Here's a what if
What if the credit card companies could sue for damages resulting from fraudulent purchases stemming from trojanned windows machines with keyloggers. That might make Microsoft push security a little harder.
They'd say "That's what if, byotch".
How could you tell that the card details used in the fraudulent purchase were obtained via a keylogger?
Whenever there's massive amounts of credit card fraud, they try to find what they all have in common. One case where the victims were spread all over the country involved a Rent-A-Wreck center in Florida that everyone had visited.
Online fraud could be greatly curtailed if the card companies would issue a card that could only be used on the internet and only in conjunction with a card scanner hooked to your pc.
I think one bank in the UK does something pretty clever for this.
Steve Jones (UK)
Citibank calls it a 'virtual number' and I believe American Express has something similar. Basically you generate a virtual number and that number can be used once or you can configure it to be re-occuring/expire after a given time period.
what about in person cc purchases? You'd be blown away at the sheer number (and moreover the maximum purchase price) of purchases I've made where no ID was necessary. I just swipe my card and voila, money spent. Whether tens or hundreds of dollars, no one seems to care. I am thinking of going around and pressing charges in a huge class-action lawsuit against i.e. Wal-Mart for not checking. Do you know how many purchases they must get that are fraudulent,given that I've never been ID'd there?
oh yeah, one more thing. I could show up at a store with a credit card that says only"check ID", and purchase something with a resale value way over $100. If I get ID'd, i just say,"you know, I've been told I look like my uncle, Ben Franklin, what do you think?" and hand it over. Most of those clerks are making $5.15/hr; I would guess that the resemblence would be pretty clear to them.
Fog Creek Home