A Thought on Credit Card Security
I've been tossing around an idea that would in theory improve credit card security.
For each customer there are three account numbers. 1. A Keyed in Point of Sale Account Number, this account number would be rejected if scanned in or entered online. 2. A Scanned in Account number on the magnetic strip, this account number would be rejected if keyed in to a point of sale or entered online. 3. An account number used for online purchases, this account would be rejected for everything except online transactions.
How this would look to a consumer. They would have two cards.
The first card would have account number 1 printed on it, but account number 2 on the magnetic strip.
The second card would have account number 3 printed on it, but no magnetic strip.
What this would do from a security standpoint Card 1 could only be used for day to day purchases, not online purchases. If someone got a hold of the card but not the magnetic strip they would only enter it into POS perhaps making fraud easier to track because it's being keyed in. If someone got a hold of the magnetic strip number and imprinted it could be swiped but would fail if entered in via pos or the internet.
I'm making the assumption that a credit card thief is using one of two methods to aquire credit card data.
1. Recording the number printed on the card, probably the most basic for of credit card fraud it doesn't require any equipment.
2. Scanning the card with a magnetic strip reader, requires equipment. If someone used both methods and had a way to imprint the card this would counter the whole system, but it does make it harder for fraud.
This does however always prevent either account number from being used online.
Card 2 could only be used for online purchases. This would prevent an account number acquired online to be used for anything other than online transactions. I don't know if they already do this, but the IP of all online purchases should be recorded. In this case the card is kind of irrelevant it's only there for the customer.
Now one way to do this is to only use one credit card for in the world purchases and use another card only for internet transaction (or paypal) that way at least as a consumer you would know if fraudulent charges were occurring.
Anyhow I that's my train of thought on the matter.
One thing that could be added are emergency and travel cards.
Emergency cards would have an account number that worked no matter what. However there is the danger of people started using it as their primary card. If someone started making regular transactions on an emergency card their account could be flagged and the customer called.
Travel cards are only issued when traveling and deactivated after that so that a customer could use his card but not worry about his actual account being stolen. And it would be none if fraud was a result of the account being compromised during vacation or otherwise.
