This makes it very easy for users to buy stuff from them once the users are logged into their systems. This design however has some serious flaws. A problem is that all the informations needed to withdraw money from your credit card is registered on each service provider. You have more or less handed out a master key to your bank account. Online trade is based on trust and although I do trust these sites not to misuse my creditcard details, they are just managed by humans and are therefore not perfect.
What I would like to see is some kind of token based credit card for the internet. For any site that would like to persist my credit card information I could create a token that they could use to withdraw money from my credit card in the future. This way I could remove their access to my credit card without closing the card entirely. If the token was compromised I could see from which site they got it.
If the tokens included knowledge of the site it was to be used with, it would also be possible for banks to invalidate all tokens issued for a specific site such as Playstation Network.
I just think the current creditcard technology on the net seems a bit outdated.
The idea resembles the OAuth standard for user authentication. Like it! I would also like to define the token to decide the max amount of money Apple would be able to withdraw from my credit card. :)
ReplyDelete