Monday, June 21, 2010

Visa to drop signatures on credit card purchases by 2013

From Secure Computing (Australia)
Current technology is too "easy" to skim.
In the biometrics arena one often finds oneself in conversation with a biometrics skeptic. That biometrics skeptics exist is only natural and, of course, the burden of persuasion is and should be on those making arguments against the status quo.

Biometrics skeptics should have a proper grasp of the status quo in order to understand what they are defending.

Is signing a piece of paper every time you make a credit card purchase secure?

Is paying with a check secure? Checks display home addresses, signatures, bank account numbers, and frequently, even more information.

Is accessing your home with a funny-shaped piece of metal secure?

Are these things easier or harder to forge than biometrics?

These questions aren't necessarily technological questions and the answers are highly dependent on non-technical factors.

Visa seems to believe that signatures are not secure (see article) for credit card transactions.

You can write a check to a family member, put it in a greeting card and mail it with minimal risk (depending upon the family member).

Using checks for mail-order is probably a bad idea.

I hear stories of towns "where nobody locks their doors." For these folks, the funny-shaped piece of metal is more than adequate. Others might want something a little more robust.

So the question of whether or not such-and-such biometric identity management technology is "secure" makes little sense without the corresponding question: "Compared to what?"