The stupidity of banks when it comes to security is beyond belief. Part of the
problem is they are extremely conservative, and still do banking as if the computer
had not yet been invented. Here are a few of the problems:
Bank accounts have only one number. If you give your number to your employer to
deposit money in your account, crooks hacking your employer’s records can get
your account number. From that, they can steal funds. The number should only be
useful for depositing funds.
If you give your bank account number to a charity, and a crook infiltrates the
charity, he can find out your number and can steal from you. That number should
only be valid for use by that charity, should have a monthly limit, and should have
an expiry date.
If you use a credit card, your waiter can note it and use it to make purchases
on the Internet.
If you buy something over the Internet with a credit card, that vendor has your
card number and can go on a buying spree on the net, or he can double bill you, or
make up fake charges at any time in the future. Nothing should ever be given to a
vendor that can be used beyond the current sale. Instead, you should insert your
smart card in your computer to shop, and enter a pin. When you buy something,
effectively you would authorise the credit card company to issue a transaction
debiting your account and crediting the vendor’s. The vendor should never
know anything about you other than your shipping address, certainly not your credit
Credit cards are trivially easy to counterfeit. They should have a computer
chip, a private key and encryption software on them. This way when you put your
card into your computer, the credit card company can be certain it is really your
card, not a copy using public/private digital signatures. The credit card number
alone should be useless for buying things. Using it that way invites theft. You
should need the card itself to buy something even over the Internet. If you need to
buy something over the phone, you do the actual sale with the net, or use a smart
phone that arranges it for you over the net.
You should be able to put restrictions on your card to help detect theft, e.g.
limits, geographical range, what sorts of things you never buy, e.g. women’s
The card should have a picture on it and the picture and signature should be
electronically embedded in the card and in the credit card data base. This way it
can pop up big and clear on a screen.