The first is to be able to attach arbitrary additional data and metadata to each purchase which I can later review with my credit card statement. Certainly starting with a list and description of exactly what was purchased on the transaction, rather than just the merchant's name. Beyond that, photograph of the item, customer annotations of who or what the purchase was for, tax-deductibility, user manuals, warranty information, serial number of the product, GPS coordinates of the point of sale. There is a problem of privacy with so much information being recorded. This can be easily solved with public-key cryptography. The card contains a public key (or a key ID to be fetched) with which all the data and metadata is encrypted. When you get your statement, you can use your private key to read the associated data. Your credit card company, and anyone who might subpoena them or they might leak to, needs to know nothing about a purchase beyond the barest details, like the amount.
The second feature I'd like to see is an extendible framework for arbitrary authentication techniques. I will list a few authentication techniques here: though the point is the framework should be flexible enough to implement these and an others someone else might think of.
The point of these techniques is to prevent other people from stealing and using your credit card.
A credit card with a PIN. Such a simple idea making a stolen card effectively useless.
On a different tack, a credit card with a one-time pad printed on it: on each purchase, the credit card company issues the challenge to read off a few numbers at row X and column Y of the one-time pad. When the pad is exhausted a new card is issued to you. This is useful for online transations where even if card information is leaked for one transation, the card information cannot be used for a another transaction.
Whenever the card is used, the credit card company sends you a text message or e-mail notifying you of the use. An e-mail might contain all the encrypted data mentioned above.
One can go a step further and require sending a text message back to confirm the transaction. If all point-of-sale credit card terminals have wireless transmitters on them and so does one's phone, there will never be a problem that one's phone does not have reception in order to complete a sale.
When the card is used, 9 photographs of different faces are sent to the merchant, who must complete the sale by choosing the face that belongs to the credit card holder. This lets the card holder prevent the card from being used in non-face-to-face transactions.
1 comment :
We'd love to get your feedback. We recently started a poll on the Worst / Best Credit Card Issuer. Feel free to stop by and give us your opinion.
Post a Comment