Diadem wrote:To log in to my internet banking system I need both my pin and my physical card. Makes it impossible to hack even if someone had complete control over my pc, so that's a pretty nice system.
Wait, how do they verify you have a physical card when you are doing internet banking? (There are ways to do it, like having a card that generates challenge-response keys, but I'm not aware of many companies that issue these for bank accounts).
When you sign up with my bank, they send you a little card reader for just that purpose. You log in to their website and it gives you a code. You put your card in the card reader, enter your PIN, then enter the code, and it gives you a new code that you enter in the website. The code is one-time use, and you need to authenticate yourself this way when logging in, and once again when finalizing payments.
So to get access to my account you need my account number, a card reader, my PIN and my physical card. The card reader is generic, all customers get the same one, and my bank account number is semi-public (you give it to others when they need to make payments to you). But the PIN and physical card is still a very solid 2-layer security. And hacking my pc will do absolutely nothing.
Other banks use different systems. One other major bank in The Netherlands uses an ordinary username/password for logging in, and TAN codes
to finalize payments. Not nearly as secure if you ask me, and a constant hassle to keep your codes up to date. But still beats credit cards
I'm not sure why people dislike PIN. Sure it's only 4 numbers, so 10K possibilities, but a brute force attack is still impossible since your pass gets blocked after 3 failed attempts.
Thus, all you need to do is make ~3K attacks against distinct accounts, and you get into one of them (at random). Do so over ~3K IP addresses, and nothing shows up. With 3 failed attempts, you can just do an attack every month or two, and people who use their account will nicely reset their attempt timer (and those that don't, well, you just stop using them).
You need to steal 3k passes then. If you can do that without getting caught it's probably easier to just steal money directly.
I'm starting to think though we are not quite on the same plane here. You seem to use PIN exclusively for online transactions. Here in The Netherlands PIN is exclusively used for off-line transactions. No one would enter their PIN online. No bank requires it, and giving your PIN to a third party is unthinkable.
Annoyingly, I already mentioned much of the above in my previous post (not the man-in-the-middle attack, but the point that adding new access methods decreases security). So you could have found out why some people dislike PIN, had you cared. :p
But what you mention are not really inherent problems with PIN, but problems with the specific implementation that your credit card company chose, and their updated TOS. I assure you no such problems exist over here. But I concede your point that adding a PIN is not an improvement if it's done the way you describe.
Which is kinda strange, to be honest. There have been good, secure implementations for off-line payments for all over the world for decades now. It shouldn't be hard to just copy one of those wholesale. And the same is true for online payments, albeit for a slightly shorter timespan.
Diadem wrote:Seriously, I doubt I could design a worse payment system than credit cards if I tried.
The answer was looking you in the face the whole time.
Is paypal such a bad system? I've heard some pretty bad stories about the company, which can be a good reason to avoid using it. But the system itself seems to work pretty well. Not very secure, it's still a normal username/password challenge that is vulnerable to hacking or phishing. But compared to credit cards at least you don't have to hand over personal information to other websites, and the authentication process is more than "None at all". Not that I'd recommend the world adopt paypal. Certainly not.
Here in The Netherlands we have a very good system called iDEAL. Apart from the fact that noone else in the world uses it, it seems to be the perfect system. When paying online, you select 'iDEAL' as a payment option, then select which bank you are using, and it redirects you to a website of your own bank
where you can pay using whatever security system your bank uses for internet banking (the aforementioned card reader in my case). Payment is instantaneous, and after you've finalized it you're redirected back to the website you were paying on, and they immediately confirm getting your payment.
The system is very secure, it uses the full security of your own bank. You don't need to give out personal information to anyone, not even a third party. Payment is instantaneous. It is risk free for the payee as well, since they get their money immediately, nothing can bounce. Also very simple to implement from their end, it's basically a redirect link, that's all. I guess your bank needs to implement it, but they should be used to handling large amounts of money securely.
It's a perfect system. I can't think of a single downside. I honestly don't understand why similar systems aren't used worldwide.