For the longest time, I’ve been mystified at the way in which we as an information-based society conduct online transactions.
Here’s how it goes right now:
Obviously, those vendors that are accepting credit cards are complete suckers, because they get fined for accepting credit card numbers from the thieves, when of course the bank has provided them with no means of confirming the identity of the person placing the order.
It’s really obvious that the way this should proceed in an Internet-connected society is as follows:
Obviously, there’s still opportunity for fraud – if the customer or the bank share their shared secret with someone else. But then, that’s two parties who have engaged in a contract to trust one another for monetary exchange, and who have adequate reason to keep that information secret – plus, if the secret is exposed, there’s already an approved method to re-assign new secrets.
Sadly, there’s no incentive for the system to change this way – neither the customer nor the banks have any incentive to change, because they don’t lost money when credit cards are used fraudulently – it’s only the sucker vendor who loses money, and the sucker vendor has to accept credit cards, because there’s no other way to take money over the Internet.
All that is about to change, I hope.
PayPal, a division of eBay, is one of the biggest sucker vendors there can be. Clearly, they’ve gotten tired of having to pay the fees, fines, and cost of lost goods, when credit cards are fraudulently used. Because they’ve finally come up with the right way to do things!
Okay, so it’s not quite as I outlined, because of course PayPal decided to do it in such a way that a vendor doesn’t even have to know that they’re dealing with PayPal’s new scheme – the secret code is exactly a MasterCard number.
Apart from this significant problem – that vendors still have no way to ensure that they are dealing with a more secure payment means, and therefore can’t offer faster service, less chance of fraud checking triggering an alert, etc – this is a good scheme, and I want to see it proceed to fruition.
It’ll be even better if someone at PayPal wises up to the idea of providing a simple means to check that the MasterCard number provided is from the secured payment program (PayPal calls it “Virtual Debit Card” or “VDC” for the present).
This scheme, or something similar, has been operated previously by other banks and in other countries, but the fact that PayPal, a large provider, is going to adopt it means that we should be on the road to a more secure future, where vendors aren’t dunned by banks and thieves alike for credit card fraud that is beyond the vendors’ control.