[nknighthb]

Picture, for example, a card which has a small OLED display which displays an amount and a merchant name. You press a little button on the card, and an authorization is generated, cryptographically signed with an embedded key, and sent to the card reader (which also provides the power for the card).

Such a reader can be built into laptops, keyboards, smartphones, available as small stand-alone USB devices, etc.. Web browsers, POS systems, etc. can send a request to the reader and tell the user to place their card on it and check the card's display.

Transactions without a valid signature can simply be discarded.

If the system is implemented properly, the only way to commit fraud should be to physically steal the card.

(A more paranoid version could include buttons on the card for entering a passcode, so that even if the card is stolen, it would be difficult to use, at least before being reported stolen.)

[raverbashing]

I have a bank card that can be attached to a device, and transactions (internet banking) can be signed with it.

The device is not connected to the computer, rather, you have to type some info (like value of the transaction) and it generates a code you type back in the website

For this device to work you need to type the card pin

Of course this wouldn't work in the US since they're still stuck with the magstripe

[Amadou]

Well, I can see why they haven't implemented that - its a huge undertaking to build specialized hardware like that into so much varied equipment. For all intents and purposes rolling out a system like that is impossible.

[nknighthb]

I don't believe it is materially more difficult than the NFC rollout. In fact, I believe it would be far easier than NFC if the financial industry would actually get behind it enthusiastically.

I'm curious, what other undertakings do you think are impossible? WiFi? Bluetooth? GSM?

[Amadou]

NFC isn't even close to completion, who knows when, if it ever will, get there. What you are missing is the massive infrastructure investment in retail terminals. There are millions of these things out there and they just work. The cost-benefit ratio of a scheme like yours just falls apart in the face of all that inertia.

[nknighthb]

> NFC isn't even close to completion

And yet it is progressing. See Europe. This despite lackluster support from big banks.

> What you are missing is the massive infrastructure investment in retail terminals.

No, I'm not. Not at all. I'm well aware of it. I'm also well aware that they get replaced quite frequently. And virtually every retail terminal I've seen in the last few years is new enough that if the banks had started the push for a smartcard technology when it initially became viable, terminal compatibility would be near 100%.

Did you think there had to be some magic cutover date? There doesn't. Hybrid cards can be used for 5, 10, even 20 years if necessary, with gradual pressure applied to retailers to adopt new equipment they haven't already replaced (or received new, stores come and go) through a reduction in fees for transactions completed via smartcard.

The point is to make actual progress and eventually arrive at a reasonable destination. Right now, we're just sitting on our hands.

[Amadou]

> I'm also well aware that they get replaced quite frequently.

You and I have a significant difference of opinion then.