A number of the comments I received said "any fraud will be reimbursed", "its the bank or merchants taking the risk, not you", "they have insurance to cover that". Yes they probably do. I've been rung by ASB as a current customer to notify me of transaction found on a credit card I do use for internet transactions, and the process was remarkably simple and painless. So I know it works.
But the issue is, why should something be implemented, that requires insurance and fraud protection. Why not design it to lessen this risk.
I'm going to pull out of context some of the PCI DSS (link) requirements that service providers, merchants and banks have to adhere to:
8.2 Employ at least one of these to authenticate all users: something you know, such as a password or
passphrase; something you have, such as a token device or smart card; or something you are, such
as a biometric.
8.5 Ensure proper user identification and authentication management for non-consumer users and
administrators on all system components.
Ok, so these requirements really relate to the handling of card holder data, but why not apply this to your card. The main piece of card holder data is your Card number, your PAN (Primary Account Number). To use the PayPass system you only have to supply one piece of card holder data - the physical card with the PAN embossed on it, why shouldn't requirement 8.2 also be applied, and a 2nd authentication criteria be used.
Pin numbers work, but can be slow when people miskey - but the really slow factor for these on EFT POS terminals is the time it takes to authenticate to the Auth Center - why not move the PIN authentication onto the chip, much faster (does potentially bring up the issue of cards being brute forced for pins).
Use biometrics - a thumbprint reader as part of the card, only a person with an authorised thumbprint can use the card - probably a little expensive, but hey it's my blog and I'm just spit balling here.
My point is, why implement something that needs some kind of fraud insurance to cover the banks and ultimately the consumer. As the consumer you're paying for this in your bank fees and card fees.
Other related posts:
eReceipts - Why don't we have them yet?
Free $80 - come and get ur moneyz!!
comments powered by Disqus