30 Oct 2008

Debit and Credit Card Security

Some random thoughts on how you might design more secure Debit or Credit cards, some of them obvious:
  1. Support alphanumeric passphrases rather than pathetic PINs. Force this on the banks by passing a law that does not hold the account owner liable for PIN misuse for a month when a card is stolen.
  2. Require a PIN for every transaction . Yes, a shopkeeper can have a malicious card reader that stores the password, but this at least guards against casual pick-pockets.
  3. Use one PIN for purchases made on the card, and another at the ATM. That way, a malicious card reader at a shop enables the shopkeeper to make purchases on my behalf, but not withdraw cash directly.
  4. Have an option for the bank to send me an SMS and email for every transaction so that in the event of a fraud, I'm notified in seconds.
  5. Allow me to use ATMs without physically carrying the card. Instead I can enter a password. If I don't carry my debit card all the time, that's less of a risk.
  6. Many people use a credit card in addition to a debit card because it's safer, in that you can dispute a fradulent transaction more easily and, even if it's resolved to your favor, you don't have to pay the money first and get it back later, like with a debit card. Because of this, people carry a debit and a credit card, which is less secure than carrying only one card. Eliminate this by saying that if the bank gives X days to report a fradulent credit card transaction, it should give at least the same time for the owner to report a fradulent debit card transaction. And, as soon as you dispute a transaction, the bank must immediately and automatically refund the money while it resolves the dispute, after which it might withdraw the money again. With this, many people won't have to carry their credit cards every day.

No comments:

Post a Comment