| |
This is the age of plastic money. It's not
uncommon for the typical consumer in the western
world to go weeks at a time without ever handling
a coin or bill. Everything we need is available
to us with the simple "swik-swik' sound of a
credit card
sliding through a reader. Supplies for the
office, flowers for the wife, meals and drinks
out, and an endless supply of useful products
available for sale through the Internet can all be
bought with naught a cent to be seen.
The big question is: "How safe is all this
plastic?"
Cash has its obvious benefits. When you buy a
sandwich for $2.95 and you hand the cashier a $5
bill, you know you haven't been ripped off when he
hands you $2.05 right then and there. But when
you hand your card to a waitress at the local
chain restaurant, how do you know she hasn't taken
a moment to sneak into the office and copy your
card number and signature? You don't, and the
implications of this question are having a serious
effect on credit card companies and the merchants
they do business with.
In response to these issues, the big credit card
companies have developed more secure ways to do
business.
MasterCard
International and Visa got together and came up
with a set of guidelines called the
Payment Card Industry Data
Security Standards.
This is a list of 12 guidelines that imposes
strict regulations on all transactions taking
place between the card company and the merchants
it trades with. While these standards have been
in place since 2005, merchants are taking some
time to catch up to them. However, in the past
year there has been marked improvement, and both
credit card companies have stepped up their
tactics to the point where merchants may be
experiencing losses of service if they do not fall
in line soon. (You can read the 12 guidelines and
the details of this plan on the homepages of Visa
or MasterCard.)
Discover
Card has responded to the pressure for more secure
methods with it's own program. They call it the
Secure Online Account Number program. Anytime you
use your
Discover
card to purchase a product online, their program
will generate a random account number to
"stand-in" for the one on your card. You then
send this number to the merchant in place of the
real number. When the number is verified with
Discover Card, it will link to your account and
the purchase is charged to you. The benefit of
this system is that the merchant never sees your
true account number. Only you and Discover Card
have access to it. Once the transaction is
completed the randomly generated account number is
no longer valid, so any attempts to use it result
in denial.
A security method that online merchants are
employing is the requirement of a shipping address
that matches the billing address on your credit
card. This is to guard against thieves who may
steal your account number but will have no access
to your billing address. This way, if your card
is stolen, it can only be used to make purchases
that will ship to your address. Any prospective
thieves will have to pick up their orders from
your mailbox, not something the average
anonymity-seeking thief will want to do.
There are also third party systems in place for
ensuring online credit card security. VeriSign's
SSL (Secure Sockets Layer) technology is the
leader in the field. VeriSign will give each
merchant it conducts business with 2 "keys" (like
coding alphabets), a public key and a private
key. The public key is used to encrypt
information, and the private key is used to
decipher it. VeriSign's technology now offers
this encryption in 128- to 256-bit encryption,
which provides a nearly un-guessable number of
possible combinations of codes.
|
|
