My credit card has many passwords:
1. A PIN.
2. A CVV.
3. A password for Internet banking on Standard Chartered’s web site.
4. A “transaction password”, presumably for online purchases.
5. A password to open the encrypted PDF statements I get over mail.
6. My card is a Visa card, and I use Visa Bill Pay, which requires yet another password.
Those were all passwords. In addition, I have user names or other IDs of various kinds:
7. A user name for Internet banking on Standard Chartered’s web site.
8. A Visa Bill Pay user name.
9. A credit card number.
That’s nine of them. NINE! In what world does that make sense? My Gmail account, for example, has only two: a user name and a password. And that’s all that’s needed.
Numeric PINs and CVVs, in particular, are easily guessable, and not very easy to remember, either. We should get rid of them, and just have one secure password, rather than the six I’ve listed above.
And have just one identifier, like an email ID. For example, my credit card, rather than having a sixteen-digit number, should have just said, firstname.lastname@example.org. The only requirement for an ID is that it’s unique.
The financial services industry is outdated, incompetent and builds these complex, customer-hostile systems. It’s high time they get disrupted by Paytm and friends in the short term, and by crypto-currencies in the long term.