I recently read an interview of Bruce Schneier about companies not being responsible enough for security to make the changes needed to protect our online finances among other things.
Well, I know getting people to adopt new technology is difficult if it makes life less convenient, so perhaps this is a pipe dream or fanciful idea that has all sorts of prerequisites I won't go into in this post:
Companies like Visa should provide a web appliance for vendors to manage sales transactions, so that vendors (eg amazon or facebook) never actually have a credit card number. The user verifies the sale and authorizes it to Visa (or someone else). This would have to involve something like a SecurID key fob so that a physical device has to be stolen to successfully steal a credit card.
As a note, since I started this post I did some searching. Google is already doing something like this. Paypal is too, but already has key fobs for authentication as well as virtual credit cards. This makes me trust and want to use paypal.
Potential Effects: (1) One point of failure/attack [the transaction provider]. (3) A credit card can't be stolen anymore without stealing a physical device. [Reduces/eliminates wholesale credit card fraud.] (3) Users must get a key fob for every credit card or account. [could get unweildy if you end up needing 4 to 10 of them]
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment