Sunday, 1 November 2015

Talktalk breach tells us something about bank account security

Last week hackers broke into Internet and communications provider TalkTalk. This was bad for TalkTalk but also bad for banking.

One of the problems of ecommerce is that we are using a credit card system that is now 50+ years old. When it started almost no-one had a card, everything was on paper receipts and you had to present a card and have signature that looked a bit like the one on the card. Not today. Card not present fraud is big. Chip and pin has helped but the card industry is mostly electronic. The costs of transactions to the issuers have plummeted but the costs to retail and customers have mushroomed. Good business for the financial sector.

However lets get back to security. To make a payment via credit or debit card you need the following;

Your name
Your billing address
The delivery address
The card number
The expiry date
The security code number

In fact not just everything to make a payment but also everything someone needs to make a payment on your account. Whoever you buy anything with, no matter how casual or "one off" the payment, they have your details. If anyone, hacker, call centre worker or whoever can access your records they can make payments on your card. Hence the millions spent each year by business to secure the data, pay compensation and generally keep the bad guys away. This is hugely expensive security.

So I did an experiment. I often buy used DVDs from CeX at webuy.com . Unlike many retailers in the UK they accept the Bitcoin digital currency. Urban legend says that Bitcoin users are drug dealers, dark web merchants or criminals. So as a used DVD buyer I don't exactly fit the mould of the criminal classes. But lets think about this. To make a payment I need to provide CeX with the following;

My Name
Delivery Address

That's it. The payment is sent to their public address generated once only to make the payment. I push the payment to them so they don't need my payment details. They issue a receipt.

Whether or not you think Bitcoin is a banking revolution, will change the world or will make banke redundant is not relevant. This process of payment means my financial information is secure by default because I don't need to provide them. As it happens the merchant doesn't pay credit card fees either and it's just like using cash.

The key issue here is that if a merchant doesn't have your bank details they are secure. So obvious it is crazy. This could reduce fraud, save millions and make ecommerce much more secure for customers. If Amazon ever went for Bitcoin then consumers would immediately understand the benefits but most journalists like a good click bait story of fraud involving Bitcoin despite the fact that billions are stolen from credit cards every year.

I will continue to use Bitcoin for my DVD purchases if only to provide greater security to me on one retailers site. I wish others would go more secure and accept Bitcoin.

No comments:

Post a Comment