An article on the BBC website made me think about possible improvements to the security of credit cards. Let’s face it, the current scheme is pathetically outdated and the credit card companies (the likes of Visa and Mastercard) do nothing about it.
So how about a better scheme? Signatures are outdated (and they never check them anyway). A time-based rolling number, like that provided by the RSA SecurID Token that must be entered manually and is only valid for a few minutes (and one transaction) might help. Or perhaps smart card technology (already in use in Europe) that can digitally sign transactions (although this would need card readers for home users so that they can continue to shop online). One-time-use numbers might help online, but they have problems (they cannot be used where a physical card is needed to pick up the item, such as when ordering movie tickets or airline tickets online) and they don’t guard against the card processing firms “losing” the numbers they are sent by stores.