{% include "common/header.j2.inc" %}
With Alipay being increasingly accepted in retail stores in US and Europe,
European banks continue to lose market share to big technology
providers.
With GNU Taler, we could establish an open standard with a level
playing field preserving the independence of national economies
by establishing a commons that protects critical infrastructure
from domination by a handful of global players.
A major data breach of Indian banks forced these institutions to warn 3.2 million
customers that their accounts might have been compromised and that they need
to obtain new bank cards and PIN numbers.
With GNU Taler, banks can implement privacy by design and minimize data collection,
minimizing the impact of security breaches and satisfying GDPR regulations in Europe.
Security researchers found evidence of adversaries targeting online shops offering credit cards
to steal and resell credit card credentials.
With GNU Taler, shops would never receive sensitive personal information such as credit cards,
thus hacked online shops would not create such hassles for consumers.
Banks are naturally unhappy about shouldering the cost for fraud, and use
various tricks to impose the costs on their customers without providing
adequate help to minimize fraud.
With GNU Taler, cryptography ensures that identity theft and many related
types of fraud are no longer possible, allowing banks to offer customers
a payment experience where neither side needs to worry about fraud.
With ApplePay starting in France, pressure on
European banks increase as they are set to
lose market share to big technology providers.
With GNU Taler, we could establish an open standard with a level
playing field preserving the independence of national economies
by establishing a commons that protects critical infrastructure
from domination by a handful of global players.
Security researchers found serious security flaws in the German "electronic cash" system
which enable criminals to withdraw funds from merchant accounts based on the information printed
on receipts and other information obtained from public sources or point-of-sales terminals purchased
online.
The German "electronic cash" system is based on the "Poseidon" protocol, for
which there is no publicly accessible specification or reference implementation. This has allowed
such major security holes to persist for decades.
"Suppose you were an advisor to the head of the KGB,
the Soviet Secret Police. Suppose you are given the
assignment of designing a system for the surveillance of all
citizens and visitors within the boundaries of the USSR. The
system is not to be too obtrusive or obvious. What would be
your decision?"
The think tank RAND essentially answered this question with
a blueprint for modern payment systems. Taler offers an
escape from the financial panopticon.
Apple Pay may be easy to use, but the simplistic
user identification creates opportunities for fraud,
resulting in much higher fraud rates than even with traditional
credit card systems.
Taler does not require user identification, enabling
ease of use while also being effective against fraud.
The Visa and MasterCard duopoly has eliminated competition among
banks, setting fees that take away a significant share of profits from
small merchants.
Taler is an open standard with free software
implementations, so merchants do not have to fear a lack of competition.
Merchants taking credit card data from customers now have to additionally
fear banks suing them for losses. It is not suggested that the merchant
in question was not in compliance with PCI DSS security audit procedures.
With Taler, merchants never handle sensitive personal credit data, and
thus neither customers, exchanges nor governments would even have standing to
sue merchants in court. Thus, if a merchant system were to be compromised,
the damage would be limited to the merchant's own operations.
Following Visa and MasterCard's move to biometrics, PayPal
now supports authenticating purchases with fingerprint
recognition.
Hence, police can now forcefully take user's fingerprints and
access their mobile computers and possibly empty their electronic wallets
in addition to their physical wallets.
For Taler, we advise users to protect their digital wallets using
passphrases.
Yasser Ali reports a now patched vulnerability in PayPal that would
have allowed him to reset other user's passwords and take over their
accounts. This is unlikely to be the last vulnerability found in
account-based payment systems.
In Taler, customers do not have accounts with usernames, passwords
or associated e-mail addresses. Instead, Taler uses reserves which
are represented by a private key on the owner's computer. Users
create a reserve by depositing currency at a Taler exchange, and can then
withdraw digital coins from that reserve using the respective private
key. There is no limit on the number of reserves a user can have, and
even hacking the Taler exchange would not provide an adversary with access to
user's reserves (as the Taler exchange does not have the private keys).
Stealing in Taler requires breaking into each customer's computer to
extract the reserve keys or the coins from the digital wallet.
Visa and MasterCard are planning to "simplify hated verification
systems" by moving from passwords to security codes on mobiles
and biometrics. Continuing their flawed insistence on verifying identity,
Visa and MasterCard will thus build a very personal picture of their
customers, from shopping habbits down to their cardiac rhythm.
Taler does not require a customer's identity to verify a payment, as the
payment system cryptographically verifies the coins. Thus, Taler does
not have to intrude into any personal detail of a citizen's life, and
certainly not their private medical data.
Despite the EU allowing the NSA access to financial transaction data to
track terrorists and organized crime, the NSA saw it necessary to
target international payment processors including SWIFT and Visa.
As terrorism and organized crime are covered by legal means, industrial
espionage to improve the US economy is the only remaining US national
interest within the NSA's mandate that would explain this illegal activity.
With Taler, exchanges will only learn the value of a merchant's transactions,
not who paid or for what (governments may learn what was sold). Thus,
the Taler exchange is a significantly less interesting target for industrial
espionage.