The Ashley Madison data breach was such a disaster for the company because it saved its customers' real names and credit card numbers. It didn't have to do it this way. It could have processed the credit card information, given the user access, and then deleted all identifying information. To be sure, it would have been a different company. It would have had less revenue, because it couldn't charge users a monthly recurring fee.
This seems to me the wrong way to solve the problem. The crazy thing about credit cards, social security numbers, and bank account numbers is that these numbers are supposed to be kept secret and private, and yet you need to constantly give them out to people. Everyone you write a check to gets your bank account number, every place you buy from gets a credit card number. This is insane.
The right way to solve this is that Visa and Master Card need to develop a standard to make super easy to generate a unique payment number everytime you make an online purchase. Then that should be built in as a browser extension or component. So I browse to a site, click to pay with my Visa card, and Visa automatically generates a unique code for that site and fills it in on the form.
Also it is insane that someone can steal my identity by simply knowing my social security card. The right way to solve this would be to have an indentity provider that has a short 10 second video of myself on file. Then, when I want to sign up for a credit card or bank account, I take a 10 second video of myself using my cell phone, granting approval to open the account. A staffer at the credit card company then compares the video with the video on file with the identity provider, and verifies that it matches. The identify provider also sends a message to an email address or mobile number on file, so that I am alerted that someone is opening an account in my name. Using these two simple safe guards, identity theft would be much, much harder. A video recording of a person is very hard to fake, much harder to fake than a signature.
A final key innovation would be if email providers would make it super-easy to generate aliases per site. I do this myself manually with fastmail, but if there was a simple browser extension that would automatically create an alias and fill in a form, that would be great, because I could have a unique address that all funnels into one place, for everything I sign up to.
>The right way to solve this would be to have an indentity provider that has a short 10 second video of myself on file. Then, when I want to sign up for a credit card or bank account, I take a 10 second video of myself using my cell phone, granting approval to open the account
What should those of us without smartphones do? Not to mention that this seems trivial, if not easier to break. I can find the target on Facebook and use a faceswap program to generate a video that looks good enough so that the $9.50/hr worker spending all day comparing faces, who doesn't quite care enough, accepts the video.
Is this a US specific thing? Why would you need to keep your SSN and bank account number private?
Ok, I know US citizens are not automatically given ID cards, so if everybody takes the SSN you give them at face value, I get that.
I don't understand the bank account especially. Like I have some automatically deducted monthly payments, but I remember I needed to specifically authorize the receiving account to be able to ask for the money with my bank.
With cards,the standards are starting to get there, i.e: I can enable with my bank that every time I use the card for internet payment, I need to confirm my identity with code they send me in sms. As far as I know, I could ask for different second factor of authentification, I know my dad has standard rsa token.
Unfortunately I had problem using this with some foreign site (I think it was Amazon?), so I had to disable it. I live in Czech Republic.
> Is this a US specific thing? Why would you need to keep your SSN and bank account number private?
For SSN, if you have good credit, you a SSN and a name is basically all that's needed to open a new account connected to your general credit record. If the account was opened in your name without your consent, it's a lot of work to get it disassociated from you.
For bank account numbers, most payments are processed through the 'automated clearing house', which is fancy check clearing. In the old days, maybe your bank would look at the check presented and return it without payment if they could tell it wasn't legitimate / your signature wasn't right. With an electronic withdrawl, there's not really any information provided to them to check anything.
The automatic withdrawal system has always seemed ridiculous to me because it inverts the dependency chain for my finances but still provides no one any guarantee they get their money.
It's a constant pain that there isn't a common standard scripting language for finances so I can automate this stuff sensibly.
If as a merchant you want something that works now, you can use Stripe - send identifying credit card info directly to Stripe without holding on to it yourself, and then ask it for a persistent customer ID that you can repeatedly charge.
You could still retrieve some identifying information through their API, but if you keep your account credentials somewhere separate from your database it's less likely for an attacker to get both.
I think you have identified better solutions than the current ones. What is more interesting is that many underlying processes already exist, for example any gmail address can be "customized" by adding "+<string>" to the end, Google ignores the +string and delivers it anyway. You can then filter on email sent to the +string value. Not everyone however accepts an email with + in the name part. Paypal has the ability to send you out to Paypal to authorize a payment, the vendor never sees your banking details. Their API works well and could be adopted by any bank if they chose. At Blekko we separated queries from IP addresses, from userid (if they were logged in). You could do it, still get ranking training data from it, and be completely unable to turn over "the last week of searches from this IP" to federal agencies. That was driven by the CTO.
So at the end of the day there is a lot of things which make data toxic easily avoidable, and it takes people at the company willing to invest in making the data "non-toxic" and to some extent non-useful to people outside the company.
> Not everyone however accepts an email with + in the name part.
It's beyond this. MOST email address forms won't accept a '+'. I had to change the extension character to '_' on my server because it's the only non-alphabetic character that everybody seems to accept.
That is an excellent solution as well. Qmail was pre-configured to work with '-' in the user string. But the use of subdomains would work as long as you could meet things like the Google DKIM checks.
Paypal is not a solution. They send my paypal email address to every merchant which is no different from the POV of fraud then sending any other identifying info. That's one thing I liked about Google Checkout, they had the option to send a one time email address.
Around here, the local payment system is inverted: the site generates a code for your order, and the user instructs their own bank to send money to that code.
That said, many banks - including in the US - can already generate single-use virtual CC numbers.
The right way to solve this is that Visa and Master Card need to develop a standard to make super easy to generate a unique payment number everytime you make an online purchase. Then that should be built in as a browser extension or component. So I browse to a site, click to pay with my Visa card, and Visa automatically generates a unique code for that site and fills it in on the form.
Blur[0] from Abine has this in their premium version. I have used it, and overall it worked well, but I had some password syncing issues and stopped using it.
A final key innovation would be if email providers would make it super-easy to generate aliases per site. I do this myself manually with fastmail, but if there was a simple browser extension that would automatically create an alias and fill in a form, that would be great, because I could have a unique address that all funnels into one place, for everything I sign up to.
Something like this can be done on FastMail using a catchall alias[1], but it requires a custom domain, and the domain could be used to link all the accounts to you.
I'm experimenting with it, but what happens when I forget a password and the email I used to sign up for it? A password manager is an option for that, but they have their own problems.
Edit: FastMail also has subdomain addressing[2]. I believe it works with all of the FastMail provided domains.
There's an interesting concept in here that governments should consider registering a personal identity TLD under their country codes, and just make it policy that everyone gets a unique one under their legal name + a word or phrase to avoid collisions.
Virtual credit card numbers have been around since the late 90s. Adoption has been essentially 0 because the UX sucks and credit card fraud is not the consumer's problem.
It is the consumer's problem for me. Because I travel a lot I get charges denied because the card company's computer decides the charge looks suspisious. I have to spend 20-40 minutes dealing with it on top of which I lose hotel reservations (last room available->charge denied->20-40 minutes to resolve->room gone) or I'm standing in a line to buy something, charge denied. Now I have to go somewhere quiet to spend the 20-40 minutes to resolve. Then get back in line. This happens about once a every 2 months. It's super annoying.
It's infuriating there's any chance for fraud at all when it seems like a solveable problem in 2015
Bank of America and Citi have virtual credit card numbers on a least some of their cards. I don't use it cause, why? It's a pain point to log in and generate a new one when I could just open up my password number and copy/paste the CC number. Especially when paying with PayPal or a site I've bought from before and already have my CC saved and I can just select it. It doesn't really effect me if someone steals my CC, I just call up the bank and they reverse unauthorized charges and send me a new one.
I always found it weird that in order to for my company to put money in my account electronically, they apparently need enough information to take money out. Why are these not two different levels of security?
There are already secure solutions today. When i make an online payment with my visa card with a new vendor based in my country, i get directed to the card issuer's website where i need to enter a one time code generated by putting the card in a keypad (which my bank issued), entering a starter code and my pincode and then reading the generated number off the keypad's display. Without the physical card and pincode no purchase from a new vendor is possible. In the physical store i need to input card and pin to use the secure chip on the card to sign the transaction.
Of course, then i go to the US and any random hobo on the street can charge me with just the card number and a scribble. The problem isn't that credit card companies don't know how to get rid of card fraud, it's that their customers like the convenience too much and won't let them do it.
The same thing for identity theft. In my country opening a bank account or getting a loan requires an id card, which is government issued and contains a digital certificate protected by a personal pin. Unless someone steals that card and knows your pin, they can't steal your identity.
These are easily solved problems. The reason they're not solved in the US is because the people won't allow them to be, or at least banks and government perceive it as such.
> The right way to solve this is that Visa and Master Card need to develop a standard to make super easy to generate a unique payment number everytime you make an online purchase. Then that should be built in as a browser extension or component.
There was a mechanism from the 1990s to do online payments without giving the merchant a reusable secret identifier.
With regard to SSN, the real issue is that it is used as both an identifier and as an authenticator. It's fine as an identifier, but authenticating with a number that anyone can steal (and yet, perversely, is difficult to replace with a new number) is terrible. I agree with your suggestion of some kind of biometric type authenticator, whether it be a video, retina scan, fingerprint, or some combination thereof.
Some payment gateways offer "gateway recurring billing" where the credit card data is stored at the gateway not on your most likely less secure servers. Ashley Madison could have done that and avoided some of the damage from the breach.
Most mobile payment solutions today operate on top of Tokens, with MasterCard, Visa, and Amex serving as Token Service Providers. Tokens appear similarly to current credit card numbers (not distinguishable in some cases). Each token is a unique number used for a payment, which the TSP then links to the card on file / credit card number. Merchants only ever have access to the Token.
Android Pay, that succeeded Google Wallet, uses such tokens.
This seems to me the wrong way to solve the problem. The crazy thing about credit cards, social security numbers, and bank account numbers is that these numbers are supposed to be kept secret and private, and yet you need to constantly give them out to people. Everyone you write a check to gets your bank account number, every place you buy from gets a credit card number. This is insane.
The right way to solve this is that Visa and Master Card need to develop a standard to make super easy to generate a unique payment number everytime you make an online purchase. Then that should be built in as a browser extension or component. So I browse to a site, click to pay with my Visa card, and Visa automatically generates a unique code for that site and fills it in on the form.
Also it is insane that someone can steal my identity by simply knowing my social security card. The right way to solve this would be to have an indentity provider that has a short 10 second video of myself on file. Then, when I want to sign up for a credit card or bank account, I take a 10 second video of myself using my cell phone, granting approval to open the account. A staffer at the credit card company then compares the video with the video on file with the identity provider, and verifies that it matches. The identify provider also sends a message to an email address or mobile number on file, so that I am alerted that someone is opening an account in my name. Using these two simple safe guards, identity theft would be much, much harder. A video recording of a person is very hard to fake, much harder to fake than a signature.
A final key innovation would be if email providers would make it super-easy to generate aliases per site. I do this myself manually with fastmail, but if there was a simple browser extension that would automatically create an alias and fill in a form, that would be great, because I could have a unique address that all funnels into one place, for everything I sign up to.