Certificates authenticate that the person is who they say they
> are.
>
> Trust goes to trusting that second statement, not the trustworthiness
> of the company behind the statement.
>
People in general presume that when they see the little key that they are
dealing with a "bonified" business. Yes, I know that the certification
process does not do this. And since it doesn't do this it isn't worth
much.
> ???? Getting a bank account is just as trivial and does NOT add anything
> to the value of the trustworthiness of the company. It just says that
> (in your example) that the fraudster went with a piece of ID such as
> a birth certificate, drivers license (again easily duplicated) and
> his company papers and opened up an account for that company.
It SURE IS worth something. Banks have filing requirments and they
generally KNOW their customers. Furthermore there are a number of credit
reporting agencies affiliated and you can contact a number of them and get
credit information before you deal with the company.
But I think you sort of made my point here - if the bank - which generally
KNOWS its customers - doesn't provide much of anything in the way of
saying anything about the "legitimacy" of a business, then a cert from any
of the present CA's says even less. You note tht the bank is not in the
position of charging you several hundered per year for your bank account
number. Verisign is exactly in this position and is doing it.
Furthermore - if you bill over the internet via say VISA or pretty much
ANY credit card for that matter - the banks will require you to deposit
sufficient funds so that if there is ANY dispute over whether the
transaction is legitimate - then YOU, as the MERCHANT, carry full
responsibility and the customer need only complain and ask for his money
returned.
And if you end up with a sizeable number of chargebacks I can assure you
that your merchant VISA account will be cancelled. So there is
accountability imposed by the banking side of the e-commerse system.
To put it succintly - if you have a merchant VISA account and can bill via
the net - this means something - and in fact the merchant VISA number
which shows up on your visa bill is a GOOD measure of authenticity.
Anyone can get Verisign to issue a cert - but the standards for a merchant
account aren't quite so simple.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
