Short Version

Credit card companies should switch to a PayPal-like system for online payments, and use “blank” cards (no number visible to the human eye) for offline payments.

Long Version

As Sony restores service to its network after the possible theft of millions of credit card numbers, I wish people would start asking one simple question: Why do we need credit cards numbers?

By this, I don’t mean, why do we need lines of credit? That’s a question for the economists. I’m simply asking why we need some 16-digit number (plus an expiration date and 3-digit “security code”) that people can use to magically make you owe money. It’s an inherently insecure system.

I tried to split a bill once by asking my friends to let me swipe their cards using Square. For those who don’t know, Square is a little credit card reader that you can use with most modern smartphones. My friends were nervous about the security implications of me initiating a transaction with their credit cards on my phone. My response: If I really wanted to steal their credit card info, I would just memorize the number while it’s sitting on the table in front of me. Second response: Everyone seems quite OK with handing their card over to the underpaid high school student waiter.

The problem is that a credit card number is supposed to be a “secret”, but it’s one we frequently share with all sorts of random strangers. So what’s the alternative? Use a different “number” for every transaction, like PayPal does.
Continue reading →