|
|
|
|
|
|
by misaelm
4262 days ago
|
|
|
If by "companies behind the card" you mean banks, the reason they send you a plastic with a new account number when there's an issue is not only to protect you (although you aren't liable for fraudulent charges it's not precisely the best use of your time to go through the process) but also to protect themselves. A non-trivial amount of the fraud claims is absorbed by the issuing banks. I wouldn't categorize CC numbers as public information though, just ask Target or Home Depot. |
|
|
This is the fundamental problem. We're using a single thing both as a secret and as non-secret public information. This confusion of purposes is what results in the massive data breaches we constantly hear about on the news.
When you buy something at a physical store like Target, their computers will store your credit card number. Why? They aren't Amazon. It won't ease your next purchase as you'll still have to present your card. Isn't it dangerous?
Yes, but consider what happens when you return something. They can't just give you cash. That would open the door to money laundering and plain old theft. They have to put the money back on in your card account. But which account? They need to name the account when informing the credit card company of the refund, which means they need to store the name. That name is the credit card number. I suppose they could store a hash of your account number and require you to swipe your card when returning items, but that's inconvenient. You might not have the correct card with you. You may have cut it up. You may be returning an item for somebody else.
A credit card number is the name of the account. As such, it must be public and cannot be secret. If instead it is to be the password, then the account really ought to have a different public name. After all, we need the ability to talk _about_ an account without the mere conversation granting all parties permission to _charge_ the account.
Here's another way to look at it: My bank will let most anybody take money out of my checking account -- provided they present the bank with two things: They need to tell my bank which account to take money out of, and they need to present an authorization token granting them permission to do so. One type of authorization token is called a "check" (though there are others). An "account number" is how a person specifies which account -- it is nothing more than the name of the account. Simply presenting the account number is not normally enough to grant access to withdraw from the account.
Everybody to whom I write a check will know my account number. It's not a secret. For convenience, it's even written on the check. What protects my account is that my bank is only allowed to withdraw money when presented with an appropriate authorization token. They aren't even a secret tokens: they are single-use, tied to a specific person and a single amount, and they can only be activated by me. Stealing my checkbook won't help you. Stealing a check I wrote to somebody else won't help you. You can't cash a check multiple times. You can't withdraw any more or less money than I authorized.
The problem with credit cards is that the account name is also the authorization token. Moreover, it's a multi-use, unrestricted token. It's a name that many people need to know and store long-term, but anybody can use it, multiple times, to withdraw any amount of money they choose. The credit card industry doesn't yet have anything that works like checks, which is why they work so hard at fraud detection.
The future is probably limited-use auth tokens for websites and chipped cards for physical stores.
For websites, I'm sure it'll be the same process as signing in to a random website with your facebook account. Imagine buying something on a website, but instead of entering your credit card number, you are redirected to your credit card company's website. You "sign-in-with Visa" by entering your account password. You are then redirected back to the website you came from, this time with an authorization token. That token will only be usable by the website you authorized. It would be useless to anybody who stole it. You may even be able to add restrictions. You could make a token that can only be used once. Or once a month for up to a year, and no more than $10 each time. The token will contain your unencrypted account number, so you won't need to enter that, but it also won't be secret. Only the token as a whole can authorize a charge, not the mere account number. The secret is your account password that only you know.
For physical stores, chipped cards will likely contain the secret. Or maybe cellphone hardware or apps. They can be used to create a valid auth token for a without ever having to surrender the secret to the computer that's processing the purchase.
Passwords are authorization tokens, but not all tokens work like passwords. Passwords are an inappropriate kind of authorization token to use for purchases. Confusing an account name with such a token is even worse.