[jnbiche]

I'm pretty dismayed to read this. If you regularly connect to random wireless networks in cafes and hotels, you're a moron if you don't connect through a VPN. If you're not connecting through a VPN all your non-SSL/TLS traffic is available for reading for whatever bored cracker has found his way onto the router. Plus, not all sensitive sites implement SSL/TLS and those that do often implement it poorly[1]. .

Not to even speak of the whole NSA spying thing.

Not all of us are corporate drones with the mother ship VPN to connect to, so we have to pay for ours.

I can't believe the number of people here on HN who think that no one but criminals use VPNs.

1. http://arstechnica.com/business/2012/04/90-of-popular-ssl-si...

[dangrossman]

I don't think anyone thinks that. You only need more than 1% of the customers of a service to be paying with fraudulent instruments to be unable to accept credit cards, practically. 1% of your volume coming back in chargebacks consistently is the cutoff with most MAPs.

[bravura]

Can someone explain why the CC companies ban high-chargeback-risk companies?

Why can't they simply ask for a higher fee?

[ketralnis]

They probably do do that, first

[nknighthb]

Because the cost isn't limited to a single merchant, transaction, or customer. Every incident of credit card fraud increases the inconvenience of using credit cards.

That's exactly the opposite of what credit card companies want. They want to make the process of using your credit card as simple and painless as possible.

Ironically, this is also why they've taken none of the obvious technological steps that could virtually eradicate credit card fraud.

[tomjen3]

Can you elaborate on some of those techniques? Plenty of people are reluctant to use credit cards online for the fear that they might get stolen.

[nknighthb]

Picture, for example, a card which has a small OLED display which displays an amount and a merchant name. You press a little button on the card, and an authorization is generated, cryptographically signed with an embedded key, and sent to the card reader (which also provides the power for the card).

Such a reader can be built into laptops, keyboards, smartphones, available as small stand-alone USB devices, etc.. Web browsers, POS systems, etc. can send a request to the reader and tell the user to place their card on it and check the card's display.

Transactions without a valid signature can simply be discarded.

If the system is implemented properly, the only way to commit fraud should be to physically steal the card.

(A more paranoid version could include buttons on the card for entering a passcode, so that even if the card is stolen, it would be difficult to use, at least before being reported stolen.)

[raverbashing]

I have a bank card that can be attached to a device, and transactions (internet banking) can be signed with it.

The device is not connected to the computer, rather, you have to type some info (like value of the transaction) and it generates a code you type back in the website

For this device to work you need to type the card pin

Of course this wouldn't work in the US since they're still stuck with the magstripe

[Amadou]

Well, I can see why they haven't implemented that - its a huge undertaking to build specialized hardware like that into so much varied equipment. For all intents and purposes rolling out a system like that is impossible.

[azth]

What VPN provider(s) do you recommend?