Every few months news breaks of a major retailer being hacked, and credit card numbers either potentially being leaked, or we get outright confirmation that those numbers were stolen, and customers should all be taking action. Every time it happens people slam the retailer in question and sometimes the already stringent rules on how you should store credit card numbers are ratcheted up. Everyone wonders how this can happen over and over again. The answer is actually pretty simple. It's a fatally flawed system. It's based on the hubris driven notion that we can scatter this vital information everywhere, because enough rules will prevent someone from exploiting the tiniest of oversights anywhere. It is, as a point of fact, bound to fail, again and again.
First things first, perhaps the most important single pieces of information in our lives are our credit card numbers. Someone could argue that Social Security Numbers are more vital, but the Average Joe wouldn't know what to do with a SSN. Plus we guard that number with our lives. You could argue bank account numbers, but we all have cards, with credit card numbers, associated with those too.
We hesitate to give out our names, addresses, and phone numbers. You want my email address for “deals” Best Buy? Fat chance. All items of identification that are neither terribly private in the first place, nor potentially ruinous if they got into the wrong hands. Yet we hesitate, some bordering on paranoia, to give that information to anyone.
Contrast that with this: An eight year old could ruin your life, or at least put a cramp in your week, with your credit card number. Your credit card number is also probably the piece of information about you that you most regularly hand to strangers, or pass blindly around the internet. Seriously. Think about that. People find out our first names FROM the credit card in their hand. That number, plain as day, just sent from your wallet into the void, and half the time you've handed it off to a stranger, and aren't in sight, when it's happening. That's a flaw in any security “plan”, no? The reason this is so flawed, and the reason the massive data heists are so destructive is because of one major issue.
A Single Layer to Payday
Scenario 1) A safe in your bedroom with $100,000 in it.
Scenario 2) A safe in your bedroom with the a key and a safety deposit box location/number. That box requires the key from the safe and a finger print scanner which contains a key you need to get past the eyeball scanner somewhere else, that houses the $100,000.
It doesn't matter how good the bedroom safe in these situations are, the fundamental problem with #1 is the second they crack it they have what they want, the cash. This is the reason our credit card system is set up to fail. The fix isn't public outcry or laws for better safes. The fix is to move the cash.
There are a number of ways that this issue could be fixed, but they all flow from that same basic premise. The fix isn't to require companies, like Target, just try really really hard this next time to protect our credit card numbers. The fix is to make the payment information that Target has fundamentally worthless to anyone that might find a way to steal it.
There are many solutions that could vastly improve on the existing system. This is especially true if you could completely change the infrastructure: both the machines at the register and what it is we carry around in our wallets. This should happen, but the reality of the situation is that is a lot of machines to potentially change out. Fear not, even working within the confines of the existing infrastructure, where payment processors are expecting a 15-16 digit number, and a pass/fail response back, there are a number of ways around this issue.
Imagine if every single time you used your credit card it spat out a different number. This one notion would solve many many problems with the current system. To be sure, credit card numbers aren't the only pieces of information big companies have on us that we wouldn't want to hand over to the bad guys, but if all Target had was names, addresses, and a bunch of credit card numbers that would never work again in the first place, that would both mitigate a lot of the damage when it was stolen, and disincentivize stealing it in the first place.
There are a couple ways we could get there. One involves NFC payments. Many cellphones are equipped with the ability to be used for payments. Many Android devices, for example, can tap-to-pay via Google Wallet, and other services. If you've ever seen where people just “touch” their cards to the credit card reader, rather than swipe, you've seen this ability in action. Next time you swipe your card, look for a tap-to-pay area on the machine. There's no reason that if you used your phone for payment that your phone couldn't communicate with your credit card company to get a new number. Even the chip in your credit card that lets you use the tap-to-pay ability is basically a tiny little computer that boots up, spits out the number, and shuts down. There's no reason your one card couldn't be preloaded with 1000 numbers and programmed to spit out a different one each time. It's even possible to make cards where the magnetic stripe gives out a different card number for traditional swiping. In the event those physical cards are lost all the remaining numbers could be voided, or maybe even just voided for you, and a new card could be issued. No panic, no needing to give a new number to Netflix, Amazon, PayPal, etc, because whatever numbers they have were already all different.
The processing of single use numbers would be need to be somewhat smart. “Single use” is kind of a misnomer, after all. We would need to handle recurring billing. We would need to handle still being able to give things like Amazon and PayPal one credit card number that can be used over and over again. However that would simply be a matter of ditching the idea of that a number is good in all contexts, or bad in all contexts. A credit card number first used on, and then stored by, Amazon could both automatically only be good when being processed by Amazon and also automatically voided with impunity in the event of a breach. There would be no need for just telling customers “we strongly advise customers to get new numbers” in the event of a breach. They could immediately be voided because you, the customer, are not “out” anything, except needing to enter another one-time-use number the next time. Once used at Amazon that number was only good at Amazon for a given period of time in the first place.
Online shopping could rely on any number of things. Using PayPal as a payment option whenever you can is already a good start. When you pay with PayPal the site you're shopping on never gets any of your payment information, such as bank accounts or credit card numbers, to “lose” to the bad guys to begin with. If you needed a credit card number you could use a smartphone app, or visit your credit card's site, to fetch a new number to use. In fact, at least Discover Card already offers this as a service. I'd guess shortly after this became common practice browser extensions would crop up that would do the "Talk to Visa and get a new number for my account, and fill it in here" automatically.
So, in the end your shopping experience would be this. You pay at ThisIsTotallyALegitWebsite.com with your Paypal account, or something equivalent to that. ThisIsTotallyALegitWebsite now has nothing of value of yours to lose, but lets say ThisIsTotallyALegitWebsite gets hacked and somehow someway the transaction number from PayPal somehow helps the hackers to get the information inside your PayPal account. (There's no avenue there, but for the sake of playing along.) All your PayPal account has is essentially a dummy credit card number, which is only valid at PayPal. That number is only linked to your real account from inside the confines of Visa or Discover, and those ties can be severed at will with minimal repercussions.
That sounds an awful lot like Scenario 2 to me.