Wednesday, June 22, 2005
CREDIT CARD SECURITY
Several widely publicized security breaches, loss of credit card numbers, disappearance of social security numbers and other assaults on the credit system suggest that it is time to drastically revise the methods by which transactions are handled.
Once upon a time it was hard to pay even by check. Merchants were so afraid of not getting their money, they required multiple ID's if they took anything but cash. Now, you swipe your card yourself, scribble something unintelligible with a stylus on an electric pad, and they don’t even pretend to check the validity of the transaction.
Merchants were afraid of not getting paid, and it was too hard for the consumer. The system was not liquid enough. Now the system is again too hard for the consumer, but for a different reason. It is too easy for the consumer's credit to be ripped off.
Relying on social security numbers and your mother's maiden name is not enough. A new system needs to be devised which provides a second, personal, secure validation to verify a transaction as valid. For example, a consumer could establish a secondary security code before shopping (by phone or computer perhaps) and the merchant would need to use that code before a transaction was validated. (The AMEX BLUE card was designed for an online system like this -- where the card number used in an online transaction is disguised and tied to the actual owner -- although the fully secure system is not set up by default when you get the card.)
Many people were concerned about the security of online transactions before e-commerce was developed, but the big problem online (at least so far) is not the safety of the individual transaction, it is the safety of the records.
It is important that the system remain easy to use, but it needs to protect the consumer more effectively.