Should the Government Give You a Credit Card?
May 25, 2009 12:48 PM Subscribe
"In fact, while transactional credit provision is a perfectly good business, it might be reasonable for the state to offer basic transactional credit as a public good." Blogger Steve Randy Waldman has an idea that's so crazy it might work. He buried it in a nice wonky, obscure post about transactional and revolving credit, but now has been linked by Ezra Klein at his new WaPo blog. Will Metafilter heads explode?
It might be a good idea but it will never happen because OMG SOZALIST!
Also, I would imagine the credit card industry and their lobbyists would have a thing or three to say about it if it were ever proposed.
posted by delmoi at 1:04 PM on May 25, 2009 [2 favorites]
Also, I would imagine the credit card industry and their lobbyists would have a thing or three to say about it if it were ever proposed.
posted by delmoi at 1:04 PM on May 25, 2009 [2 favorites]
I really like the idea, but I am after all a big flaming sozalist. It would certainly put the Payday places out of business, or marginalize them. I'm also not a fan of credit scores, because they are based on that same notion of "The people we most want to lend to are the people who show an inability to plan for the future properly"; non-debt incurrers such as myself have poor credit scores due to not paying later what I can afford today, and not wanting today want I can't afford. It seems this idea puts the latter type of lending- the get a loan today for something you can't afford, which is a good idea- into a separate class that isn't the same as "convenience of plastic purchases" for small items.
posted by hincandenza at 1:11 PM on May 25, 2009 [1 favorite]
posted by hincandenza at 1:11 PM on May 25, 2009 [1 favorite]
Among those OMG SOZALIST! countries that have a working healthcare system and all that, in many of those, EFTPOS takes the place of credit cards for shopping, and among the private banks, there is also a govt-owned bank for people to choose from. It's not quite the same thing (though I assume credit is available this way too) but credit score is far less important there, because the culture of get-everything-on-credit in the USA seems to be merely a cultural direction that the USA has taken, not an economic requirement for any kind of prosperity.
posted by -harlequin- at 1:30 PM on May 25, 2009
posted by -harlequin- at 1:30 PM on May 25, 2009
I should probably translate: EFTPOS1 means debit. Here in the states, all retailers etc. take VISA, and everyone has a credit card, but many places aren't set up for debit2. In some other countries it's the opposite - everyone takes debit, and everyone has a debit card, but many places aren't set up for credit.
1. Electronic Funds Transfer @ Point Of Sale
2. Which leads to that incredibly annoying answer to the "Do you take debit?" question; "Yes we do - provided your debit card has a VISA logo on it"
posted by -harlequin- at 1:37 PM on May 25, 2009 [1 favorite]
1. Electronic Funds Transfer @ Point Of Sale
2. Which leads to that incredibly annoying answer to the "Do you take debit?" question; "Yes we do - provided your debit card has a VISA logo on it"
posted by -harlequin- at 1:37 PM on May 25, 2009 [1 favorite]
The article is a good one, but he admits that the whole government-supplied credit card thing isn't really the main point. The real thrust of the article is the difference between transactional and rolling credit.
Furthermore, I'm not sure there's really even a need for government to give anyone a $1k credit card. At least until very recently, practically everyone and their dog could get a card with at least a $1k limit, and probably a lot more than that. (The access to large amounts of rolling credit instead of simply transactional credit by high-risk borrowers is generally assumed by everyone not working for the credit industry to be a Bad Thing; eliminating this wouldn't require government-issued credit cards though, it would just require tightening interest-rate regulations.)
In the absolute worst-case scenario — someone who has no credit history at all, or has recently defaulted — you can always get a secured credit card, where your maximum limit is equal to a deposit that you put down. If you're using it purely for transactional credit and pay it off every month, you can move up very quickly to a card with more leverage. A basic Amex charge card (which is not a credit card) can be obtained with a FICO score in the low 600s.
And of course, transactional lubrication — I wouldn't even call it "credit" — in the most basic sense is available to anyone with a checking account in the form of a debit card. That gives you most of the advantages associated with transactional credit, but without the ability to get into significant debt. The worst you can do is empty your checking account and start bouncing automatic debits — still bad, but not as bad as going deep into the red at 20+% APR.
So the whole government-issued card proposal is really a solution in search of a problem. There's no shortage of transactional credit; the problem is a conflation or bundling of transactional credit — useful, useful stuff — with the much more dangerous product of rolling credit. The solution, if we wish to solve that problem, is just to mandate an unbundling of the two products. Since both products are profitable and widely available in a competitive marketplace in and of themselves, there's no need for government to supply either.
There are frankly a lot more important things that I'd like to see the government doing — actually fulfilling its role as a regulator, for starters — rather than actually operating and acting as a charge-card company. (It's worth pointing out that the government doesn't even handle such functions for its own employees' reimbursable spending, where perhaps it would be the most natural; the actual nuts-and-bolts operation of the POS network and cards is farmed out to private industry because it's much cheaper that way.)
posted by Kadin2048 at 1:42 PM on May 25, 2009 [8 favorites]
Furthermore, I'm not sure there's really even a need for government to give anyone a $1k credit card. At least until very recently, practically everyone and their dog could get a card with at least a $1k limit, and probably a lot more than that. (The access to large amounts of rolling credit instead of simply transactional credit by high-risk borrowers is generally assumed by everyone not working for the credit industry to be a Bad Thing; eliminating this wouldn't require government-issued credit cards though, it would just require tightening interest-rate regulations.)
In the absolute worst-case scenario — someone who has no credit history at all, or has recently defaulted — you can always get a secured credit card, where your maximum limit is equal to a deposit that you put down. If you're using it purely for transactional credit and pay it off every month, you can move up very quickly to a card with more leverage. A basic Amex charge card (which is not a credit card) can be obtained with a FICO score in the low 600s.
And of course, transactional lubrication — I wouldn't even call it "credit" — in the most basic sense is available to anyone with a checking account in the form of a debit card. That gives you most of the advantages associated with transactional credit, but without the ability to get into significant debt. The worst you can do is empty your checking account and start bouncing automatic debits — still bad, but not as bad as going deep into the red at 20+% APR.
So the whole government-issued card proposal is really a solution in search of a problem. There's no shortage of transactional credit; the problem is a conflation or bundling of transactional credit — useful, useful stuff — with the much more dangerous product of rolling credit. The solution, if we wish to solve that problem, is just to mandate an unbundling of the two products. Since both products are profitable and widely available in a competitive marketplace in and of themselves, there's no need for government to supply either.
There are frankly a lot more important things that I'd like to see the government doing — actually fulfilling its role as a regulator, for starters — rather than actually operating and acting as a charge-card company. (It's worth pointing out that the government doesn't even handle such functions for its own employees' reimbursable spending, where perhaps it would be the most natural; the actual nuts-and-bolts operation of the POS network and cards is farmed out to private industry because it's much cheaper that way.)
posted by Kadin2048 at 1:42 PM on May 25, 2009 [8 favorites]
I realize that most private credit transactions are possibly already available to the state, possibly without even the terrible inconvenience of a warrant or other judicial review, if the AT&T case is any indication.
But a state card? I'm not sure I'd do that even if I had no other option.
posted by weston at 2:00 PM on May 25, 2009
But a state card? I'm not sure I'd do that even if I had no other option.
posted by weston at 2:00 PM on May 25, 2009
harlequin: Which leads to that incredibly annoying answer to the "Do you take debit?" question; "Yes we do - provided your debit card has a VISA logo on it"
Although I understand your annoyance from a technical perspective, I think you're being a bit pedantic. From a user's standpoint, the true "debit" system which uses the ATM network and requires card+PIN authentication, and the "Visa Check" / "Mastermoney" or similar systems which use the credit-card authorization network and require card+signature are identical, at least in normal use. The money takes a different route to move from A to B, but it's still coming from the same place — a checking account — and they're walking away with the same goods.
There are important distinctions to merchants due to the different fees charged for each type of transactions, and the risk associated with a lost card is higher with 'check cards' that don't require a PIN than traditional ATM cards, but they're both much closer to being the same than either are to true "credit cards" that allow you to carry a balance.
Although I'm personally a big fan of eliminating swipe-and-sign in favor of swipe-and-PIN or chip-and-PIN, and also for cracking down on "overdraft protection" and other usurious fees charged by unscrupulous banks, I don't really see how eliminating check cards in favor of ATM cards, or putting more PIN pads at merchants, would really change much in the world of consumer credit. It's not like the Visa/MC-logo'ed cards are hard to come by; heck, I can't even avoid the damn things at the banks I have accounts with anymore. (I specifically asked for ATM cards that didn't work as PIN-less debit cards and couldn't get one anymore, from two banks.) Banks that don't offer them to checking customers are definitely the exception today rather than the rule, because they're a very profitable line of business.
And if we were going to change the whole POS infrastructure, there are better methods than the ATM-style network: it's still "pull" based when transactions should really be exclusively "push," as in European-style Giro systems. An electronic Giro, where the payee contacted their bank (via cell phone, perhaps) and pushed money to the merchant's account would eliminate many of the security problems associated with both ATM and swipe-and-sign cards. However, those problems are really unrelated to the tar pit of consumer credit.
posted by Kadin2048 at 2:05 PM on May 25, 2009 [2 favorites]
Although I understand your annoyance from a technical perspective, I think you're being a bit pedantic. From a user's standpoint, the true "debit" system which uses the ATM network and requires card+PIN authentication, and the "Visa Check" / "Mastermoney" or similar systems which use the credit-card authorization network and require card+signature are identical, at least in normal use. The money takes a different route to move from A to B, but it's still coming from the same place — a checking account — and they're walking away with the same goods.
There are important distinctions to merchants due to the different fees charged for each type of transactions, and the risk associated with a lost card is higher with 'check cards' that don't require a PIN than traditional ATM cards, but they're both much closer to being the same than either are to true "credit cards" that allow you to carry a balance.
Although I'm personally a big fan of eliminating swipe-and-sign in favor of swipe-and-PIN or chip-and-PIN, and also for cracking down on "overdraft protection" and other usurious fees charged by unscrupulous banks, I don't really see how eliminating check cards in favor of ATM cards, or putting more PIN pads at merchants, would really change much in the world of consumer credit. It's not like the Visa/MC-logo'ed cards are hard to come by; heck, I can't even avoid the damn things at the banks I have accounts with anymore. (I specifically asked for ATM cards that didn't work as PIN-less debit cards and couldn't get one anymore, from two banks.) Banks that don't offer them to checking customers are definitely the exception today rather than the rule, because they're a very profitable line of business.
And if we were going to change the whole POS infrastructure, there are better methods than the ATM-style network: it's still "pull" based when transactions should really be exclusively "push," as in European-style Giro systems. An electronic Giro, where the payee contacted their bank (via cell phone, perhaps) and pushed money to the merchant's account would eliminate many of the security problems associated with both ATM and swipe-and-sign cards. However, those problems are really unrelated to the tar pit of consumer credit.
posted by Kadin2048 at 2:05 PM on May 25, 2009 [2 favorites]
Because of its relatively small number of government chartered banks, Canada is a nation of heavy debit card users. In retail now, over 70% of all purchases are "debit" - a card linked directly to your cash in the bank.
I believe Canada is a world leader and pioneer in the field, and I suspect that is because the 5 major banks - at the strong "urging" of the central government that holds their charter - made it be so.
Regardless, it is a screamingly brilliant idea in practice that has been all but faultless here since its inception.
posted by Aetius Romulous at 2:09 PM on May 25, 2009
I believe Canada is a world leader and pioneer in the field, and I suspect that is because the 5 major banks - at the strong "urging" of the central government that holds their charter - made it be so.
Regardless, it is a screamingly brilliant idea in practice that has been all but faultless here since its inception.
posted by Aetius Romulous at 2:09 PM on May 25, 2009
I'm surprised to hear that, Aetius Romulous, as I've pretty much stopped using debit altogether, due to the large fees charged by the bank. Transactional credit is much cheaper and easier than debit cards, even here in Canada.
posted by Kevin Street at 2:16 PM on May 25, 2009
posted by Kevin Street at 2:16 PM on May 25, 2009
Fees with transactional credit? What are you guys talking about? The only time I got fees was when taking out money from an ATM ($3! foreign bank fee), but I moved to eTrade and get every one of my "ATM fees" refunded. It was ridiculous, especially when you change the $3 to a 15% transactional fee when you take a $20. But I have never been charged for using debit as credit? Or at least not charged on the purchase itself, I assume the merchant must pay some fee to the credit companies.
Even so it seems that the transactional credit is really used to insure against merchant fraud and it appears the market is doing a very good job of this. I have never had trouble disputing fees, and at work the accounting department never grumbles when fraudulent AmEx charges show up on the bill, which I interpret as AmEx being fairly easy to deal with.
In any case I usually ask for my card to be run as credit as I assume there's some magical process that helps my credit score. I used to use a credit card for nearly all my purchases to take advantage of points and such, but accidently missing a payment and incurring all kinds of fees and charges got me pissed off enough to cancel that. I wasn't racking enough points to deal with it.
In any case, the only thing that would be cool would be the ability to generate one off numbers for possibly dubious online purchases. As BOA is the only bank I'm aware that offers this, even that must be more expensive and more hassle than simply whipping merchants who incur fraudulent charges.
If the industry really wanted to kick things in the groin, we'd get RSA keys, but again the cost of maintaining and replacing little RSA timers must be less than our current methods of fraud prevention.
posted by geoff. at 2:40 PM on May 25, 2009
Even so it seems that the transactional credit is really used to insure against merchant fraud and it appears the market is doing a very good job of this. I have never had trouble disputing fees, and at work the accounting department never grumbles when fraudulent AmEx charges show up on the bill, which I interpret as AmEx being fairly easy to deal with.
In any case I usually ask for my card to be run as credit as I assume there's some magical process that helps my credit score. I used to use a credit card for nearly all my purchases to take advantage of points and such, but accidently missing a payment and incurring all kinds of fees and charges got me pissed off enough to cancel that. I wasn't racking enough points to deal with it.
In any case, the only thing that would be cool would be the ability to generate one off numbers for possibly dubious online purchases. As BOA is the only bank I'm aware that offers this, even that must be more expensive and more hassle than simply whipping merchants who incur fraudulent charges.
If the industry really wanted to kick things in the groin, we'd get RSA keys, but again the cost of maintaining and replacing little RSA timers must be less than our current methods of fraud prevention.
posted by geoff. at 2:40 PM on May 25, 2009
I think there's a better argument for government-issued debit cards in the fact that they are a replacement for cash. Instead of carrying wads of paper (or more recently, wads of specialized synthetic paper-like material), people carry a card. Instead of the attendant problems with stealing or counterfeiting physical money, there are the attendant problems of stealing a card with its PIN, and counterfeiting, editing balances etc of electronic money. On the whole, the social problems associated with debit cards seem to be less than with cash.
It wouldn't be difficult to create voucher-type cards that could be "charged" with money and passed from person to person, requiring no PIN to operate. Alternatively everyone could be issued with a card, or obtain it on request, and public terminals could facilitate transfer of money from card to card (ATMs and EFTPOS machines could be easily programmed to do this: swipe Card A, ask the value to transfer from Card A to Card B, check the balance and error out if funds are not available, if they are then swipe Card B and confirm the transfer.)
posted by aeschenkarnos at 3:15 PM on May 25, 2009
It wouldn't be difficult to create voucher-type cards that could be "charged" with money and passed from person to person, requiring no PIN to operate. Alternatively everyone could be issued with a card, or obtain it on request, and public terminals could facilitate transfer of money from card to card (ATMs and EFTPOS machines could be easily programmed to do this: swipe Card A, ask the value to transfer from Card A to Card B, check the balance and error out if funds are not available, if they are then swipe Card B and confirm the transfer.)
posted by aeschenkarnos at 3:15 PM on May 25, 2009
On the whole, the social problems associated with debit cards seem to be less than with cash.
At some point in the future this will probably be the case, but at present I think it's similar to the issues with electronic voting: it seems like it'd be easier, but that neglects the millions of person-years worth of experience we have as a society dealing with paper currency. Giving everyone a little magic debit card seems on the surface like a much more elegant solution than everyone carrying around paper dollars, or building an entire electronic commerce system basically on top of paper dollars, but it's not.
Too few people in our society really understand how the underlying infrastructure works to make it the basis for every transaction. The attacks against it are so different from those against paper currency that you'd lose billions or trillions of dollars just in the time it would take to educate people on them.
Counterfeiting paper currency is hard. Sure, you can make quasi-passable forgeries on a color printer; maybe enough to get by a bored clerk at a store, but not enough to use repeatedly. If you start running off C-notes on your LaserJet and depositing them into your bank account, the Secret Service will be all over your ass pretty quickly. Making forgeries that will pass even a slightly increased level of inspection — pass the tests that the Secret Service handouts at every bank counter recommend, in other words — requires a serious investment. To my knowledge, it's unprofitable to the point where not even organized criminal syndicates (with the exception of the North Koreans) bother. There are easier and less-illegal ways to make money.
I can't see any sort of electronic cash system that wouldn't be more vulnerable, given the people who'd be using it and the level of education we could expect people to put themselves through. First, you'd need to decide: is the system going to be on-line or off-line? (Are the cards stored-value, so you can use them without the POS terminal being plugged into a central database, or do the cards just hold a number with the value being queried from somewhere else?) If it's on-line, you'd still need some cash-equivalent for off-line transactions. If it's off-line, you have a huge issue with card forgery. How do you stop a card from being "reloaded" illegally? You could use smartcard-style crypto, but the economic incentive to reverse-engineer a card and extract its key would be huge. You'd have to deal with replay attacks, compromised cards, and compromised POS equipment. Do the cards display their own value or do they depend on the POS reader? If they depend on the POS, how do you deal with POS equipment programmed to overdraw and then lie?
These are all threats that people aren't prepared to deal with today. It requires an entirely different way of thinking than people who've spent their whole lives dealing with paper money are used to. Sure, you can probably find a workable solution to each of them — very good implementations have been created, in fact — but solutions that withstand being forced on people who don't want them? Who'd much prefer to not change the way they've been doing things since forever? Who've been trained to always trust what machines tell them? The technical and engineering problems pale in comparison to the human-factors issues.
Maybe in three or four generations, when any fourth grader can explain what a "blind signature algorithm" is, kindergartners are taught how to create and safeguard strong passwords, and when everyone young and old knows that computers are only as honest as the people who program them, maybe we'll be ready to retire paper and coinage as the currency of last resort. It'll be a good time for electronic voting, too.
posted by Kadin2048 at 4:15 PM on May 25, 2009 [42 favorites]
At some point in the future this will probably be the case, but at present I think it's similar to the issues with electronic voting: it seems like it'd be easier, but that neglects the millions of person-years worth of experience we have as a society dealing with paper currency. Giving everyone a little magic debit card seems on the surface like a much more elegant solution than everyone carrying around paper dollars, or building an entire electronic commerce system basically on top of paper dollars, but it's not.
Too few people in our society really understand how the underlying infrastructure works to make it the basis for every transaction. The attacks against it are so different from those against paper currency that you'd lose billions or trillions of dollars just in the time it would take to educate people on them.
Counterfeiting paper currency is hard. Sure, you can make quasi-passable forgeries on a color printer; maybe enough to get by a bored clerk at a store, but not enough to use repeatedly. If you start running off C-notes on your LaserJet and depositing them into your bank account, the Secret Service will be all over your ass pretty quickly. Making forgeries that will pass even a slightly increased level of inspection — pass the tests that the Secret Service handouts at every bank counter recommend, in other words — requires a serious investment. To my knowledge, it's unprofitable to the point where not even organized criminal syndicates (with the exception of the North Koreans) bother. There are easier and less-illegal ways to make money.
I can't see any sort of electronic cash system that wouldn't be more vulnerable, given the people who'd be using it and the level of education we could expect people to put themselves through. First, you'd need to decide: is the system going to be on-line or off-line? (Are the cards stored-value, so you can use them without the POS terminal being plugged into a central database, or do the cards just hold a number with the value being queried from somewhere else?) If it's on-line, you'd still need some cash-equivalent for off-line transactions. If it's off-line, you have a huge issue with card forgery. How do you stop a card from being "reloaded" illegally? You could use smartcard-style crypto, but the economic incentive to reverse-engineer a card and extract its key would be huge. You'd have to deal with replay attacks, compromised cards, and compromised POS equipment. Do the cards display their own value or do they depend on the POS reader? If they depend on the POS, how do you deal with POS equipment programmed to overdraw and then lie?
These are all threats that people aren't prepared to deal with today. It requires an entirely different way of thinking than people who've spent their whole lives dealing with paper money are used to. Sure, you can probably find a workable solution to each of them — very good implementations have been created, in fact — but solutions that withstand being forced on people who don't want them? Who'd much prefer to not change the way they've been doing things since forever? Who've been trained to always trust what machines tell them? The technical and engineering problems pale in comparison to the human-factors issues.
Maybe in three or four generations, when any fourth grader can explain what a "blind signature algorithm" is, kindergartners are taught how to create and safeguard strong passwords, and when everyone young and old knows that computers are only as honest as the people who program them, maybe we'll be ready to retire paper and coinage as the currency of last resort. It'll be a good time for electronic voting, too.
posted by Kadin2048 at 4:15 PM on May 25, 2009 [42 favorites]
From a user's standpoint, the true "debit" system which uses the ATM network and requires card+PIN authentication, and the "Visa Check" / "Mastermoney" or similar systems which use the credit-card authorization network and require card+signature are identical, at least in normal use.
Not true for every user; for example, my credit union caps ATM transactions at $300 per day to prevent fraud that they'd be liable for, whereas VISA transactions on the same card are uncapped. Also, if I buy gas at some stations and enter my PIN, it's an ATM transaction and I get the "cash discount" (roughly ten cents per gallon) -- if I enter my zip code it's a VISA transaction and the full (credit) price applies.
posted by davejay at 4:29 PM on May 25, 2009
Not true for every user; for example, my credit union caps ATM transactions at $300 per day to prevent fraud that they'd be liable for, whereas VISA transactions on the same card are uncapped. Also, if I buy gas at some stations and enter my PIN, it's an ATM transaction and I get the "cash discount" (roughly ten cents per gallon) -- if I enter my zip code it's a VISA transaction and the full (credit) price applies.
posted by davejay at 4:29 PM on May 25, 2009
I realize that most private credit transactions are possibly already available to the state, possibly without even the terrible inconvenience of a warrant or other judicial review, if the AT&T case is any indication.
But a state card? I'm not sure I'd do that even if I had no other option.
The state could just guarntee the cards the way it does with some student loans.
posted by delmoi at 5:03 PM on May 25, 2009
But a state card? I'm not sure I'd do that even if I had no other option.
The state could just guarntee the cards the way it does with some student loans.
posted by delmoi at 5:03 PM on May 25, 2009
Canadian transactional cards / prepaid credit cards "Do not contribute [to] your credit rating", are "not a credit building program" and do "not impact your credit rating". [Corrections welcomed, Does anyone know a Canadian card which builds a history?]
And as mentioned above by Kadin2048, the opposite is true in the states.
posted by ecco at 5:10 PM on May 25, 2009 [1 favorite]
And as mentioned above by Kadin2048, the opposite is true in the states.
posted by ecco at 5:10 PM on May 25, 2009 [1 favorite]
Kadin, I think it's universally agreed that stored value is dead in the water. Any device you give out to the public has to be assumed as compromised. Anything else would be crazy from a security perspective. Don't get me wrong, it doesn't stop people from making extremely dumb decisions security wise (for example our public transport cards are stored value, as soon as someone figures out how to hack that happy days) but we'd hope a designer of a massive transaction infrastructure would have a little more commonsense moving to 2.0.
At any rate, the system is currently completely insecure. You effectively give all your details to a magstripe reader and say "do whatever you want with them".
This is the most dumb thing I've ever seen and I'm gobsmacked that it has lasted 30 years of banking.
The proper way to do this would be an cryptoprocessor built into a card (yes a smart card) which is activated by your PIN. Once activated the pin pad feeds the cryptoprocessor the amount, the card adds the bank details, signs with its private key, signs with the issuing bank's public key and tells the pinpad which bank to send the transaction to and the encrypted payload. Pinpad contacts issuing bank and it verifies. Transaction then proceeds as normal.
There's your secure transaction processing that doesn't give away all your details and places complete trust in the merchant. You could even use a $20 smart card reader for secure online transactions with your own card.
This will work. How can I be so sure? Mobile phones do it already. While you can pull a Ka out of a SIM card there's no real way to do it in the 15 seconds or so that the card would be in the PIN pad. Yeah it's a bit of security through obscurity keeping the private key on the card within a crytpoprocessor but it's about as good as you're going to get.
posted by Talez at 5:12 PM on May 25, 2009
At any rate, the system is currently completely insecure. You effectively give all your details to a magstripe reader and say "do whatever you want with them".
This is the most dumb thing I've ever seen and I'm gobsmacked that it has lasted 30 years of banking.
The proper way to do this would be an cryptoprocessor built into a card (yes a smart card) which is activated by your PIN. Once activated the pin pad feeds the cryptoprocessor the amount, the card adds the bank details, signs with its private key, signs with the issuing bank's public key and tells the pinpad which bank to send the transaction to and the encrypted payload. Pinpad contacts issuing bank and it verifies. Transaction then proceeds as normal.
There's your secure transaction processing that doesn't give away all your details and places complete trust in the merchant. You could even use a $20 smart card reader for secure online transactions with your own card.
This will work. How can I be so sure? Mobile phones do it already. While you can pull a Ka out of a SIM card there's no real way to do it in the 15 seconds or so that the card would be in the PIN pad. Yeah it's a bit of security through obscurity keeping the private key on the card within a crytpoprocessor but it's about as good as you're going to get.
posted by Talez at 5:12 PM on May 25, 2009
What nobody understands is that recurring revenue is the heart of every successful business, and anything that puts friction in the way of that is toast. The only force actually pushing one-time-use credit card numbers anymore is the vague possibility that PCI wouldn't require notification if your one time use card number was compromised.
Electronic money ended up abandoning all the crypto, and just going straight centralization. It's actually much easier to do that -- peer to peer systems are very hard.
posted by effugas at 6:12 PM on May 25, 2009 [1 favorite]
Electronic money ended up abandoning all the crypto, and just going straight centralization. It's actually much easier to do that -- peer to peer systems are very hard.
posted by effugas at 6:12 PM on May 25, 2009 [1 favorite]
Honestly, there is one thing I've wondered about credit and debit cards. Credit cards in particular charge a fee to the retailer, who cannot pass the fee directly on to consumers, only offer a "cash discount." Credit networks I'm told are significantly higher cost than debit (no clue why credit is as popular in the US as harlequin claims).
Is it not possible to organize a purely transactional card that splits the vendor fees with the consumers, thereby taking retailers hostage?
posted by pwnguin at 7:43 PM on May 25, 2009
Is it not possible to organize a purely transactional card that splits the vendor fees with the consumers, thereby taking retailers hostage?
posted by pwnguin at 7:43 PM on May 25, 2009
What nobody understands is that recurring revenue is the heart of every successful business, and anything that puts friction in the way of that is toast. The only force actually pushing one-time-use credit card numbers anymore is the vague possibility that PCI wouldn't require notification if your one time use card number was compromised.
Even with cryptoprocessor based cards there's still a way for recurring payments. Your card could give a public key to the entity direct debiting you and they could return their public key to your card which would then be sent to your bank to verify the debit from your account every month. The entity debiting you would encrypt a debit request with their private key (to ensure it's them debiting) and then with your public key (so your bank knows it's for you).
Revoke the private key for the direct debit from your online banking and you revoke the direct debit.
Is it not possible to organize a purely transactional card that splits the vendor fees with the consumers, thereby taking retailers hostage?
What do you think card "cash back" card schemes are?
posted by Talez at 8:01 PM on May 25, 2009
Even with cryptoprocessor based cards there's still a way for recurring payments. Your card could give a public key to the entity direct debiting you and they could return their public key to your card which would then be sent to your bank to verify the debit from your account every month. The entity debiting you would encrypt a debit request with their private key (to ensure it's them debiting) and then with your public key (so your bank knows it's for you).
Revoke the private key for the direct debit from your online banking and you revoke the direct debit.
Is it not possible to organize a purely transactional card that splits the vendor fees with the consumers, thereby taking retailers hostage?
What do you think card "cash back" card schemes are?
posted by Talez at 8:01 PM on May 25, 2009
The issue with cashless systems is liability and scope for loss.
If I get mugged, I can lose the cash on hand, but not that hidden under my mattress. If someone gets my card and PIN they can clear out my whole account.
In Australia, the liability for fraudulent uses of credit cards falls on the banks, so if someone rips you off you just decline the charge and it is the banks (and their merchants) problem.
I believe it is also the case if someone rips off your bank account by skimming your card/PIN.
By holding the liability, the banks can balance the cost of fraud against the cost of security upgrades and the hassle of trickier auth measures.
That said, a few banks and Paypal(!) offer RSA tokens here for web banking, and they recently launched a chip plus PIN upgrade to the credit card system, so the losses must be mounting.
posted by bystander at 8:03 PM on May 25, 2009
If I get mugged, I can lose the cash on hand, but not that hidden under my mattress. If someone gets my card and PIN they can clear out my whole account.
In Australia, the liability for fraudulent uses of credit cards falls on the banks, so if someone rips you off you just decline the charge and it is the banks (and their merchants) problem.
I believe it is also the case if someone rips off your bank account by skimming your card/PIN.
By holding the liability, the banks can balance the cost of fraud against the cost of security upgrades and the hassle of trickier auth measures.
That said, a few banks and Paypal(!) offer RSA tokens here for web banking, and they recently launched a chip plus PIN upgrade to the credit card system, so the losses must be mounting.
posted by bystander at 8:03 PM on May 25, 2009
and they recently launched a chip plus PIN upgrade to the credit card system
Chip + PIN is the biggest load of bollocks to ever hit the banking world.
Instead of a magstripe with all your banking details being downloaded straight to the reader you now put your PIN in and all of your banking details STILL get downloaded straight to the PIN pad.
It's a half assed system that helps no one except for the banks who consider it "secure" and are using it to move the liability back to the consumer under the guise of "OH LOOK ITS A SMART CARD IT MUST BE SECURE LOL".
posted by Talez at 8:11 PM on May 25, 2009 [1 favorite]
Chip + PIN is the biggest load of bollocks to ever hit the banking world.
Instead of a magstripe with all your banking details being downloaded straight to the reader you now put your PIN in and all of your banking details STILL get downloaded straight to the PIN pad.
It's a half assed system that helps no one except for the banks who consider it "secure" and are using it to move the liability back to the consumer under the guise of "OH LOOK ITS A SMART CARD IT MUST BE SECURE LOL".
posted by Talez at 8:11 PM on May 25, 2009 [1 favorite]
Elected governments purportedly exist for the good of the people. Therefore, they should do and support those things that are good for the people, in the way that requires the least personal cost from each citizen.
The best thing that can be done for citizens is to maximize their opportunity to do something great with their lives. And based on the brilliant ideas and amazing achievements of this past century or two, it's pretty clear that the minimal standard required to make it possible for the brightest people to do the most amazing things is, in the end, pretty minimal.
Basic guarantees of shelter and food, plus access to free education, free basic healthcare (physical and mental), and personal safety. That's about it. People who are fundamentally safe and healthy, but far from comfortable, tend to seek to provide better for their children.
So the single parent and kids who are seeking a spot in a homeless shelter? Yah, government should be helping out bigtime. That parent wants to work, wants to better their education and find a job that will let them support their kids. They might have to live in a trailer park to pull it off, but it'll be a safe trailer park where the public school system and local community organization work together to give their kids the best opportunities. Hey, a guy can dream.
I think that in this day and age, it is also necessary to have access to the communications infrastructure. This might look like public access terminals in libraries, schools (for parents use, not public use; let's encourage parents back into the schools), churches, other appropriate publicly-funded organizations, and government service offices. Those can all be filtered; as much as I support the right to free porn, the library isn't the place for it. Sorry.
And it might look like basic local cellular service and internet data service on the cheap. Part of the cost of being Google should be that they help make service equality a reality. Everyone should have the same access: it's just that important to our basic human needs in this modern world.
And where I'm headed with this is that perhaps, too, basic banking services should be operated for the public good. It doesn't have to be anything particularly fancy: a free or dirt-cheap account, basic compounding interest at a mandated minimum rate set by TPTB, an online record of transactions, and a debit card.
Because you really can't function in a modern world without some of these very basic tools. When we provide our citizens with the basic tools, they go on to do great things. It's only basic common sense that we should function in this mutually beneficial way.
posted by five fresh fish at 8:36 PM on May 25, 2009 [1 favorite]
The best thing that can be done for citizens is to maximize their opportunity to do something great with their lives. And based on the brilliant ideas and amazing achievements of this past century or two, it's pretty clear that the minimal standard required to make it possible for the brightest people to do the most amazing things is, in the end, pretty minimal.
Basic guarantees of shelter and food, plus access to free education, free basic healthcare (physical and mental), and personal safety. That's about it. People who are fundamentally safe and healthy, but far from comfortable, tend to seek to provide better for their children.
So the single parent and kids who are seeking a spot in a homeless shelter? Yah, government should be helping out bigtime. That parent wants to work, wants to better their education and find a job that will let them support their kids. They might have to live in a trailer park to pull it off, but it'll be a safe trailer park where the public school system and local community organization work together to give their kids the best opportunities. Hey, a guy can dream.
I think that in this day and age, it is also necessary to have access to the communications infrastructure. This might look like public access terminals in libraries, schools (for parents use, not public use; let's encourage parents back into the schools), churches, other appropriate publicly-funded organizations, and government service offices. Those can all be filtered; as much as I support the right to free porn, the library isn't the place for it. Sorry.
And it might look like basic local cellular service and internet data service on the cheap. Part of the cost of being Google should be that they help make service equality a reality. Everyone should have the same access: it's just that important to our basic human needs in this modern world.
And where I'm headed with this is that perhaps, too, basic banking services should be operated for the public good. It doesn't have to be anything particularly fancy: a free or dirt-cheap account, basic compounding interest at a mandated minimum rate set by TPTB, an online record of transactions, and a debit card.
Because you really can't function in a modern world without some of these very basic tools. When we provide our citizens with the basic tools, they go on to do great things. It's only basic common sense that we should function in this mutually beneficial way.
posted by five fresh fish at 8:36 PM on May 25, 2009 [1 favorite]
I've always been at a loss why merchants in the USA don't push for EFTPOS. I know the transaction fees for the merchant for an EFTPOS transaction here in the Netherlands is in the order of a dime or so, regardless of the size of the transaction. I've always heard credit cards take 2 to 3%. Why aren't the merchants pushing for a (for them) cheaper EFTPOS system?
posted by DreamerFi at 9:52 PM on May 25, 2009
posted by DreamerFi at 9:52 PM on May 25, 2009
Talez: "What do you think card "cash back" card schemes are?"
I've always assumed these companies are out to trick me; the devils in the details after all. Why play games with fractions of a percentage point when you can just lure them in, change the rules and playing field until they slip up and earn some lucrative interest?
Offer void where prohibited; some restrictions may apply. We reserve the right to change these terms at any time. Frequent flier miles may be subject to blackout dates. Cash back only applies to new balances carried beyond grace period. Offer conditional upon exceptional credit rating, marital status and astral sign.
posted by pwnguin at 9:59 PM on May 25, 2009
I've always assumed these companies are out to trick me; the devils in the details after all. Why play games with fractions of a percentage point when you can just lure them in, change the rules and playing field until they slip up and earn some lucrative interest?
Offer void where prohibited; some restrictions may apply. We reserve the right to change these terms at any time. Frequent flier miles may be subject to blackout dates. Cash back only applies to new balances carried beyond grace period. Offer conditional upon exceptional credit rating, marital status and astral sign.
posted by pwnguin at 9:59 PM on May 25, 2009
I've always assumed these companies are out to trick me; the devils in the details after all. Why play games with fractions of a percentage point when you can just lure them in, change the rules and playing field until they slip up and earn some lucrative interest?
Eventually they'd have to pay out at least a small fraction of it. But your 1.5% cash back schemes from American Express are paid for by the 4% a merchant pays on an Amex transaction compared to 2% on Mastercard or VISA transactions.
posted by Talez at 7:00 PM on May 26, 2009
Eventually they'd have to pay out at least a small fraction of it. But your 1.5% cash back schemes from American Express are paid for by the 4% a merchant pays on an Amex transaction compared to 2% on Mastercard or VISA transactions.
posted by Talez at 7:00 PM on May 26, 2009
Because of its relatively small number of government chartered banks, Canada is a nation of heavy debit card users. In retail now, over 70% of all purchases are "debit" - a card linked directly to your cash in the bank.
I believe Canada is a world leader and pioneer in the field, and I suspect that is because the 5 major banks - at the strong "urging" of the central government that holds their charter - made it be so.
I have no idea what the percentages are, but Australia is very similar, with almost complete penetration of EFTPOS pinpads into even the smallest of stores. EFTPOS itself has been in use since, um, maybe the very early 80s? And on the whole, if people aren't paying for goods & services directly out of their bank accounts, then they are usually using credit cards instead - through the same terminals.
Anecdotally, I'd say that (apart from the elderly) people pay for most things with plastic*, and only use cash for trivial discretionary spending - eg coffee, lunch, or beer (which isn't exactly a trivial spend)**
* technically, all the moreso because our banknotes are plastic, but you know what i mean.
** holy shit, it's beer o'clock! why am i still on the computer at 5:30 on a Friday afternoon?!??
posted by UbuRoivas at 12:33 AM on May 29, 2009
I believe Canada is a world leader and pioneer in the field, and I suspect that is because the 5 major banks - at the strong "urging" of the central government that holds their charter - made it be so.
I have no idea what the percentages are, but Australia is very similar, with almost complete penetration of EFTPOS pinpads into even the smallest of stores. EFTPOS itself has been in use since, um, maybe the very early 80s? And on the whole, if people aren't paying for goods & services directly out of their bank accounts, then they are usually using credit cards instead - through the same terminals.
Anecdotally, I'd say that (apart from the elderly) people pay for most things with plastic*, and only use cash for trivial discretionary spending - eg coffee, lunch, or beer (which isn't exactly a trivial spend)**
* technically, all the moreso because our banknotes are plastic, but you know what i mean.
** holy shit, it's beer o'clock! why am i still on the computer at 5:30 on a Friday afternoon?!??
posted by UbuRoivas at 12:33 AM on May 29, 2009
« Older Go enjoy it, you hoopy froods. | Gymnastics + Parkour = Awesome Newer »
This thread has been archived and is closed to new comments
posted by emjaybee at 12:51 PM on May 25, 2009