[stonemetal]

There is a certain amount of security in "swipe my credit card". It implies the customer has possession of a thing that hasn't been reported stolen. Now if I stick a card swipe on the side of your monitor so you can swipe from home what data do I transmit that gives that same "in possession of a thing that hasn't been reported stolen" feeling? Currently it is a raft of personal information. If we were in Europe it could be data from the chip embedded in your credit card. Until US cards catch up I am not sure how you would battle fraud.

[mntwiddler]

Definitely an issue. However if a card has been reported stolen wouldn't it just be deactivated and not work whether it was used at an at home swipe or swiped at a business?

[stonemetal]

The physically possesses part is an important part of that equation. If I hack the users computer and steal the swipe info then I can retransmit the data and home swipe without physical possession of the card. Since the user never lost the card he is less likely to report it lost or stolen in a timely manner. A smart credit card would generate a known nonce making retransmited data worthless, and restore the likely physically has the card factor.