The problem is incentive alignment. For example, for CNP (card not present) fraud, the merchant eats the loss, so the credit card company has limited incentive to make the system more secure. After all, they still get their cut even on charge-backs.
Same problem here: everybody might be better off with a more secure system, but the benefits don't occur until almost everyone uses the system, so nobody has an incentive to go first.
That should, I think, make some predictions about the deployment and effectiveness of anything really new and effective. As with certain types of credit card fraud, it appears to be cheaper for the financial institutions to build the costs into their fee structure and then just eat the losses, rather than making significant investments in better systems or more inconveniences that might drive customers away.
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf