Jettisoning magnetic stripe payment cards and online authentication systems that rely soley on user names and passwords, and replacing them with technologies that actually hinder counterfeiting and impersonation — not make it mere child’s play — is also a must… In short, the credit-issuing and card-based payment systems are due for a massive overhaul that will take us beyond the current solutions now on the table.
They also go on to say that
One can only hope that political leaders will emerge to champion the greater public good, not be bulldozed by probusiness interests.
What they are saying here is that banks prefer to have payments insecure because it’s cheaper. This is true, but it’s important to see why, and why the goals for the payment system might diverge from public policy goals. The designers of payment systems do not have as a goal the eradication of fraud but the management of fraud down to acceptable (ie, financially acceptable) levels. The few hundred million that goes to card fraud in the U.K. is a tiny fraction of the amount spent on cards. But the money earned through this fraud, while not a big deal to the banks, may well lead to larger social problems that do not figure in the banks’ cost-benefit analysis, which is why we should still try to reduce it even if it doesn’t make business sense for our particular organisations or systems.
One the authors other observations is that “Meanwhile, the Internet itself is need of a major overhaul if it is to endure as a grassroots communication channel and a commercial transactions channel… The trick will be to tighten the internet wtihout gutting its wonderful ability to empower the underclass and stir creativity and activism”. I agree entirely but — as has been discussed over on Digital Identity a couple of times — the trick is probably to leave the Internet alone and focus on an identity layer above it.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]