The Java Commerce API is still vaporware.
Credit cards are obsolete. They are absolutely preposterous when it comes to security. Giving someone your credit card
number is even more foolhardy that giving them a blank cheque. Why?
- They can withdraw any amount they please on your credit card account, just like a blank cheque.
- they can withdraw even more money than you have, up to your credit limit, more than they can with a blank cheque.
- They don’t need to show any id to collect the money. At least with a blank cheque, they must show id to cash it.
They can go shopping anonymously on the Internet or by phone with nothing more than your credit card number.
- They can withdraw money again and again in the future. A blank cheque can be cashed only once.
- The card number can be used as stage one of an identity theft. A blank cheque is not a form of identification.
Credit cards are an anachronism from the days when people used to leave their doors unlocked. What are your alternatives?
- For brick and mortar shopping, use a debit card. It is protected by a PIN (secret Personal
Identification Number) , and the worst than can happen
is your account can be cleaned out.
- PayPal. You have to trust PayPal to take money out of your account, but you don’t have
to trust merchants. You decide the amount. They can’t change the amount or repeat the transaction.
- Smart cards. These are popular in Europe. The card has a tiny computer embedded in it that handles security.
- Snail mailed cheques, though even your bank account number is enough for a corporation to drain your account.
- One-shot credit card numbers. Amex will give you a credit card number good for only one transaction. This is a hassle to
arrange.
The other problem with credit cards is the credit card companies have the legal right to jack the interest rate up into
astronomically usurious rates. It is too easy to get into debt. Just cut them up!
Debit Cards
Debit cards that use a mag stripe and a 4-digit PIN are not as vulnerable, but they still are vulnerable. Happily,
thieves can’t use them on the Internet, even if they steal both the card and PIN. Sophisticated thieves replace
the reader units or insert extra electronics into gas pump units to record account numbers and PINs. They then can wipe
out your account at any ATM in the world.
Smart Cards
The solution is smart cards that have a small computer and a private encryption key embedded in the card. The private
key cannot be extracted or duplicated. It works by digitally signing the transaction with the private key. Some credit
card companies, especially in Europe, are converting to smart cards. The card’s smart feature could not be used
over the Internet without a smart card reader, not a common device. If the card permitted mail, phone or Internet
purchases without smart card validation that would defeat the whole point of the security. It would be like using one of
the old blank cheque credit cards.
In Canada, smart cards are being phased in over the next two years. There will also have signatures and a mag stripe for
use at merchants without the new readers. The cards will not become secure until the the, number, the stripe or the
signature are no longer valid anywhere. This likely won’t happen for many years to come. Banks could issue smart
cards without stripes, numbers and signatures that are fully secure, but I have heard no plans to do this. You would not
be able to use these for Internet purchases, until someone worked out a smart card reader for desktop computers.
by Roedy Green ©1996-2009 Canadian Mind Products
Please email your feedback for publication, errors, omissions, broken/redirected link reports
