Saturday, November 15, 2008

More possible solutions to credit card scams..

.. which might not drive consumers crazy??

Credit cards which generate one-time PINS.

"The next-generation cards feature a numeric keypad on the back of a plastic card. Customers enter their PIN code to generate a one-time password. This code, displayed on a card’s display panel, is then used to authenticate online purchases.

The approach is an alternative to using a password when authenticating online purchases through the much-criticised Verified by Visa scheme. As previously reported, VbyV passwords can often be easily reset knowing only card details and a user's birthday."

Re my previous suggestion of decent roll out of two factor ID, ie, dongles etc, A Reader writes:

"Physical banking tokens are a complete pain in the arse; I either carry the sodding thing about with me, in which case we have the modern equivalent of 'keep your chequebook and cheque guarantee card separately' -- no, actually, I am a woman and I carry a handbag because my business clothes do not have pockets, and all this stuff is in it; plus, although it's not terribly heavy, it's another thing to carry -- or I am essentially disenfranchised from key banking services when I'm not at home. I get particularly pissed off with the physical token when I make periodical payments of random amounts from my current account to my offset mortgage account. I have paid money to this account before. Lots of times before. The chances of this transaction being fraudulent is nil. Why are you asking for token codes?"

EDIT: a new report on this on OUT_Law makes it a bit clearer that this tchnology replaces BOTH the verified-by-Visa type programmes and the dongle. Instead the one time PIN generated requires the user to both have the card and the usual PIN - efectively making online, card not present transactions as secure as face=to=face ones.

Although this obviously still allows for some fraud, it does seem a major step forward. Here's hoping the trial is successful, says this very fed up online shopping card user.

AReader also rather sensibly asks why all banks can't demand as little security as PayPal, ie, one usrname and password. Presumably because when losses acrue due to hacking of PayPal accounts the losses stay with the credit card isssuers not PayPal ? Does anyone know how PayPal manages risk??

No comments: