Wednesday, June 15, 2011

Token based credit cards

Like so many others I have an account on the playstation network. I also have accounts on iTunes and on Amazon. What these services have in common is that they save you credit card information on their servers so you don't have to type them every time you need to buy something from them.

This makes it very easy for users to buy stuff from them once the users are logged into their systems. This design however has some serious flaws. A problem is that all the informations needed to withdraw money from your credit card is registered on each service provider. You have more or less handed out a master key to your bank account. Online trade is based on trust and although I do trust these sites not to misuse my creditcard details, they are just managed by humans and are therefore not perfect.

What I would like to see is some kind of token based credit card for the internet. For any site that would like to persist my credit card information I could create a token that they could use to withdraw money from my credit card in the future. This way I could remove their access to my credit card without closing the card entirely. If the token was compromised I could see from which site they got it.
If the tokens included knowledge of the site it was to be used with, it would also be possible for banks to invalidate all tokens issued for a specific site such as Playstation Network.

I just think the current creditcard technology on the net seems a bit outdated.

1 comment:

  1. The idea resembles the OAuth standard for user authentication. Like it! I would also like to define the token to decide the max amount of money Apple would be able to withdraw from my credit card. :)