Page 1 of 1

Security: facts against member dispute

Posted: Wed Apr 17, 2013 9:57 am
by cycloshost
Hi,

we are using the access password and the transaction password. We would like to know how to act in case a member assures he/she didn't make the payment and files a contestation.

With Cyclos can we assure that the person who is making a transaction is really the member?

How other projects are dealing with this scenario? Is planned any kind of digital signature for transactions? Is the transaction password equivalent to a digital signature?

Re: Security: facts against member dispute

Posted: Wed May 29, 2013 8:39 am
by gianfranco
Hello, I am new to this forum and I'm just reading the former forum posts to familiarize myself with this community.
But the question below is, in my opinion too, very important. The trust in a system, that is in an economic community managed by such system, is pivotal to vehiculate and make growing the trust about each other and so about her/his promise to balance the economic exchanges one partecipate in.

I do hope there are already idea at this regard; on the contrary this item should be urgently and strongly addressed by the cyclos community or, at least being aware there is a strong social issue.
Thanks and regards,
Gianfranco

Re: Security: facts against member dispute

Posted: Tue Jun 04, 2013 1:55 pm
by admin
Hi,

A transaction password can never give you 100% certainty that it was indeed the user (account owner) that made the payment. For example the user might he written the password down at a paper or in a digital file, and somebody could have used it. Passwords and security are not just a technical issues. Policies are very important. For example, having two passwords (login and transaction) is considered more save than using just one login password. Many things can be improved by configuration. Setting expire dates and prohibiting 'easy' passwords will also improve the security level. Confirmation by SMS and e-mail will also help. A good practice is to go trough the ISO27000 security standards.

We try to be as up to date as possible when it comes to security. Actually large part of our resources are being spend on security and data integrity. In Cyclos4 new authentication methods will be added such as biometric authentication, confirm by external channel (e.g. SMS).

Hope this helps,