The vast majority of illicit activity and fraud committed across the Internet could be averted or at least curtailed, if destination ISP and payment intermediaries implemented effective processes for monitoring and controlling access to and use of their networks. Denning (1999) expresses that, “even if an offensive operation is not prevented, monitoring might detect it while it is in progress, allowing the possibility of aborting it before any serious damage is done and enabling a timely response”[1].
Bitcoin will simplify this. This was the killer app, so to say, in Bitcoin: sound money that does not leave the merchant or user out of pocket. Unlike Visa and MasterCard, it is just like spending cash, and there is nothing to fear when it comes to a transaction over the Internet using Bitcoin. Cards are simple to copy and replay. Bitcoin is not. More, with the ability of a merchant and user to add escrow contracts, a user and the merchant are safe.
A merchant knows they will be paid, and the user can also ensure they are going to receive their goods. If a single 2-of-3 contract is used, a user can have a payment locked to a merchant that is released only when the goods are delivered. If the delivery is lost, the escrow comes into play based on what was negotiated in the contract.
As is being noted above, there are a wide variety of commonly accepted practices, standards, and means of ensuring that systems are secured. Many of the current economic arguments used by Internet intermediaries are short-sighted, to say the best. The growing awareness of remedies that may be attained through litigation coupled with greater calls for corporate responsibility[2] have placed an ever growing burden on organisations that fail to implement a culture of strong corporate governance. In the short term the economic effects of implementing sound monitoring and security controls may seem high, but when compared to the increasing volume of litigation that is starting to incorporate Internet intermediaries, the option of not securing a system and implementing monitoring begins to pale.
So, a system that has none of these flaws is ready for wide adoption.
The introduction of contractual fines through the PCI-DSS[3] will certainly curb the economic argument against enforcing controls at an Internet intermediary. With Visa and MasterCard set to issue fines of $25,000 (US) per day for non-compliant organisations, the cost of implementing monitoring controls starts to become insignificant, at least where payment systems are concerned. The added benefit of meeting corporate-governance requirements and being able to argue that the organisation has provided at least a minimum due care implementation for its systems will also provide an added defence when facing certain tortuous claims. When the potential stipulations being sought through the “Creative Britain” strategy are added to this equation, the need for organisations, particularly Internet intermediaries, to implement secure systems and monitoring becomes essential.
Yet, all of this increases the costs to the consumer.
Opening Bitcoin as the solution is what it was designed to be.
Notes
[1] Dorothy E. Denning, Information Warfare and Security, ACM Press, New York, 1999
[2] See for instance Hazen (1977); Gagnon, Macklin & Simons (2003) and Slawotsky (2005).
[3] Details of the PCI-DSS are available online at http://www.pcicouncil.org.