diff --git a/articles/ui/taler.bib b/articles/ui/taler.bib index 371b90482..b576d3804 100644 --- a/articles/ui/taler.bib +++ b/articles/ui/taler.bib @@ -181,6 +181,15 @@ publisher={Centrum voor Wiskunde en Informatica} } + +@misc{NYA:CyberExtortionRisk, + title = {Cyber Extortion Risk Report 2015}, + author = {\relax NYA International}, + month = {October}, + year = {2015}, + howpublished = {\url{http://www.nyainternational.com/sites/default/files/nya-publications/151027_Cyber_Extortion_Risk_Report_2015_0.pdf}} +} + @misc{ECB:TRoCF2014, title = {Third Report on Card Fraud}, author = {{\relax European Central Bank}}, @@ -188,3 +197,30 @@ year = {2014}, howpublished = {\url{https://www.ecb.europa.eu/pub/pdf/other/cardfraudreport201402en.pdf}}, } + + + +@inproceedings{3DSsucks, + author = {Murdoch, Steven J. and Anderson, Ross}, + title = {Verified by Visa and Mastercard Securecode: Or, How Not to Design Authentication}, + booktitle = {Proceedings of the 14th International Conference on Financial Cryptography and Data Security}, + series = {FC'10}, + year = {2010}, + isbn = {3-642-14576-0, 978-3-642-14576-6}, + location = {Tenerife, Spain}, + pages = {336--342}, + numpages = {7}, + doi_url = {http://dx.doi.org/10.1007/978-3-642-14577-3_27}, + doi = {10.1007/978-3-642-14577-3_27}, + acmid = {2163598}, + publisher = {Springer-Verlag}, + address = {Berlin, Heidelberg}, + url = {https://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf} +} + + + + + + + diff --git a/articles/ui/ui.tex b/articles/ui/ui.tex index 13256648e..7bf0c1a2d 100644 --- a/articles/ui/ui.tex +++ b/articles/ui/ui.tex @@ -305,7 +305,7 @@ the merchant not accepting the particular card issuer. Traditionally, merchants bear most of the financial risk, and a key ``feature'' of the 3DS process compared to traditional card payments is to shift dispute {\em liability} to the issuer of the card---who -may then try to shift it to the customer. +may then try to shift it to the customer \cite[\S2.4]{3DSsucks}. % % online vs offline vs swipe vs chip vs NFC ??? % extended verification @@ -421,13 +421,15 @@ volatile.~\cite{jeffries_economists_v_btc,lehmann_btc_fools_gold,lewis_btc_is_ju Bitcoin's pseudononymity applies equally to both customers and merchants, which makes Bitcoin amen\-able to tax evasion, money -laundering, and sales of contraband. As a result, anonymity tools -like mixnets do not enjoy widespread support in the -Bitcoin community where many participants seek to make the currency -appear more legitimate. While Bitcoin's transactions are difficult to -track, there are several examples of Bitcoin's pseudononymity being -broken by investigators~\cite{BTC:Anonymity}. This has resulted in -the development of new protocols with better privacy protections. +laundering, sales of contraband, and especially extorion + \cite{NYA:CyberExtortionRisk}. +As a result, anonymity tools like mixnets do not enjoy widespread +support in the Bitcoin community where many participants seek to make +the currency appear more legitimate. While Bitcoin's transactions +are difficult to track, there are several examples of Bitcoin's +pseudononymity being broken by investigators~\cite{BTC:Anonymity}. +This has resulted in the development of new protocols with better +privacy protections. \begin{figure*}[t!] \includegraphics[width=\textwidth]{figs/paypal.pdf}