|Subject:||Re: [Taler] Regulations for Taler|
|Date:||Tue, 9 May 2017 09:38:47 +0200|
|User-agent:||Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0|
On 08/05/2017 20:07, Christian Grothoff wrote:
Could you explain backup/sync a bit more? Is this a local (network) backup which the user has to setup himself or a backup somewhere online provided by a another party but where the wallet information is stored in an encrypted way?On 05/08/2017 04:49 PM, Dieter Vekeman wrote:Hi I'm trying to work out some practical use cases for Taler. This is a bit hard sometimes in terms of regulation.In terms of regulation, the closest equivalent are pre-paid credit cards.One requirement which I think should have to be satisfied is something similar to Card Stop in case of loss, theft or misuse. Not only preventing from spending the remaining coins but also refresh / refund the remaining value.Well, "loss" is relative, if you have a backup, you didn't loose it. "theft" implies someone else has it. If you are fast, you could deposit the coins from your backup into your bank account, that prevents refresh. Refund is not applicable anyway, that's a merchant's doing. If the thief already spent the coins, it's simply too late. Misuse: As a citizen there is no "misuse", you can use your money in any legal business you see fit. It would be highly dangerous to allow the government (or anyone else) to single out individual citizens and to prevent them from spending cash (analog or digital). The fact that the business must be legal is enforced against the merchants, so here they will be prevented from receiving funds if they are found to be engaging in illegal activities. But again that's not about preventing spending by the customer.To me it seems that this is currently not possible (maybe somewhat possible in case the user has a backup of the wallet).Right. I generally expect that once we have backup/sync, we'll pretty much enforce its use by telling users to print out the key to their (network) backup immediately upon installation or so.
Upon loss what would the user do with the the key they printed out?
EU legislation (DIRECTIVE 2007/64/EC) limits the liability of the user and _once a user has notified a payment service provider that his payment instrument may have been compromised, the user should not be required to cover any further losses_.That doesn't help against theft, but then again I don't see regulators outlawing cash or credit cards or gold _just_ because they could be stolen. ;-)From the videos / documentation I learned that loosing a Taler wallet is like loosing a physical wallet. But I don't think a regulator would accept that answer.The experts we talked to did not suggest theft of the wallet would be a major issue. Note that customers are not expected to carry significant balances in the wallet, only the cash they spent in their daily lives (not savings!).
I'm just assuming this directive is applicable to Taler...
(Article 3 Negative scope mentions which types of services to which the directive _does not_ apply).
Quote from the DIRECTIVE 2007/64/EC 
(32) In order to provide an incentive for the payment service user to notify, without undue delay, his provider of any theft or loss of a payment instrument and thus to reduce the risk of unauthorised payment transactions, the user should be liable only for a limited amount, unless the payment service user has acted fraudulently or with gross negligence. Moreover, once a user has notified a payment service provider that his payment instrument may have been compromised, the user should not be required to cover any further losses stemming from unauthorised use of that instrument. This Directive should be without prejudice to the payment service providers' responsibility for technical security of their own products.
What would be some possible solutions or workarounds such that a user could recover from theft or loss?Easy: * Theft: usually nothing. * Loss: backup.
|[Prev in Thread]||Current Thread||[Next in Thread]|