Friday, February 20, 2009

Credit Cards Post

Credit cards are absolutely, shockingly, embarrassingly insecure. Imagine for a moment that, whenever you wanted to pay for something, you handed your wallet to a stranger and said, "Here, take whatever you want." Actually, that's far more secure than credit cards. Imagine for another moment that anybody who's ever even touched your wallet had immediate access to all your money. Even that's a bit generous, because credit cards are actually a little worse than that.

This is the reason that identity theft is a problem right now - there's no security at all when it comes to credit cards. And the worst part is that there's no way for you or I to defend ourselves, because the insecurity is baked into the system. There's no way to use a credit card without handing it to somebody, or typing all the information on it into a website, or doing something equally insecure.

Of course, this is the part of this rant where people sometimes say, "Fine, so you could do better?" I think I can probably do better; I would certainly be hard-pressed to do worse.

First Proposal - Digitally signed transactions

The core of this proposal is an RFID-like device which can compute a cryptographic checksum, and contains a secret key. When a transaction is made using the device, the details of the transaction are fed to the device wirelessly, and it responds with the checksum of the transaction details, plus its own secret key. The details of the transaction can then be relayed to the credit card company by existing means.

Pros: This scheme is cryptographically secure. It guarantees (barring failures of the physical security of the card) that the card was actually present at the time of the transaction. It's also cheap (RFID tags cost pennies), and doable with current technology. As a bonus, it meshes well with ways people currently use credit cards, and is easy for people to use.

Cons: Doesn't really help if your card is physically stolen. Also, doesn't address online purchases.

Second Proposal - Multiple cards

When you go out, you generally have some idea of how much you're going to spend. So why carry more than that? If we had a set of credit cards, rather than just one, with various limitations, then this would be more secure. Limitations could be simple spending limits, such as per-transaction or per-day limits, or it could be something more complicated, like only allowing purchases in the city you live in.

Pros: Completely compatible with existing systems. Easy for people to understand. Cheap to implement.

Cons: Most of the downsides of credit cards still apply; this just mitigates the risks.

Third Proposal - Authorized transactions

It should be possible (if perhaps a little annoying) for your bank to call you and check with you whenever a purchase is made on your account. Since having a person calling you all the time would be a bit much, it could also be an automated calling system, or a text message, or an email if it's not time sensitive, or something else. The main requirement is that it be something that's difficult to fake.

Pros: Compatible with existing systems. Prevents any unauthorized transactions, even those made with a stolen card and all relevant data.

Cons: Kind of annoying.

(Note that nowhere in here have I mentioned biometrics. Biometrics look cool in movies, but they're basically useless for actual security, for reasons that I'll go into more in a future post.)

Security is always a tradeoff, and when it comes to credit cards we've always gone far, far to the extreme of preferring convenience. But it doesn't have to be that way, and if we were willing to give up a small amount of convenience we could make credit card fraud a thing of the past.


Kiriska said...

Well, if you check your bank for transactions every month, you're pretty much fine anyway. Personally, I'd opt for the third proposal if only because I use my credit card seldom enough for it not to be that big of a deal. (Basically, weekly for groceries and the occasional run to the godforsaken art store.)

I use Paypal for pretty much all online purchases at vendors that take it, which is great because it keeps money in my actual bank and because Paypal already sends you an email every time you spend or receive money.

Frank Church said...

I remember reading recently that credit cards aren't used too often in Japan, especially in the rural areas. I try to avoid using them, but you've noticed that I'm not exactly inclined to buy very much anyway.

I like your first and third ideas, not so much the second. I probably like the third option best - doesn't sound too annoying, at least right now when it's a hypothetical on your blog.

Kiriska said...

Japan hates credit cards everywhere. Even in cities.

Æther said...

The third option sounds the best to me. The second one sounds rather restricting and not to the benefit to individual banks since usually you only get one card from a bank and they want you to use it as much as possible. I agree that it's best to just check your monthly statements, though. I get them by mail and can call in if there's anything suspicious.

I think a bigger issue is debit cards since the money is instantly removed from your account and you can't get it back after fraudulent use of the card. Since credit cards are, of course, on credit, the balance of the debt can be changed by the bank.

P. Static said...

Everyone: That's kind of ironic; the second one was my personal favorite. XD

re. Japan: Yeah, but they use cell phones instead, right? Not really sure how that works, but I'm sure it's something reasonable, since it's Japan after all.

Æther: That's true, but retroactively going back and undoing charges is one of the worst things about the current system, in my opinion. It's not a real solution.