This is all silly and retarded in my opinion. Consumer credit authentication is in the stone age. What happened to two factor authentication?
If someone steals your social security number they can open accounts in your name. To stop it you have to call one of the credit bureaus and they will put an "alert" on your account together with a phone number. What most creditors do when they see this alert is call that phone number and make sure it's really you opening the account.
Really? Why isn't that just the default? Are you opening credit accounts so often you are majorly inconvenienced to make sure someone verifies it's you by calling the number you selected?
Similarly with credit cards. They could just text your phone to confirm that you really are about to purchase something. You could turn this off EXPLICITLY, and turn it back on when you lose your credit card.
If everyone used "Verified By Visa" or PayPal oauth-type portals for payment, this wouldn't happen. When your bank password is compromised, you can just change it. To do this, you simply ask them to send you an authentication code at a previously supplied email address -- two factor authentication. But now it's too late, because anyone who accepts your credit card can steal it, and use it a year later.
For that matter, why do we use Social Security Numbers and Credit Card Numbers for such important things? It's a relic of terrible one-factor authentication. That signature stripe was probably supposed to be used to match your signature that you sign the receipt with. Well, no one does that.
All you have to do is go on the site, purchase something using two lines, and they text you on your phone. You can turn it off explicitly. Then the law and the liabilities can change with such merchants. Of course, this will take years.
In fact, why doesn't one of the credit card companies simply implement their Verified By Visa thing with two factor authentication, which you can turn off for merchants at whom you recently made physical purchases and previously used shipping addresses?
If someone steals your social security number they can open accounts in your name. To stop it you have to call one of the credit bureaus and they will put an "alert" on your account together with a phone number. What most creditors do when they see this alert is call that phone number and make sure it's really you opening the account.
Really? Why isn't that just the default? Are you opening credit accounts so often you are majorly inconvenienced to make sure someone verifies it's you by calling the number you selected?
Similarly with credit cards. They could just text your phone to confirm that you really are about to purchase something. You could turn this off EXPLICITLY, and turn it back on when you lose your credit card.
If everyone used "Verified By Visa" or PayPal oauth-type portals for payment, this wouldn't happen. When your bank password is compromised, you can just change it. To do this, you simply ask them to send you an authentication code at a previously supplied email address -- two factor authentication. But now it's too late, because anyone who accepts your credit card can steal it, and use it a year later.
For that matter, why do we use Social Security Numbers and Credit Card Numbers for such important things? It's a relic of terrible one-factor authentication. That signature stripe was probably supposed to be used to match your signature that you sign the receipt with. Well, no one does that.
All you have to do is go on the site, purchase something using two lines, and they text you on your phone. You can turn it off explicitly. Then the law and the liabilities can change with such merchants. Of course, this will take years.