A NonRepudiable transaction can't be cancelled afterwards. Contrast with CreditCard''''''s, which can "chargeback" just about any time they want to, or PayPal which can do that and freeze your customers out of your account too any time they like. More accurately, an NonRepudiable transaction can't be ''denied'' as having taken place or being legitimate; in a sense, a business transaction may still be cancelled by another such transaction. In the physical world, NonRepudiation is often provided through the use of signatures, or signature in front of a notary. However, the very real possibility of forgery, and a system incapable of validating signatures on a regular basis, significantly reduces the strength of these measures. In the electronic world, the notion of a physical signature has no value at all, and an image of such a signature can be copied perfectly from one medium to another. NonRepudiation is, instead, provided through electronic signatures utilizing the PublicKeyInfrastructure, and through authenticated interactions with a third-party medium (usually authenticated with a shared key -- a password). Even so, in the event that a key is compromised, NonRepudiation cannot be guaranteed. Additional use of contracts placing the legal burden of systems compromise upon the users of the system can provide for NonRepudiable transactions, but is questionable morally and ethically... especially when this burden is extended to all such compromises, rather than just those that can be traced to the user. Such contracts do exist, so watch what you agree to. ---- See also: NonRepudiable, PublicKeyInfrastructure