> Shoppers have dealt with counting out money for millenia.
People have also worked 16 hour days to feed their families for millenia; no one's going to do that now. The amount of effort something takes almost always decreases.
> The time spent is a small price to pay for total security against remote theft. At the very least, those of us who are not terminally lazy ought to have the option of paying it.
How does this system provide 'total security' and guard against remote theft? There is no such thing as 'total security,' you're just mitigating risk. From the way it sounded, you punch in the amount at the time of physical swipe. Once you try to buy something online, you're outside the scope of your physical card.
I do agree however that you should be able to opt in for services that require more verification for transferring money. If you want to spend $25 to get an RSA token to provide a code every time you purchase something, I don't see anything wrong with that service being offered to you.
> Ever have your credit or bank card stolen? Thieves typically split their theft into numerous small transactions.
No, I guess I personally did not. As far as the information I read about and had limited contact when I was associated with a security lab, carders distribute cc numbers in the thousands and resell them, and eventually do get charged in small amounts. Again, I don't see how a two-factor system would prevent this. But also admittedly, I've never spent any amount of time thinking about it nor did I personally research into this.
> Once you try to buy something online, you're outside the scope of your physical card.
A built-in LCD gives you a single-use credit card number. (Such a product already exists, though a Windows-only PC app.)
> If you want to spend $25 to get an RSA token to provide a code every time you purchase something, I don't see anything wrong with that service being offered to you.
And yet the service is offered by no one, and I don't think anyone has yet tried and failed.
> Again, I don't see how a two-factor system would prevent this
A number is good for one transaction, like a gift card code. In the case of my proposed scheme, it is effectively a PGP message signed with your private key, containing the transaction amount, recipient, and a serial number. The bank shall not process any attempted transaction which is not signed by an account holder's key or contains a duplicate serial number.
People have also worked 16 hour days to feed their families for millenia; no one's going to do that now. The amount of effort something takes almost always decreases.
> The time spent is a small price to pay for total security against remote theft. At the very least, those of us who are not terminally lazy ought to have the option of paying it.
How does this system provide 'total security' and guard against remote theft? There is no such thing as 'total security,' you're just mitigating risk. From the way it sounded, you punch in the amount at the time of physical swipe. Once you try to buy something online, you're outside the scope of your physical card.
I do agree however that you should be able to opt in for services that require more verification for transferring money. If you want to spend $25 to get an RSA token to provide a code every time you purchase something, I don't see anything wrong with that service being offered to you.
> Ever have your credit or bank card stolen? Thieves typically split their theft into numerous small transactions.
No, I guess I personally did not. As far as the information I read about and had limited contact when I was associated with a security lab, carders distribute cc numbers in the thousands and resell them, and eventually do get charged in small amounts. Again, I don't see how a two-factor system would prevent this. But also admittedly, I've never spent any amount of time thinking about it nor did I personally research into this.