An article on the BBC website made me think about possible improvements to the security of credit cards. Let’s face it, the current scheme is pathetically outdated and the credit card companies (the likes of Visa and Mastercard) do nothing about it.
So how about a better scheme? Signatures are outdated (and they never check them anyway). A time-based rolling number, like that provided by the RSA SecurID Token that must be entered manually and is only valid for a few minutes (and one transaction) might help. Or perhaps smart card technology (already in use in Europe) that can digitally sign transactions (although this would need card readers for home users so that they can continue to shop online). One-time-use numbers might help online, but they have problems (they cannot be used where a physical card is needed to pick up the item, such as when ordering movie tickets or airline tickets online) and they don’t guard against the card processing firms “losing” the numbers they are sent by stores.
I hear your angst, but that screamonline article is side splittingly funny. Credit card companies safeguarding against hackers would be a start and shops not printing the full credit card number on receipts would be a good second.
I use MBNA Shopsafe for all my on-line purchases, I even pay for servicing the car and Fastrak with it.
Years ago an Australian guy was trying to get people interested in a challenge/response model that used a little card calculator and a PIN code, it would get challenged then you’d enter your PIN and it would generte the response.