Two references

2 files changed, 46 insertions, 8 deletions

diff --git a/articles/ui/taler.bib b/articles/ui/taler.bib
index 371b90482..b576d3804 100644
--- a/articles/ui/taler.bib
+++ b/articles/ui/taler.bib
@@ -181,6 +181,15 @@
   publisher={Centrum voor Wiskunde en Informatica}
 }
 
+
+@misc{NYA:CyberExtortionRisk,
+  title = {Cyber Extortion Risk Report 2015},
+  author = {\relax NYA International},
+  month = {October},
+  year = {2015},
+  howpublished = {\url{http://www.nyainternational.com/sites/default/files/nya-publications/151027_Cyber_Extortion_Risk_Report_2015_0.pdf}}
+}
+
 @misc{ECB:TRoCF2014,
   title     = {Third Report on Card Fraud},
   author = {{\relax European Central Bank}},
@@ -188,3 +197,30 @@
   year      = {2014},
   howpublished = {\url{https://www.ecb.europa.eu/pub/pdf/other/cardfraudreport201402en.pdf}},
 }
+
+
+
+@inproceedings{3DSsucks,
+ author = {Murdoch, Steven J. and Anderson, Ross},
+ title = {Verified by Visa and Mastercard Securecode: Or, How Not to Design Authentication},
+ booktitle = {Proceedings of the 14th International Conference on Financial Cryptography and Data Security},
+ series = {FC'10},
+ year = {2010},
+ isbn = {3-642-14576-0, 978-3-642-14576-6},
+ location = {Tenerife, Spain},
+ pages = {336--342},
+ numpages = {7},
+ doi_url = {http://dx.doi.org/10.1007/978-3-642-14577-3_27},
+ doi = {10.1007/978-3-642-14577-3_27},
+ acmid = {2163598},
+ publisher = {Springer-Verlag},
+ address = {Berlin, Heidelberg},
+ url = {https://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf}
+} 
+
+
+
+
+
+
+
diff --git a/articles/ui/ui.tex b/articles/ui/ui.tex
index 3168558ab..1476424e1 100644
--- a/articles/ui/ui.tex
+++ b/articles/ui/ui.tex
@@ -301,7 +301,7 @@ the merchant not accepting the particular card issuer.
 Traditionally, merchants bear most of the financial risk, and a key
 ``feature'' of the 3DS process compared to traditional card payments
 is to shift dispute {\em liability} to the issuer of the card---who
-may then try to shift it to the customer.
+may then try to shift it to the customer \cite[\S2.4]{3DSsucks}.
 %
 % online vs offline vs swipe vs chip vs NFC ???
 % extended verification
@@ -417,13 +417,15 @@ volatile.~\cite{jeffries_economists_v_btc,lehmann_btc_fools_gold,lewis_btc_is_ju
 
 Bitcoin's pseudononymity applies equally to both customers and
 merchants, which makes Bitcoin amen\-able to tax evasion, money
-laundering, and sales of contraband.  As a result, anonymity tools
-like mixnets do not enjoy widespread support in the
-Bitcoin community where many participants seek to make the currency
-appear more legitimate.  While Bitcoin's transactions are difficult to
-track, there are several examples of Bitcoin's pseudononymity being
-broken by investigators~\cite{BTC:Anonymity}.  This has resulted in
-the development of new protocols with better privacy protections.
+laundering, sales of contraband, and especially extorion
+ \cite{NYA:CyberExtortionRisk}.  
+As a result, anonymity tools like mixnets do not enjoy widespread
+support in the Bitcoin community where many participants seek to make
+the currency appear more legitimate.  While Bitcoin's transactions
+are difficult to track, there are several examples of Bitcoin's
+pseudononymity being broken by investigators~\cite{BTC:Anonymity}.  
+This has resulted in the development of new protocols with better
+privacy protections.
 
 \begin{figure*}[t!]
 \includegraphics[width=\textwidth]{figs/paypal.pdf}