Credit cards were not made for the Internet

Credit cards were not made for the Internet


Apparently, yesterday was the deadline set by Visa and Mastercard for banks to introduce microchip-embedded credit cards. Apparently, that hasn’t really happened as the credit card companies want, and it probably wouldn’t help much if it did:

Over the last few years, card issuers have spent between $200 million and $800 million to distribute new debit and credit cards to accountholders, while large retailers like Target, Home Depot and Walmart have spent more than $8 billion to install new card readers capable of reading the chips.

Despite this effort, retailers say the new system is highly flawed because instead of issuing the so-called chip ‘n’ PIN cards that offer two-factor authentication, banks and other card issuers are distributing chip ‘n’ signature cards, which thieves can easily undermine.

Here is the issue: credit cards are highly susceptible to fraud. As in hundreds of billions (yes, billions with a “b”) dollars of fraud each year. So credit card companies want to try to reduce that amount by introducing “two-factor authentication” to brick-and-mortar store purchase (i.e. purchases you make in person with your physical credit card). Instead of just swiping the card, you would have to enter a PIN number as well (like you do at an ATM). But banks are resistant to do this, because they fear people won’t like it, so they just want to add a signature confirmation, which doesn’t really do anything. Further, as the article linked above points out, even adding a PIN will only transfer where fraud occurs, not prevent it.

None of this addresses the issue of online fraud, and fundamentally that is where the real problems lie. We are currently using a payment system – credit cards – that was created before the Internet even existed. It was intended for in-person transactions and didn’t even consider online purchases and networked databases that could be hacked from the outside. We are trying to graft an antiquated payment network onto our online world, and judging by the billions of dollars of fraud occurring each year, it’s not working. I would argue that it will never work. The underlying infrastructure is flawed.

This is one of the reasons I’m excited about digital currencies like Bitcoin. Now Bitcoin itself might not be the long-term answer to these issues, but it is pointing in the right direction. Instead of trying to fit the square peg of credit cards into the round hole of the Internet, digital currencies like Bitcoin are Internet-based from the ground up. The primary way in which they are superior is the amount of information that a customer has to give to make a purchase. Think about a typical online credit card purchase – what information do you give?

  • Your name
  • Your address
  • Your credit card number and expiration date
  • Your credit card security code

In other words, everything someone needs to spend all your money.

Now what information do you give when paying with a digital currency like Bitcoin?

  • Your name – only if needed to ship an item
  • Your address – only if needed to ship an item
  • The amount of bitcoins needed to pay for your purchased item.

In this case, the merchant – and any hackers – do not have the ability to spend any of your money except the bitcoins you explicitly sent to them. Instead of giving merchants the keys to your money, you are just sending them a discreet amount that you agree to.

Now digital currencies have a ways to go before they reach widespread acceptance, but I wish a lot of the money being spent trying to prevent credit card fraud were redirected towards a more fundamental change in how we spend money on the Internet.