†© 1999 Jane Kaufman Winn.

† Associate Professor, Southern Methodist University School of Law, Dallas, Texas. Web site: <http://www.smu.edu/~jwinn>. E-mail: <jwinn@mail.smu.edu>. The author gratefully acknowledges the thoughtful comments of Russell B. Stevenson, Jr., Ronald Mann, Mitchell Grooms, Kawika Daguio, Dwight Arthur, and Vadim on earlier drafts of this article.

The title of this article is taken from the film, CLASH OF THE TITANS (MGM-UA 1981). No Titans actually appear in the movie, which deals instead with the myth of Perseus and Andromeda. The movie starred Lawrence Olivier, Harry Hamlin, Burgess Meredith, Ursula Andress, Claire Bloom and Maggie Smith, and featured stop-motion animation effects by Ray Harryhausen.

1. Michael Meyer, Culture Club, NEWSWEEK, July 11, 1994, at 38.

2. Cable from Mark Twain to The Associated Press (June 2, 1897).

3. This account is taken from 1 ROBERT GRAVES, THE GREEK MYTHS 37-44 (1955).

4. On the side of the visionaries, see, for example, DANIEL C. LYNCH & LESLIE LUNDQUIST, DIGITAL MONEY: THE NEW ERA OF INTERNET COMMERCE (1996). On the side of the more jaded observers, see Martin Mayer, Playing Payments Poker, INSTITUTIONAL INVESTOR, Sept. 1998, at 49.

5. See ROBERT A. SCHWARTZ, EQUITY MARKETS: STRUCTURE, TRADING, AND PERFORMANCE 523 (1988).

6. FedWire is the wholesale funds transfer system operated by the Federal Reserve Banks. Since the obligations of the Federal Reserve Banks are the legal tender of the U.S., a credit on the books of the Fed that results from a FedWire transfer is also money in the sense of legal tender in the U.S.

7. See LARY LAWRENCE, AN INTRODUCTION TO PAYMENT SYSTEMS 336 (1997). Payment by cash in many respects sets the standard for finality, since once cash has been exchanged for another asset, the purchaser has no power other than persuasion to recover the cash. Many forms of electronic funds transfers have the same high degree of finality, but credit card transactions can be unwound weeks or even months after the transaction has taken place due to the statutory right of the card holder to contest charges that appear on periodic statements. See Truth in Lending (Regulation Z), 12 C.F.R. pt. 226.12 (1998) (special credit card provisions, including liability for unauthorized use), id. pt. 226.13 (1998) (billing error resolution provisions). Payment by check is more final than payment by credit card, but nevertheless can still be reversed if the drawer of the check manages to instruct the drawee of the check to refuse payment before the check has actually cleared. See U.C.C. § 4-403 (1996) (customer's right to stop payment).

8. See Banque Worms v. BankAmerica Int'l, 570 N.E.2d 189 (N.Y. Ct. App. 1991) (" [The] concern for finality in business transactions has long been a significant policy consideration in this State. In a different but pertinent context, we observed in Hatch v. Fourth National Bank, 147 N.Y. 184, 192, 41 N.E. 403 [N.Y. Ct. App. 1895] that 'to permit in every case of payment of a debt an inquiry as to the source from which the debtor derived the money, and a recovery if shown to have been dishonestly acquired, would disorganize all business operations and entail an amount of risk and uncertainty which no enterprise could bear.'").

9. See RONALD J. MANN, PAYMENT SYSTEMS AND OTHER FINANCIAL TRANSACTIONS: CASES, MATERIALS AND PROBLEMS 117 (1999).

10. Electronic funds transfers, unlike credit cards, generally have a high degree of finality. For that reason, debit cards as a point-of-sale EFT device are very popular with merchants and much less popular with consumers who are accustomed to enjoying the float when they make payments from their bank accounts using checks. Id.

11. For example, U.C.C. § 4-208(c) provides that a drawee bank may not shift the loss caused by a fraudulent indorsement or alteration of a check onto a third party who negotiated the check if the drawee bank's own customer's negligence made it possible for the fraud to occur. See LAWRENCE, supra note at 249.

12. For example, the National Automated Clearing House Association just revised its system rules to provide for the first time for fines for clearing house members who fail to perform their assigned roles within the deadlines established by the rules. See NATIONAL AUTOMATED CLEARING HOUSE ASSOCIATION, 1999 ACH RULES: A COMPLETE GUIDE TO RULES & REGULATIONS GOVERNING THE ACH NETWORK at R2 (1999).

13. For a general explanation of the nature of credit card transactions, see LAWRENCE, supra note at 513-515.

14. With advances in desktop publishing, however, many of these traditional obstacles on forgery are eroding rapidly.

15. Payment systems that are part of the banking system, such as the check clearing system and funds transfer systems, are subject to a higher degree of government oversight than payment systems run outside the banking system, such as the credit card system. The credit card industry is still subject to some oversight at the level of card issuer-card holder relations pursuant to the Truth in Lending Act.

16. This represents a variation of "Herstatt risk," which refers to the risk that foreign exchange traders or other money market participants assume when they fulfill their obligations to counterparts without requiring the counterpart to fulfill its obligations simultaneously. Herstatt risk is named after the German bank, Bankhaus I.D. Herstatt K.G.a.A., that was closed in 1974 by regulators before it settled its foreign exchange obligations to other banks. See Raj Bhala, Self Regulation in Global Electronic Markets Through Reinvigorated Trade Usages, 31 IDAHO L. REV. 863, 867 n.7 (1995). If a bank offers its customers a choice of various payments services, and assumes on behalf of its clients the risk that any one of those systems will fail to settle, the bank will be exposed to a risk that obligations under each payment system will not in fact be settled at the end of the trading day due to time zone and operating time differences. This is similar to the risk banks face in foreign currency markets that obligations denominated in different currencies will not be settled at the end of the trading day if there are significant differences between operating times of the payment systems.

17. See, e.g., WILLIAM J. CLINTON AND ALBERT GORE, JR., A FRAMEWORK FOR GLOBAL ELECTRONIC COMMERCE (1997), available at <http://www.iitf.nist.gov/eleccomm/ecomm.htm>.

18. In 1997, personal checks accounted for 52.37% of the dollar volume of consumer payments, and 32.32% of the total number of transactions, while cash accounted for 17.43% by dollar volume and 40.76% by number of transactions. When other paper-based payment devices such as money orders, travelers checks, official checks (including cashier's checks, teller checks and certified checks) and food stamps are added, 73.36% of all consumer payments by dollar amount, and 75.49% by volume were paper-based. Consumer Payment Systems, THE NILSON REPORT, Nov. 1998, at 8.

19. Pre-authorized electronic funds transfers, such as direct deposit of payroll, or payments authorized online or by telephone, accounted for only 2.51% by dollar volume and 1.13% by number of transactions of the total. Card-based payments, which may be electronic or may rely on paper processes, accounted for 24.14% of dollar volume, and 23.39% by transaction volume of the total. Credit cards accounted for the largest amount of card-based payments, with 21.12% by dollar volume and 17.99% of transaction volume, with debit cards at 2.78% and 3.69% respectively. Stored value cards, which in the U.S. consist primarily of phone cards, accounted only for 0.14% of dollar volume and 1.51% of transaction volume, and electronic government benefit cards accounted for only 0.10% of dollar volume and 0.20% of transaction volume. Id.

20. See Bill Orr, The Great Card Question: Will It Be Smart Or Debit?, ABA BANKING J., Sept. 1998, at 54.

21. See U.C.C. § 4-403.

22. See U.C.C. §§ 3-401, 3-403, 3-406, 3-418.

23. The only electronic data processed by checks is in the MICR line at the bottom of the check, which reflects the limitations of computers in the 1950s when it was introduced. The MICR line includes the customer's bank's routing number, the customer's account number, the number of the check and the amount of the check. Unlike credit and debit card systems, the MICR line does not permit the payee's identity to be processed automatically. The check collection system permits the automated calculation of the customer's balance, but does not support the retention of the same volume of transaction information by the service provider that the credit and debit card processing systems do.

24. See TeleCheck, TeleCheck Homepage, (visited April 20, 1999) <http://www.telecheck.com>. See also For a fee, service takes the worry out of checks, ARIZ. BUS. GAZETTE, May 11, 1995, at 22.

25. See U.C.C. §§ 4-104(a)(10); 4-214(a); 4-215(a).

26. See 2 FURASH & CO., BANKING'S ROLE IN TOMORROW'S PAYMENTS SYSTEM, 46, 61 (1994) (study prepared for the Banking Research Fund on behalf of the Payments System Committee of the Bankers Roundtable).

27. In 1993, there were about 70 million FedWire funds transfers and 61 billion checks processed. Id. at 10, 46. There were 7.7 billion electronic funds transfers made in 1993 using ATM and ACH networks. Id. at 97. Although 95% of these transfers were made through ATM machines, id., the popularity of direct debit and direct deposit through ACH networks, and point-of-sale EFTs have grown rapidly in recent years.

28. For a discussion of the significance of closed network electronic commerce as it developed in the market for funds transfers, see Jane Kaufman Winn, Couriers Without Luggage: Negotiable Instruments and Digital Signatures, 49 S.C. L. REV. 739, 757 (1998).

29. For background on CHIPS, see 2 FURASH & CO., supra note , at 61-65.

30. See Prefatory Note, U.C.C. Article 4A (1995).

31. One basic premise regarding funds transfer law was not modified during the drafting process: the price paid by users of the funds transfer system should not include any substantial risk premium to compensate those harmed by many common forms of fraud or error. Regular users of the wholesale funds transfer system did not want to pay a risk-adjusted price for the service, preferring instead to take responsibility for fraud and error prevention and paying only a nominal price to transfer large amounts of money over a system with a very high degree of finality. This decision to keep risk-pooling at a minimum and force each participant, whether bank or customer, to take primary responsibility for fraud and error losses, is well suited to a wholesale market where only sophisticated players are present. It is a complete departure from the paternalistic risk management model used in the consumer credit card system.

32. See 2 FURASH & CO., supra note , at 45.

33. These controls include bilateral credit limits, which limit the net amount of credit each financial institution will accept from every other participant, and sender net debt caps, which are limits on the maximum debit position any participant may maintain during a trading day. In addition, the financial condition of members of CHIPS is monitored, and sophisticated technological controls are maintained over communications within the system. See 2 FURASH & CO., supra note at 63-65.

34. See U.C.C. Article 4A prefatory note. See also U.C.C. §§ 4A-404, 4A-405 (beneficiary's bank may delay acceptance of a payment order until after it has received payment).

35. See 2 FURASH & CO., supra note , at 64.

36. 14 C.F.R. pt. 226 (1998).

37. See id. pt. 226.12(a).

38. See id. pt. 226.12(b).

39. See id. pt. 226.13.

40. See 12 C.F.R. pt. 226, supp. 1, cmt. 12(b)(2)(iii)-3 (1999) (official staff interpretations of Regulation Z).

41. See id. cmt. 12(b)(2)(iii)-1.

42. The same analysis applies if the merchant only reads the information recorded in the magnetic strip on the card without examining the card itself. See id. cmt. 12(b)(2)(iii)-2.

43. See LAWRENCE, supra note , at 515-516. If the presenting merchant is not available to take the chargeback, the bank that accepted the charge from the merchant becomes responsible for the chargeback. See id.

44. See 12 C.F.R. § 226.12(c).

45. See id. § 226.12(b).

46. There are over 1 billion credit cards in circulation in the U.S. See 2 FURASH & CO., supra note at 83.

47. See DONALD I. BAKER AND ROLAND E. BRANDEL, THE LAW OF ELECTRONIC FUNDS TRANSFER SYSTEMS ¶1.03 (1996).

48. See id. at ¶1.03[5].

49. 15 U.S.C. § 1693 et seq. (1994).

50. 12 C.F.R. pt. 205 (1996)

51. See 12 C.F.R. pt. 205.6.

52. See Jeffrey Green, When Voluntary Action May Not Be Enough, CREDIT CARD MANAGEMENT, May 1998.

53. For a general discussion of the role of cryptography in electronic commerce conducted over open networks, see Jane Kaufman Winn, Open Systems, Free Markets and the Regulation of Internet Commerce, 72 TUL. L. REV. 1177 (1998).

54. See SET Secure Electronic Transaction LLC, About SETCo Secure Electronic Transaction, LLC (visited Apr. 26, 1999) <http://www.setco.org/about.html>. For general information about SET, see SET Secure Electronic Transaction LLC, SETCo Website (visited Apr. 21, 1999) <http://www.setco.org>.

55. The SETCo website FAQ for merchants and users states that "SETCo expects that many banks will begin offering digital certificates to merchants and cardholders in mid-1998." SET Secure Electronic Transaction LLC, Frequently Asked Questions (visited Apr. 26, 1999) <http://www.setco.org/faq_usr.html>. In fact, this did not happen.

56. SETCo has posted a white paper on its website challenging these claims. See CHRIS LETOQ & STEVE YOUNG, SET COMPARATIVE PERFORMANCE ANALYSIS 25-26 (Nov. 2, 1998) (White Paper prepared by Gartner Consulting for SETCo), available at <http://www.setco.org/download/setco6.pdf> (PDF file).

57. The SETCo website FAQ for merchants and users stated "Some of the initial key benefits [to merchants] are ... [r]educed costs associated with fraud." SET Secure Electronic Transaction LLC, supra note .

58. What may have been the most significant factor undermining SET's prospects for acceptance in the marketplace was the development of the SSL standard for secure message transmission. See discussion infra, Part V.A.

59. See Elizabeth Douglass, IPO Nets a Bundle for First Virtual, SAN DIEGO UNION-TRIB., December 14, 1996 at C-1

60. See Bob Woods, First Virtual Gives Net Payment System Heave Ho, NEWSBYTES, July 21, 1998

61. See BRUCE SCHNEIER, APPLIED CRYPTOGRAPHY 115 (2d ed. 1996).

62. See DigiCash, How eCash Works Inside (visited Apr. 26, 1999) <http://www.digicash.com/index_e.html>. See generally A. Michael Froomkin, Flood Control on the Information Ocean: Living With Anonymity, Digital Cash, and Distributed Databases, 15 J.L. & COM. 395, 460 (1996).

63. See James Gleick, Dead as a Dollar, N.Y. TIMES MAG., June 16, 1996, at 26.

64. See id.

65. See id.

66. See Jeffrey Kutler and Carol Power, Electronic Commerce: Bankrupt DigiCash to Seek Financing, New Allies, AM. BANKER, November 10, 1998, at 18.

67. See Kimberly Patch and Eric Smalley, Drop a Dime Online, INFOWORLD, Nov. 30, 1998, at 71.

68. See MilliCent Microcommerce System, Find Out What's New, What's Hot and What's Happening With MilliCent (visited April 21, 1999) <http://www.millicent.digital.com>.

69. See CyberCash, Inc., The CyberCoin Cash Card User's Guide (visited April 26, 1999) <http://www.cybercash.com/mscpc/help/cashcardtoc.html>.

70. Developers of micropayment technology remain hopeful that it will one day prove to be a "disruptive technology" that challenges successful, established competitors by meeting consumers' unstated or future needs. See CLAYTON CHRISTIANSEN, THE INNOVATOR'S DILEMMA (1997) (discussion of "disruptive technologies"). The sudden popularity of MP3 media files has focused the minds of intellectual property rights owners on the need for finely calibrated metering and payment technologies in Internet commerce. See Whit Andrews, Microsoft Bets $15M on Maker of Micropayment Technology, INTERNET WORLD, March 15, 1999.

71. See Mondex Electronic Cash, What is Mondex? (visited April 26, 1999) <http://www.mondex.com/mondex/cgi-bin/printpage.pl?style=noframescash&fname=../documents/intro1.txt&doctype=genp>.

72. Smart cards are a popular payment device in Europe, where the technology was developed and in Japan. Checks and credit cards are less popular in Europe and Japan than in the U.S. while payment in cash or devices with the same finality as cash such as debit cards are popular, leading to lower consumer expectations with regard to the finality of payments and their ability to enjoy the float.

73. See discussion of credit and debit card liability rules, supra Parts III.C-D.

74. Before 1995, the NSF Acceptable Use Policy prohibited commercial use of the Internet. See NAT'L SCI. FOUND., OFF. OF INSPECTOR GEN'L, REVIEW OF NSFNET 79-80 (1993), available at <http://www.nsf.gov/pubs/stis1993/oig9301/oig9301.txt> (paginated ASCII document).

75. For example, smart cards might be used as access devices for existing account-based systems such as checking accounts or credit cards. The extra processing functions of the smart card could be used first to enhance the security of older systems in ways that are transparent to end users. Once smart cards are in the hands of end users and large numbers of merchants have installed smart card readers, additional application for this technology could be added, such as tracking merchant loyalty programs or disbursing electronic cash equivalents. See Jeffrey Kutler, Smart Cards: Mondex Again Trumpets The Need For Open Internet Payment Standards, AM. BANKER, April 14, 1999, at 13.

76. See discussion supra Part III.E.

77. Although SSL began as a proprietary standard, Netscape is taking steps to have SSL recognized as a World Wide Web Consortium and an Internet Engineering Task Force standard, which would effectively convert it into an open, public standard. See whatis, What Is ... SSL? (last modified January 4, 1999) <http://whatis.com/ssl.htm>.

78. See Cynthia Morgan, Dead Set against SET?, COMPUTERWORLD, March 29, 1999 at 74.

79. See id. The SSL 3.0 specification does, in fact, permit client certificates to be used, although there are no major retail applications using this feature of SSL today. See Netscape Communications Corp., SSL 3.0 Specification (visited Apr. 26, 1999) <http://home.netscape.com/eng/ssl3/index.html>.

80. See Netscape Communications Corp., supra note .

81. See Neal Weinberg, Digital Dough Fails to Rise, NETWORK WORLD, April 12, 1999 at 47.

82. See id.

83. See Netscape Communications Corp., supra note .

84. See discussion supra notes - and accompanying text.

85. Weinberg, supra note . For instance, merchant banks and credit card associations have adjusted their pricing structure for accepting credit card charges, with the lowest discount rates applying to material-world transactions where the card is present and can be inspected by the merchant, higher discount rates for MOTO transactions, and the highest discount rates for Internet originated charges. Telephone Interview with Steve Watson, Executive Sales Officer, BA Merchant Services, Dallas, Texas (Apr. 21, 1999).

86. See Rod Newing, Consumers' Trust Is Growing, FIN. TIMES (LONDON), March 24, 1999, at 7.

87. E-mail from Lynn Wheeler, technologist with First Data Merchant Services Corp., to author (Mar. 26, 1999) (quoting credit card industry sources) (on file with author). This information should be evaluated in light of the investment Visa and MasterCard have made in SET and has not been independently verified.

88. See, 12 C.F.R. pt. 226, supp. 1, cmt. 12(b)(2)(iii)-3 (1999) (official staff interpretations of Regulation Z).

89. For information about the e-check project see Financial Services Technology Consortium, echeck, (visited April 20, 1999) <http://www.echeck.org/>.

90. See Financial Services Technology Consortium, Financial Services Technology Consortium and U.S. Treasury Teaming up on Electronic Check Pilot Program, (visited Apr. 26, 1999) <http://www.echeck.org/kitprint/index.html>.

91. See Financial Services Technology Consortium, Description of the Electronic Check (visited Apr. 26, 1999) <http://www.echeck.org/kitprint/index.html>.

92. The lack of momentum behind the e-check project may not be due to insufficient demand. The banking industry is currently concentrating most of its effort on surviving the Year 2000 problem. Once banking executives and technologists can return their attention to other issues, interest in e-check may increase dramatically.

93. See First USA Corp., First USA, Premier E-Retailers Team to Enhance Online Shopping Experience; Internet Merchants Facilitate E-Commerce with VersaPay Digital Wallet (visited Apr. 24, 1999) <http://www.instabuy.com/press/99mar1fusa_versa.html>.

94. See CyberCash Corp., Instabuy-How It Works (visited Apr. 24, 1999) <http://www.instabuy.com/check_it_out.html>.

95. A portal is "a Web site that offers a broad array of resources and services such as e-mail, discussion forums, search engines, and on-line shopping malls." Vincent James & Erin Jansen, NetLingo: The Internet Language Dictionary (visited Apr. 22, 1999) <http://www.netlingo.com/lookup.cfm?term=portal>. In this sense, a portal is an enhanced version of an earlier generation of Internet search engine or index sites. An end user might be permitted to designate which Internet resources the user would like to be offered access to from a customized portal site, for example permitting an end user to access a home banking site, an online brokerage site, a news site, an online auction site and various Internet retail sites. Portals should reduce the amount of time the end user is required to spend locating and accessing resources, and distributors of goods and services over the Internet to build relationships with their customers.

96. See CheckFree Corporation, CheckFree Experience Online, (visited Apr. 22, 1999) <http://www.checkfree.com>.

97. See The Internet Council, The Internet Council Home Page (visited Apr. 21, 1999) <http://internetcouncil.nacha.org>.

98. See The Internet Council, Authentication & Network of Trust Work Group (ANT) Work Group Description, (visited Apr. 27, 1999) <http://internetcouncil.nacha.org/wgdesc.htm>.

99. DES was developed by IBM as the Lucifer algorithm in the early 1970s, and was adopted as a federal standard in 1976, and as a private sector standard for financial institutions in 1981. See SCHNEIER, supra note , at 266-7.

100. See Electronic Frontier Foundation, RSA Code-Breaking Contest Again Won by Distributed.Net and Electronic Frontier Foundation (EFF) (Jan. 19, 1999) <http://www.eff.org/pub/Privacy/Crypto_misc/DESCracker/HTML/19990119_deschallenge3.html>. For a general discussion of U.S. encryption policy and its critics, see STEWART A. BAKER AND PAUL R. HURST, THE LIMITS OF TRUST (1998).

101. EFT99 is an initiative of the U.S. Department of the Treasury designed to all Federal payments, except tax refunds, from paper-based payment systems to electronic funds transfers by January 2, 1999. See Financial Management Service, Electronic Funds Transfer Home Page (last updated April 14, 1999) <http://www.fms.treas.gov/eft/index.html>.

102. See DEPARTMENT OF THE TREASURY, OFF. OF PUBLIC AFFAIRS, TREASURY FINALIZES ELECTRONIC PAYMENT RULE AS ENROLLMENT NUMBERS CONTINUE TO RISE (September 25, 1998) available at <http://www.treas.gov/press/releases/pr2710.htm>.

103. U.S. consumers are very familiar with such devices. See supra Part III.A (check clearing); Part III.C (credit cards).

104. The phenomenal successes of many new Internet electronic commerce ventures raise difficult questions for investors and financiers struggling to determine whether these new models really make any sense or are just a reflection of a bubble economy. See, e.g., George Anders, Nothing ventured ... "You expect big losses and want $10 million? Sure, we'll consider it," WALL ST. J., March 17, 1999, at A1 (discussing the ability of Internet entrepreneurs to obtain millions of dollars of funding for businesses that are unprofitable today and have no prospect of profitability in the near future).

105. See Patricia Lamiell, China to establish smart card project, AUSTIN AMERICAN-STATESMAN, August 22, 1998, at D5.

106. It is beyond the scope of this paper to discuss the privacy issues raised by these data practices. Many of these uses are not currently regulated under US law today, although it is possible that some businesses will try to compete by offering to exceed legal minimums in their data privacy policies.

107. See, e.g., 2 FURASH & CO., supra note , at 29-37.