The stupidity of banks when it comes to security is beyond belief. Part of the problem is they are extremely conservative,
and still do banking as if the computer had not yet been invented.
Here are a few of the problems:
Bank accounts have only one number. If you give your number to your employer to deposit money in your account, crooks hacking your
employer’s records can get your account number. From that, they can steal funds. The number should only be useful for depositing funds.
If you give your bank account number to a charity, and a crook infiltrates the charity, he can find out your number
and can steal from you. That number should only be valid for use by that charity, should have a monthly limit, and should have an expiry date.
If you use a credit card, your waiter can note it and use it to make purchases on the Internet.
If you buy something over the Internet with a credit card, that vendor has your card number and can go on a buying spree
on the net, or he can double bill you, or make up fake charges at any time in the future. Nothing should ever be given to a vendor that can be used beyond the current sale. Instead, you should insert your smart card
in your computer to shop, and enter a pin. When you buy something, effectively you would authorise the credit card company
to issue a transaction debiting your account and
crediting the vendor’s. The vendor should never know anything about you other than your shipping address, certainly not your credit card number.
Credit cards are trivially easy to counterfeit. They should have a computer chip, a private key and encryption software on them. This way
when you put your card into your computer, the credit card company can be certain it is really your card, not a copy using public/private digital
signatures. The credit card number alone should be useless for buying things. Using it that way invites theft. You should need the card itself
to buy something even over the Internet. If you need to buy something over the phone, you do the actual sale with the net, or use a smart phone
that arranges it for you over the net.
You should be able to put restrictions on your card to help detect theft, e.g. limits, geographical range, what sorts of things you never buy,
e.g. women’s clothes, tires…
The card should have a picture on it and the picture and signature should be electronically embedded in the card and in the credit card data base.
This way it can pop up big and clear on a screen.